Spring Security - 获取当前登录用户的详细信息

短命女 2023-02-19 08:27 9阅读 0赞

# Spring Security - 获取当前登录用户的详细信息 #

在Spring框架里面，可以通过以下几种方式获取到当前登录用户的详细信息：

## 1. 在`Bean`中获取用户信息 ##

Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (!(authentication instanceof AnonymousAuthenticationToken)) { 
        String currentUserName = authentication.getName();
        return currentUserName;
    }
    
      
       
      
       
        1
        2
        3
        4
        5

`Spring Security`框架提供了多种`AuthenticationToken`的派生类，根据自己的应用场景，可以对`SecurityContextHolder`里面的`AuthenticationToken`进行类型转换，如下：

UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
    //details里面可能存放了当前登录用户的详细信息，也可以通过cast后拿到
    User userDetails = (User) authenticationToken.getDetails();
    
      
       
      
       
        1
        2
        3

PS. `AuthenticationToken`的类型转换同样适用于下面提到的`Principal`类。

## 2. 在`Controller`中获取用户信息 ##

1.  通过`Principal`参数获取：

import java.security.Principal;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    import org.springframework.web.bind.annotation.ResponseBody;

@Controller  
public class SecurityController \{

@RequestMapping(value = "/username", method = RequestMethod.GET)
 @ResponseBody
 public String currentUserName(Principal principal) {
 return principal.getName();
 }

*  1
 *  2
 *  3
 *  4
 *  5
 *  6
 *  7
 *  8
 *  9
 *  10
 *  11
 *  12
 *  13
 *  14
 *  15

1.  通过`Authentication`参数获取：

import org.springframework.security.core.Authentication;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    import org.springframework.web.bind.annotation.ResponseBody;

@Controller  
public class SecurityController \{

@RequestMapping(value = "/username", method = RequestMethod.GET)
 @ResponseBody
 public String currentUserName(Authentication authentication) {
 return authentication.getName();
 }

*  1
 *  2
 *  3
 *  4
 *  5
 *  6
 *  7
 *  8
 *  9
 *  10
 *  11
 *  12
 *  13
 *  14
 *  15

1.  通过`HttpServletRequest`获取

import java.security.Principal;
    import javax.servlet.http.HttpServletRequest;
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    import org.springframework.web.bind.annotation.ResponseBody;

@Controller  
public class SecurityController \{

@RequestMapping(value = "/username", method = RequestMethod.GET)
 @ResponseBody
 public String currentUserNameSimple(HttpServletRequest request) {
 Principal principal = request.getUserPrincipal();
 return principal.getName();
 }

*  1
 *  2
 *  3
 *  4
 *  5
 *  6
 *  7
 *  8
 *  9
 *  10
 *  11
 *  12
 *  13
 *  14
 *  15
 *  16
 *  17

## 3. 通过`Interface`获取用户信息 ##

通过`Interface`获取其实和第一种在`Bean`中获取用户信息是一样的，都是访问`SecurityContextHolder`获取的，只是进行了封装。

public interface IAuthenticationFacade { 
 Authentication getAuthentication();
 }
 @Component
 public class AuthenticationFacade implements IAuthenticationFacade { 
 @Override
 public Authentication getAuthentication() {
 return SecurityContextHolder.getContext().getAuthentication();
 }

*  1
 *  2
 *  3
 *  4
 *  5
 *  6
 *  7
 *  8
 *  9
 *  10
 *  11

下面是使用方法：

@Controller
 public class SecurityController { 
 @Autowired
 private IAuthenticationFacade authenticationFacade;
 @RequestMapping(value = "/username", method = RequestMethod.GET)
 @ResponseBody
 public String currentUserNameSimple() {
 Authentication authentication = authenticationFacade.getAuthentication();
 return authentication.getName();
 }

*  1
 *  2
 *  3
 *  4
 *  5
 *  6
 *  7
 *  8
 *  9
 *  10
 *  11
 *  12

## 4. 在`JSP`页面中获取用户信息 ##

要使用`Spring Security`的标签特性，首先要在`JSP`页面引入`Security`的`tag`：

<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
 
 
 
 
 
 1

通过以下方式可以获取到当前登录用户：

<security:authorize access="isAuthenticated()">
 authenticated as <security:authentication property="principal.username" /> 
 </security:authorize>
 
 
 
 
 
 1
 2
 3

更多`JSTL`的语法可以参考：[https://docs.spring.io/spring-security/site/docs/5.0.0.RELEASE/reference/pdf/spring-security-reference.pdf][https_docs.spring.io_spring-security_site_docs_5.0.0.RELEASE_reference_pdf_spring-security-reference.pdf]

注意这是`Spring Security 5.0`的版本，其他版本可以从[https://docs.spring.io/spring-security/site/docs/][https_docs.spring.io_spring-security_site_docs]这里选择。

参考链接: [http://www.baeldung.com/get-user-in-spring-security][http_www.baeldung.com_get-user-in-spring-security]

</div>

[https_docs.spring.io_spring-security_site_docs_5.0.0.RELEASE_reference_pdf_spring-security-reference.pdf]: https://docs.spring.io/spring-security/site/docs/5.0.0.RELEASE/reference/pdf/spring-security-reference.pdf
[https_docs.spring.io_spring-security_site_docs]: https://docs.spring.io/spring-security/site/docs/
[http_www.baeldung.com_get-user-in-spring-security]: http://www.baeldung.com/get-user-in-spring-security