Spring Security应用开发(12) 获取已登录用户信息

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Security应用开发(12) 获取已登录用户信息相关的知识,希望对你有一定的参考价值。

1.1. 获取已登录用户信息

 

在使用Spring Security的应用程序中,可以通过SecurityContext接口获取到已经登录的用户的信息。SecurityContext接口的实例通过SecurityContextHolder的静态方法getContext()获取。

通过SecurityContext可以获取到Authentication接口的实例,而通过Authentication接口可以获取到:

principal:主角,通常是一个UserDetails接口的实例,而默认就是User对象。

credentials:凭证,通常是密码。

authorities:用户拥有的角色列表。

detailsWebAuthenticationDetails,包含IP地址和Session ID等信息。

 

 

一个典型的用于展示上述用户登录信息的代码如下:

@Controller

@RequestMapping("/home")

public class HomeController {

 

@RequestMapping("/")

public ModelAndView  index(){

ModelAndView  mv = new ModelAndView();

mv.addObject("message", "Hello,welcome!");

 

SecurityContext  sc = SecurityContextHolder.getContext();

mv.addObject("sc", sc);

 

 

Object principal = sc.getAuthentication().getPrincipal();

if(principal instanceof UserDetails){

UserDetails  userDetails = (UserDetails)principal;

mv.addObject("userDetails", userDetails);

 

for(GrantedAuthority authority :userDetails.getAuthorities()){

System.out.println(authority.getAuthority() +" , " + authority.getClass().getCanonicalName());

}

}

else {

String username = (String)principal.toString();

mv.addObject("username", username);

}

 

mv.setViewName("home/index");

return mv;

}

}

 

 

jsp页面如下:

<c:if test="${username!=null }">

<p>Username:${username}</p>

</c:if>

 

<p>

<br />SecurityContext: ${sc.getClass()}

<br />Authentication:  ${sc.authentication.getClass()}

<br />Credentials:     ${sc.authentication.credentials}

<br />Details:         ${sc.authentication.details}

</p>

 

<p>

 

<c:if test="${userDetails!=null }">

UserDetails: ${userDetails.getClass()}

<table>

<tr><td>username</td><td>${userDetails.username }</td></tr>

<tr><td>password</td><td>${userDetails.password }</td></tr>

</table>

 

Authorities:

${userDetails.authorities }

<ul>

<c:forEach    var="item" items="${userDetails.authorities}" varStatus="index" >

 <li>${index.index}/${index.count}:${item.authority},${item.getClass()}</li>

</c:forEach>

</ul>

</c:if>

 

 

 

运行结果如下:

SecurityContext: class org.springframework.security.core.context.SecurityContextImpl

Authentication: class org.springframework.security.authentication.UsernamePasswordAuthenticationToken

Credentials:

Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: DE77CC038C592F5C301C605654436BEE

 

UserDetails: class org.springframework.security.core.userdetails.User

 

username zhangsan

password

Authorities: [ROLE_TEST, ROLE_TEST2, ROLE_USER]

0/1:ROLE_TEST,class org.springframework.security.core.authority.SimpleGrantedAuthority

1/2:ROLE_TEST2,class org.springframework.security.core.authority.SimpleGrantedAuthority

2/3:ROLE_USER,class org.springframework.security.core.authority.SimpleGrantedAuthority

 

以上是关于Spring Security应用开发(12) 获取已登录用户信息的主要内容,如果未能解决你的问题,请参考以下文章

Spring-Security-Facebook 插件,Facebook 登录错误

Spring Security应用开发(12) 获取已登录用户信息

grails spring-security-oauth-facebook:0.2

Spring Security与Tomcat基本授权冲突

Grails Spring Security注释问题

验证 Auth0 令牌 - Spring Security