Spring Security: Obtaining current username (i.e. SecurityContext) information in a bean?

over 10 years ago

0
4
Positive Vote
2
Negative Vote
2
Save Favourite
0
0
0
0
1.14k

Comment on it

Instead of calling static method inside the controller like below:

@RequestMapping(value="/welcome", method = RequestMethod.GET)
public String getUserDetails(ModelMap model) {
    Authentication authentication = SecurityContextHolder.getContext().
            getAuthentication();
    String name = authentication.getName();
    model.addAttribute("username", name);
    model.addAttribute("message", "Welcome to Spring");
    return "success";

}

We can configure the app to have the current SecurityContext, or current Authentication.

We can use the below method instead:

@RequestMapping(value="/welcome", method = RequestMethod.GET)
public String printWelcome(ModelMap model, Principal principal ) {

    String name = principal.getName();
    model.addAttribute("username", name);
    model.addAttribute("message", "Spring Security Hello World");
    return "hello";
}

From the below example you can see how we can retrieve logged in user's user-details:

spring-dispatcher-servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-3.0.xsd">
    <context:component-scan base-package="com.spring.controller" />
    <bean
      class="org.springframework.web.servlet.view.InternalResourceViewResolver">
      <property name="prefix">
        <value>/WEB-INF/pages/</value>
      </property>
      <property name="suffix">
        <value>.jsp</value>
      </property>
    </bean>

</beans>

Define the below configuration in your applicationContext-security.xml file

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <http auto-config="true">
        <intercept-url pattern="/welcome*" access="ROLE_USER" />

        <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed"/>
    </http>
    <authentication-manager>
      <authentication-provider>
        <user-service>
            <user name="Spring" password="123456" authorities="ROLE_USER" />
        </user-service>
      </authentication-provider>
    </authentication-manager>
</beans:beans>

Now define web.xml

<web-app id="WebApp&#95;ID" version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

    <display-name>Spring MVC Application</display-name>

    <!-- Spring MVC -->
    <servlet>
        <servlet-name>spring-dispatcher</servlet-name>
        <servlet-class>
           org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>spring-dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring-dispatcher-servlet.xml,
            /WEB-INF/applicationContext-security.xml
        </param-value>
    </context-param>
    <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
           org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
</web-app>

Now write your controller as below:

LoginController.java

package com.evon.controller;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
public class LoginController {

    @RequestMapping(value="/welcome", method = RequestMethod.GET)
    public String printWelcome(ModelMap model, Principal principal ) {

        String name = principal.getName();
        model.addAttribute("username", name);
        model.addAttribute("message", "Spring Security Hello World");
        return "hello";

    }

    @RequestMapping(value="/login", method = RequestMethod.GET)
    public String login(ModelMap model) {

        return "login";

    }

}

success.jsp

<html>
<body>
    <h3>${message}</h3>    
    <br />
    <h3>Username : ${username}</h3>    
</body>
</html>

Hope this will help you :)

Spring Security: Obtaining current username (i.e. SecurityContext) information in a bean?

0 Comment(s)

Comment on it

Unable to start Java!! Mr. Nerd figure out why..

Positive Votes

:)

:)

:)

Negative Votes

Delete Comment

Post Projects

Manage Company