Spring Security应用开发(12) 获取已登录用户信息
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Security应用开发(12) 获取已登录用户信息相关的知识,希望对你有一定的参考价值。
1.1. 获取已登录用户信息
在使用Spring Security的应用程序中,可以通过SecurityContext接口获取到已经登录的用户的信息。SecurityContext接口的实例通过SecurityContextHolder的静态方法getContext()获取。
通过SecurityContext可以获取到Authentication接口的实例,而通过Authentication接口可以获取到:
principal:主角,通常是一个UserDetails接口的实例,而默认就是User对象。
credentials:凭证,通常是密码。
authorities:用户拥有的角色列表。
details:WebAuthenticationDetails,包含IP地址和Session ID等信息。
一个典型的用于展示上述用户登录信息的代码如下:
@Controller @RequestMapping("/home") public class HomeController { @RequestMapping("/") public ModelAndView index(){ ModelAndView mv = new ModelAndView(); mv.addObject("message", "Hello,welcome!"); SecurityContext sc = SecurityContextHolder.getContext(); mv.addObject("sc", sc); Object principal = sc.getAuthentication().getPrincipal(); if(principal instanceof UserDetails){ UserDetails userDetails = (UserDetails)principal; mv.addObject("userDetails", userDetails); for(GrantedAuthority authority :userDetails.getAuthorities()){ System.out.println(authority.getAuthority() +" , " + authority.getClass().getCanonicalName()); } } else { String username = (String)principal.toString(); mv.addObject("username", username); } mv.setViewName("home/index"); return mv; } }
jsp页面如下:
<c:if test="${username!=null }"> <p>Username:${username}</p> </c:if> <p> <br />SecurityContext: ${sc.getClass()} <br />Authentication: ${sc.authentication.getClass()} <br />Credentials: ${sc.authentication.credentials} <br />Details: ${sc.authentication.details} </p> <p> <c:if test="${userDetails!=null }"> UserDetails: ${userDetails.getClass()} <table> <tr><td>username</td><td>${userDetails.username }</td></tr> <tr><td>password</td><td>${userDetails.password }</td></tr> </table> Authorities: ${userDetails.authorities } <ul> <c:forEach var="item" items="${userDetails.authorities}" varStatus="index" > <li>${index.index}/${index.count}:${item.authority},${item.getClass()}</li> </c:forEach> </ul> </c:if>
运行结果如下:
SecurityContext: class org.springframework.security.core.context.SecurityContextImpl
Authentication: class org.springframework.security.authentication.UsernamePasswordAuthenticationToken
Credentials:
Details: org.sprin[email protected]b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: DE77CC038C592F5C301C605654436BEE
UserDetails: class org.springframework.security.core.userdetails.User
username zhangsan
password
Authorities: [ROLE_TEST, ROLE_TEST2, ROLE_USER]
0/1:ROLE_TEST,class org.springframework.security.core.authority.SimpleGrantedAuthority
1/2:ROLE_TEST2,class org.springframework.security.core.authority.SimpleGrantedAuthority
2/3:ROLE_USER,class org.springframework.security.core.authority.SimpleGrantedAuthority
以上是关于Spring Security应用开发(12) 获取已登录用户信息的主要内容,如果未能解决你的问题,请参考以下文章
Spring-Security-Facebook 插件,Facebook 登录错误
Spring Security应用开发(12) 获取已登录用户信息