在Bean中获取用户信息
1
2
3
4
5
|
Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (!(authentication instanceof AnonymousAuthenticationToken)) { String currentUserName = authentication.getName(); return currentUserName; } |
Spring Security
框架提供了多种 AuthenticationToken
的派生类,根据自己的应用场景,可以对 SecurityContextHolder
里面的 AuthenticationToken
进行类型转换,如下:
1
2
3
|
UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); // details里面存放了当前登录用户的详细信息 User userDetails = (User) authenticationToken.getDetails(); |
PS. AuthenticationToken的类型转换同样适用于下面提到的Principal类。
在Controller中获取用户信息
- 通过Principal参数获取:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
import java.security.Principal; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @RestController public class SecurityController { @GetMapping (value = "/username" ) public String currentUserName(Principal principal) { return principal.getName(); } } |
- 通过Authentication参数获取:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
import org.springframework.security.core.Authentication; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @RestController public class SecurityController { @GetMapping ( "/username" ) @ResponseBody public String currentUserName(Authentication authentication) { return authentication.getName(); } } |
- 通过HttpServletRequest获取
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
import java.security.Principal; import javax.servlet.http.HttpServletRequest; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @RestController public class SecurityController { @GetMapping ( "/username" ) public String currentUserNameSimple(HttpServletRequest request) { Principal principal = request.getUserPrincipal(); return principal.getName(); } } |
通过 Interface 获取用户信息
注意:IAuthenticationFacade 这个接口在springboot2.1.0中已不存在了
通过 Interface 获取其实和第一种在 Bean 中获取用户信息是一样的,都是访问 SecurityContextHolder 获取的,只是进行了封装。
1
2
3
4
5
6
7
8
9
10
11
|
public interface IAuthenticationFacade { Authentication getAuthentication(); } @Component public class AuthenticationFacade implements IAuthenticationFacade { @Override public Authentication getAuthentication() { return SecurityContextHolder.getContext().getAuthentication(); } } |
下面是使用方法:
1
2
3
4
5
6
7
8
9
10
11
|
@RestController public class SecurityController { @Autowired private IAuthenticationFacade authenticationFacade; @GetMapping ( "/username" ) public String currentUserNameSimple() { Authentication authentication = authenticationFacade.getAuthentication(); return authentication.getName(); } } |
在JSP页面中获取用户信息
要使用 Spring Security 的标签特性,首先要在 JSP 页面引入 Security 的 tag:
1
|
<%@ taglib prefix= "security" uri= "http://www.springframework.org/security/tags" %> |
通过以下方式可以获取到当前登录用户:
1
2
3
|
< security:authorize access = "isAuthenticated()" > authenticated as < security:authentication property = "principal.username" /> </ security:authorize > |
到此这篇关于详解Spring Security中获取当前登录用户的详细信息的几种方法的文章就介绍到这了,更多相关Spring Securit获取登录用户信息内容请搜索服务器之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持服务器之家!
原文链接:https://juejin.cn/post/7094951023080374285