在Spring框架里面,可以通過以下幾種方式獲取到當前登錄用戶的詳細信息:
1. 在Bean中獲取用戶信息
Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (!(authentication instanceof AnonymousAuthenticationToken)) { String currentUserName = authentication.getName(); return currentUserName; }
Spring Security框架提供了多種AuthenticationToken的派生類,根據自己的應用場景,可以對SecurityContextHolder里面的AuthenticationToken進行類型轉換,如下:
UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); //details里面可能存放了當前登錄用戶的詳細信息,也可以通過cast后拿到 User userDetails = (User) authenticationToken.getDetails();
PS. AuthenticationToken的類型轉換同樣適用於下面提到的Principal類。
2. 在Controller中獲取用戶信息
1.通過Principal參數獲取:
import java.security.Principal; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @Controller public class SecurityController { @RequestMapping(value = "/username", method = RequestMethod.GET) @ResponseBody public String currentUserName(Principal principal) { return principal.getName(); } }
2.通過Authentication參數獲取:
import org.springframework.security.core.Authentication; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @Controller public class SecurityController { @RequestMapping(value = "/username", method = RequestMethod.GET) @ResponseBody public String currentUserName(Authentication authentication) { return authentication.getName(); } }
3.通過HttpServletRequest獲取
import java.security.Principal; import javax.servlet.http.HttpServletRequest; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @Controller public class SecurityController { @RequestMapping(value = "/username", method = RequestMethod.GET) @ResponseBody public String currentUserNameSimple(HttpServletRequest request) { Principal principal = request.getUserPrincipal(); return principal.getName(); } }
3. 通過Interface獲取用戶信息
通過Interface獲取其實和第一種在Bean中獲取用戶信息是一樣的,都是訪問SecurityContextHolder獲取的,只是進行了封裝。
public interface IAuthenticationFacade { Authentication getAuthentication(); } @Component public class AuthenticationFacade implements IAuthenticationFacade { @Override public Authentication getAuthentication() { return SecurityContextHolder.getContext().getAuthentication(); } }
下面是使用方法:
@Controller public class SecurityController { @Autowired private IAuthenticationFacade authenticationFacade; @RequestMapping(value = "/username", method = RequestMethod.GET) @ResponseBody public String currentUserNameSimple() { Authentication authentication = authenticationFacade.getAuthentication(); return authentication.getName(); } }