Spring Security-获取当前登录用户的详细信息
在Spring框架里面,可以通过以下几种方式获取到当前登录用户的详细信息:
1. 在Bean中获取用户信息
Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (!(authentication instanceof AnonymousAuthenticationToken)) { String currentUserName = authentication.getName(); return currentUserName; }
Spring Security框架提供了多种AuthenticationToken的派生类,根据自己的应用场景,可以对SecurityContextHolder里面的AuthenticationToken进行类型转换,如下:
UsernamePasswordAuthenticationToken authenticationToken = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); //details里面可能存放了当前登录用户的详细信息,也可以通过cast后拿到 User userDetails = (User) authenticationToken.getDetails();
PS. AuthenticationToken的类型转换同样适用于下面提到的Principal类。
2. 在Controller中获取用户信息
1.通过Principal参数获取:
import java.security.Principal; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @Controller public class SecurityController { @RequestMapping(value = "/username", method = RequestMethod.GET) @ResponseBody public String currentUserName(Principal principal) { return principal.getName(); } }
2.通过Authentication参数获取:
import org.springframework.security.core.Authentication; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @Controller public class SecurityController { @RequestMapping(value = "/username", method = RequestMethod.GET) @ResponseBody public String currentUserName(Authentication authentication) { return authentication.getName(); } }
3.通过HttpServletRequest获取
import java.security.Principal; import javax.servlet.http.HttpServletRequest; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @Controller public class SecurityController { @RequestMapping(value = "/username", method = RequestMethod.GET) @ResponseBody public String currentUserNameSimple(HttpServletRequest request) { Principal principal = request.getUserPrincipal(); return principal.getName(); } }
3. 通过Interface获取用户信息
通过Interface获取其实和第一种在Bean中获取用户信息是一样的,都是访问SecurityContextHolder获取的,只是进行了封装。
public interface IAuthenticationFacade { Authentication getAuthentication(); } @Component public class AuthenticationFacade implements IAuthenticationFacade { @Override public Authentication getAuthentication() { return SecurityContextHolder.getContext().getAuthentication(); } }
下面是使用方法:
@Controller public class SecurityController { @Autowired private IAuthenticationFacade authenticationFacade; @RequestMapping(value = "/username", method = RequestMethod.GET) @ResponseBody public String currentUserNameSimple() { Authentication authentication = authenticationFacade.getAuthentication(); return authentication.getName(); } }
