如何在 Spring Boot 中找出当前登录的用户?
[英]How to find out the currently logged-in user in Spring Boot?
问题描述
In this Spring Boot application there is a web service, which returns some data for a logged-in user:
在这个 Spring Boot 应用程序中有一个 Web 服务,它为登录用户返回一些数据:
@RequestMapping("/resource")
public Map<String, Object> home() {
Map<String, Object> model = new HashMap<String, Object>();
model.put("id", UUID.randomUUID().toString());
model.put("content", "Hello World");
return model;
}
Imagine, the return value of the method depends on what user is currently logged in.想象一下,该方法的返回值取决于当前登录的用户。
How can I find out, which user is logged in in that method?我怎样才能知道哪个用户登录了该方法?
9 个解决方案
解决方案1
143 已采纳 2015-07-01 11:35:52
As per request:按要求:
Spring Boot which uses Spring Security internally provides a SecurityContextHolder class which allows the lookup of the currently authenticated user via: 内部使用Spring Security 的Spring Boot 提供了一个SecurityContextHolder类,它允许通过以下方式查找当前经过身份验证的用户:
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
The authentication instance now provides the following methods: 身份验证实例现在提供以下方法:
- Get the username of the logged in user:
getPrincipal()获取登录用户的用户名: getPrincipal() - Get the password of the authenticated user:
getCredentials()获取认证用户的密码: getCredentials() - Get the assigned roles of the authenticated user:
getAuthorities()获取已认证用户的分配角色: getAuthorities() - Get further details of the authenticated user:
getDetails()获取经过身份验证的用户的更多详细信息: getDetails()
解决方案2
47 2018-08-21 07:56:25
Since Spring Security 3.2 you can get currently logged in user (your implementation of UserDetails ) by adding a parameter inside your controller method:从 Spring Security 3.2 开始,您可以通过在控制器方法中添加参数来获取当前登录的用户(您的UserDetails实现):
import org.springframework.security.web.bind.annotation.AuthenticationPrincipal;
@RequestMapping("/resource")
public Map<String, Object> home(@AuthenticationPrincipal User user) {
..
}
Replace User with the name of your class which implements UserDetails interface.将User替换为实现UserDetails接口的类的名称。
Edit :编辑:
Since Spring Security 4.0 annotation was moved to a different package:由于 Spring Security 4.0 注释被移动到一个不同的包:
import org.springframework.security.core.annotation.AuthenticationPrincipal;
Addendum :附录:
This will work even in WebFlux reactive environment versus the SecurityContextHolder.getContext().getAuthentication() which won't work because of paradigm shift from thread per request model to multiple requests per thread.即使在WebFlux反应式环境中,这也可以工作,而SecurityContextHolder.getContext().getAuthentication()由于范式从每个请求模型的线程转移到每个线程的多个请求而不起作用。
解决方案3
16 2017-09-13 11:38:42
You can simply use HttpServletRequest also to get user principle,您也可以简单地使用 HttpServletRequest 来获取用户原则,
using HttpServletRequest request,使用 HttpServletRequest 请求,
String user=request.getUserPrincipal().getName();
解决方案4
12 2017-11-28 07:34:19
One way is to add java.security.Principal as a parameter as follows:一种方法是将java.security.Principal添加为参数,如下所示:
@RequestMapping("/resource")
public Map<String, Object> home(Principal principal) {
Map<String, Object> model = new HashMap<String, Object>();
model.put("id", UUID.randomUUID().toString());
model.put("content", "Hello " + principal.getName());
return model;
}
解决方案5
7 2020-09-10 11:22:51
Since version 5.2 you can use CurrentSecurityContext annotation:从 5.2 版开始,您可以使用CurrentSecurityContext注释:
@GetMapping("/hello")
public String hello(@CurrentSecurityContext(expression="authentication?.name")
String username) {
return "Hello, " + username + "!";
}
解决方案6
3 2019-10-12 16:07:42
In Spring boot v2.1.9.RELEASE if you are trying to get the name, email , given_name you can get those details from Pricipal.在 Spring boot v2.1.9.RELEASE 中,如果您尝试获取姓名、电子邮件、given_name,您可以从 Pricipal 获取这些详细信息。 Note: I am using spring security with google oauth2注意:我在 google oauth2 中使用 spring security
Map<String , Object> userDetails = ((DefaultOidcUser)SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getAttributes(); System.out.println(userDetails.get("name")); System.out.println(userDetails.get("email")); System.out.println(userDetails.get("given_name"));
解决方案7
2 2018-09-06 19:05:10
Recently using Keycloak authentication server and accessing currently logged-in user data is accessible like this最近使用 Keycloak 身份验证服务器并访问当前登录的用户数据可以这样访问
String userID;
KeycloakPrincipal kcPrincipal = getPrincipal();
KeycloakSecurityContext ksContext = kcPrincipal.getKeycloakSecurityContext();
IDToken idToken = ksContext.getToken();
userID = idToken.getName();
解决方案8
1 2018-05-02 11:40:25
Im using spring boot 2.0 with OAuth so I'm doing it like this我使用带有 OAuth 的 spring boot 2.0 所以我这样做
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
Object pricipal = auth.getPrincipal();
String user="";
if (pricipal instanceof DefaultOidcUser) {
user = ((DefaultOidcUser) pricipal).getName();
}
解决方案9
-2 2021-03-19 08:40:16
You can find the currently logged in user name without using any spring Security features.您可以在不使用任何 spring 安全功能的情况下找到当前登录的用户名。 All you need is a jdk 1.8您只需要一个 jdk 1.8
Do the following :请执行下列操作 :
@RequestMapping("/login")
@Override
public ModelAndView AuthChecker(@RequestParam("email") String email, @RequestParam("password") String password, Customers cust) {
ModelAndView mv = new ModelAndView("index");
if((repo.findByEmail(email)!=null) && (repo.findByPassword(password)!=null)) {
List<Customers> l= repo.findAll();
cust = (Customers) l.stream()
.filter(x -> email.equals(x.getEmail()))
.findAny()
.orElse(null);
mv.addObject("user",cust.getName());
mv.setViewName("DashBoardRedirect");
return mv;
Once name fetched successfully, you can use the same in any jsp/thymeleaf view.成功获取名称后,您可以在任何 jsp/thymeleaf 视图中使用相同的名称。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.