1.概述
spring security对用户登录这里做个一个封装,程序中获取已登录用户和往常不同。百度了半天没有找到有用的东西,大部分博文写的东西都一样。索性自己尝试,下面分别说下在不同的场合如何获取登录用户。
2.在bean中获取user
最简单的方式是通过SecurityContextHolder。
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
String currentPrincipalName = authentication.getName();更加好的方式:
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof AnonymousAuthenticationToken)) {
String currentUserName = authentication.getName();
return currentUserName;
}这种获取的方法在跟spring security源码的时候可以看到。
3.在controller中获取user
在@controller注释的bean中可以将principal定义为方法的参数如下:
import java.security.Principal;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SecurityController {
@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String currentUserName(Principal principal) {
return principal.getName();
}
}或者你也可以这样。
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SecurityController {
@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String currentUserName(Authentication authentication) {
return authentication.getName();
}
}由于spring security的特殊性,它返回的对象为Object。我们需要强转为正确的userDetail实例:
UserDetails userDetails = (UserDetails) authentication.getPrincipal();
System.out.println("User has authorities: " + userDetails.getAuthorities());最直接的方式通过HttpServletRequest:
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class SecurityController {
@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String currentUserNameSimple(HttpServletRequest request) {
Principal principal = request.getUserPrincipal();
return principal.getName();
}
}这里头所说的几点都是常用的。大家可以挑看着顺眼的用。
4.通过自定义接口来获取user
这一点充分利用spring的依赖注入,在任何地方拿到用户的凭证信息。自定义接口如下:
public interface IAuthenticationFacade {
Authentication getAuthentication();
}
@Component
public class AuthenticationFacade implements IAuthenticationFacade {
@Override
public Authentication getAuthentication() {
return SecurityContextHolder.getContext().getAuthentication();
}
}
然后在需要获取的地方注入IAuthenticationFacade
@Controller
public class SecurityController {
@Autowired
private IAuthenticationFacade authenticationFacade;
@RequestMapping(value = "/username", method = RequestMethod.GET)
@ResponseBody
public String currentUserNameSimple() {
Authentication authentication = authenticationFacade.getAuthentication();
return authentication.getName();
}
}这对2中的获取进行了一次封装。
5.在jsp页面中获取user
这种方法和网上差的不多,为了全面就写上了。
首先在页面上引入:
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
然后这样:
authenticated as 6.学习需要记录
努力尝试才能找到自己真正需要的。