Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to get the current logged in user object from spring security?

Tags:

java

spring-mvc

spring

spring-security

I am using Spring security version 3.1.4.RELEASE. How can I access the current logged in user object?

SecurityContextHolder.getContext().getAuthentication().getPrinciple()

returns user name, not user object. So how can I use the returned Username and get the UserDetails object?

I have tried the following code:

public UserDetails getLoggedInUser(){      final Authentication auth = SecurityContextHolder.getContext().getAuthentication();     if (auth != null && auth.isAuthenticated() && !(auth instanceof AnonymousAuthenticationToken))     {         if(auth.getDetails() !=null)             System.out.println(auth.getDetails().getClass());         if( auth.getDetails() instanceof UserDetails)         {             System.out.println("UserDetails");         }         else         {             System.out.println("!UserDetails");         }     }     return null; }

Following is the result:

[2015-08-17 19:44:46.738] INFO  http-bio-8443-exec-423   System.out    class org.springframework.security.web.authentication.WebAuthenticationDetails  [2015-08-17 19:44:46.738] INFO  http-bio-8443-exec-423   System.out    !UserDetails

AuthenticationFilter class as follows:

public class CustomUsernamePasswordAuthenticationFilter extends AbstractAuthenticationProcessingFilter {     public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";     public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";     public static final String SPRING_SECURITY_LAST_USERNAME_KEY = "SPRING_SECURITY_LAST_USERNAME";     private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;     private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;     private boolean postOnly = true;      public CustomUsernamePasswordAuthenticationFilter() {         super("/j_spring_security_check");     }      public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {         if (postOnly && !request.getMethod().equals("POST")) {             throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());         }          String username = obtainUsername(request);         String password = obtainPassword(request);         if (username == null) {             username = "";         }         if (password == null) {             password = "";         }         username = username.trim();         UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);          // Allow subclasses to set the "details" property         setDetails(request, authRequest);         if(this.getAuthenticationManager()==null){             logger.info("Authentication manager is null.");         } else {             logger.info("Authentication manager was "+this.getAuthenticationManager().getClass().getName());          }         return this.getAuthenticationManager().authenticate(authRequest);     }      protected String obtainPassword(HttpServletRequest request) {         return request.getParameter(passwordParameter);     }      protected String obtainUsername(HttpServletRequest request) {         return request.getParameter(usernameParameter);     }      protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {         authRequest.setDetails(authenticationDetailsSource.buildDetails(request));     }      public void setUsernameParameter(String usernameParameter) {         this.usernameParameter = usernameParameter;     }      public void setPasswordParameter(String passwordParameter) {         this.passwordParameter = passwordParameter;     }      public void setPostOnly(boolean postOnly) {         this.postOnly = postOnly;     }      public final String getUsernameParameter() {         return usernameParameter;     }      public final String getPasswordParameter() {         return passwordParameter;     } }

AuthenticationProvider as follows:

@Component public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {     private MyUserDetailsService userDetailsService;      public MyUserDetailsService getUserDetailsService() {         return userDetailsService;     }      public void setUserDetailsService(MyUserDetailsService userDetailsService) {         this.userDetailsService = userDetailsService;     }      @Override     protected void additionalAuthenticationChecks(UserDetails arg0,             UsernamePasswordAuthenticationToken arg1)             throws AuthenticationException {      }      @Override     protected UserDetails retrieveUser(String arg0,             UsernamePasswordAuthenticationToken arg1)             throws AuthenticationException {         return userDetailsService.loadUserByUsername(arg0);     } }

UserDetails class as follows:

    public class MyUserDetailsService implements UserDetailsService {            private final Map<String, UserDetails> usersList;      public MyUserDetailsService() {         Collection<GrantedAuthority> authorityList;         final SimpleGrantedAuthority supervisorAuthority = new SimpleGrantedAuthority("supervisor");         final SimpleGrantedAuthority userAuthority = new SimpleGrantedAuthority("user");         usersList = new TreeMap<String, UserDetails>();          authorityList = new ArrayList<GrantedAuthority>();         authorityList.add(supervisorAuthority);         authorityList.add(userAuthority);         usersList.put("admin", new User("admin", "admin", authorityList));          authorityList = new ArrayList<GrantedAuthority>();         authorityList.add(userAuthority);         usersList.put("peter", new User("peter", "password123", authorityList));          //probably don't use this in production         for(Map.Entry<String, UserDetails> user : usersList.entrySet()){             logger.info(user.getValue().toString());         }     }      @Override     public UserDetails loadUserByUsername(String username)throws UsernameNotFoundException {         UserDetails ud = usersList.get(username);         if (ud != null) {             logger.info("loadUserByUsername: found match, returning "                     + ud.getUsername() + ":" + ud.getPassword() + ":"                     + ud.getAuthorities().toString());             return new User(ud.getUsername(), ud.getPassword(),                     ud.getAuthorities());         }          logger.info("loadUserByUsername: did not find match, throwing UsernameNotFoundException");         throw new UsernameNotFoundException(username);     } }
like image 938
Leejoy Avatar asked Aug 17 '15 13:08

Leejoy

People also ask

What is SecurityContextHolder getContext () getAuthentication ()?

The HttpServletRequest.getUserPrincipal() will return the result of SecurityContextHolder.getContext().getAuthentication() . This means it is an Authentication which is typically an instance of UsernamePasswordAuthenticationToken when using username and password based authentication.

What is user principal in Spring Security?

The principal is the currently logged in user. However, you retrieve it through the security context which is bound to the current thread and as such it's also bound to the current request and its session.

What is SecurityContextHolder in spring?

The SecurityContextHolder is a helper class, which provide access to the security context. By default, it uses a ThreadLocal object to store security context, which means that the security context is always available to methods in the same thread of execution, even if you don't pass the SecurityContext object around.

1 Answers

SecurityContextHolder.getContext().getAuthentication().getPrincipal();

Returns the current user object. This can be User, UserDetails or your custom user object. You will need to cast the return object to UserDetails or your own user object if it is a custom one.

OR you can inject Authentication or Principal directly in to your controllers. Principle is your UserDetails/custom user object.

Note: UserDetails is an interface

like image 145
sura2k Avatar answered Sep 29 '22 11:09

sura2k
Sign in to Comment

Related questions

Connection error: "org.jsoup.UnsupportedMimeTypeException: Unhandled content type"
Why Spring Boot 2.0 application does not run schema.sql?
Can a directory be added to the class path at runtime?
java.text.ParseException: Unparseable date "yyyy-MM-dd'T'HH:mm:ss.SSSZ" - SimpleDateFormat
Invalid use of argument matchers
Spring - Programmatically generate a set of beans
Java - String replace exact word
Usage of BufferedInputStream
What is the difference between data types and literals in Java?
How to set padding between columns of a JavaFX GridPane?
Ant compile doesn't copy the resources
Printing with "\t" (tabs) does not result in aligned columns
How to convert Mono<List<String>> into Flux<String>
Why is it not a good practice to synchronize on Boolean?
Key existence checking utility in Map
Is there a java hash structure with keys only and no values?
Way to make Java parent class method return object of child class
Can there exist two main methods in a Java program?
JavaFX FileChooser: how to set file filters?
How to get annotation class name, attribute values using reflection

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!