7-SpringSecurity:获取已登录的用户信息
lombok
true
org.springframework.boot
spring-boot-starter-test
test
[](()实验0:SecurityContext
SecurityContextHolder.getContext().getAuthentication() 可用于获取已认证的用户信息,它可以在应用程序的任何地方使用,而不仅仅是在控制器的处理程序方法中。
@GetMapping(value = “/”)
@ResponseBody
public String home() {
log.info(SecurityContextHolder.getContext().getAuthentication().toString());
return "Welcome " + SecurityContextHolder.getContext().getAuthentication();
}
接口响应:
Welcome org. springframework. security. authentication. UsernamePasswordAuthenticationToken@89d31be5: Principal: UserDto(id=1, username=dev, password=$2a 10 10 10IwyZkXIDuMJjmwBGyBuzlOKbpPN7cwL5sjWnYuSbWN9jL7lR9mv. a, realname=开发人员, mobile=null, enabled=true, accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=true, authorities=[p1, p2]); Credentials: [PROTECTED]; Authenticated: true; Details: org. springframework. security. web. authentication. WebAuthenticationDetails@957e: RemoteIpAddress: 127. 0. 0. 1; SessionId: 77882B1C1B69281C444F4FAC19035470; Granted Authorities: p1, p2
[](()实验1:Principal
接收 java.security.Principal 作为参数。
@GetMapping(value = “/”)
@ResponseBody
public String home(Principal principal) {
log.info(principal.toString());
return "Welcome " + principal.toString();
}
接口响应:
Welcome org. springframework. security. authentication. UsernamePasswordAuthenticationToken@89d31be5: Principal: UserDto(id=1, username=dev, password=$2a 10 10 10IwyZkXIDuMJjmwBGyBuzlOKbpPN7cwL5sjWnYuSbWN9jL7lR9mv. a, realname=开发人员, mobile=null, enabled=true, accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=true, authorities=[p1, p2]); Credentials: [PROTECTED]; Authenticated: true; Details: org. springframework. security. web. authentication. WebAuthenticationDetails@957e: RemoteIpAddress: 127. 0. 0. 1; SessionId: 77882B1C1B69281C444F4FAC19035470; Granted Authorities: p1, p2
[](()实验2:Authentication
接收 Authentication 对象作为参数, getPrincipal() 方法返回一个 java.util.Object ,因此在使用时需要进行强制转换。
@GetMapping(value = “/”)
@ResponseBody
public String home(Authentication authentication) {
log.info(authentication.getPrincipal().toString());
return "Welcome " + authentication.getPrincipal().toString();
}
接口响应:
Welcome UserDto(id=1, username=dev, password=$2a 10 10 10IwyZkXIDuMJjmwBGyBuzlOKbpPN7cwL5sjWnYuSbWN9jL7lR9mv. a, realname=开发人员, mobile=null, enabled=true, accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=true, authorities=[p1, p2])
[](()实验3:@AuthenticationPrincipal
当然,最理想的解决方案是直接拿来User对象来用,那么使用 @AuthenticationPrincipal 对其进行注解,以便它成为身份验证的主体。
@GetMapping(value = “/”)
@ResponseBody
public String home(@AuthenticationPrincipal UserDto user) {
log.info(user.toString());
return "Welcome " + user.toString();
}
接口响应:
Welcome UserDto(id=1, username=dev, password=$2a 10 10 10IwyZkXIDuMJjmwBGyBuzlOKbpPN7cwL5sjWnYuSbWN9jL7lR9mv. a, realname=开发人员, mobile=null, enabled=true, accountNonExpired=true, accountNonLocked=true, credentialsNonExpired=true, authorities=[p1, p2\ 《一线大厂Java面试题解析+后端开发学习笔记+最新架构讲解视频+实战项目源码讲义》无偿开源 威信搜索公众号【编程进阶路】 ])