In my earlier articles I have written about the basic spring security mechanism and how to use the login form to redirect the users. Before jumping on to the advanced details on spring security, lets learn about how to get the currently logged in user details. This example illustrates how to get the user details in the controller using the spring security API. Also this examples redirect to the different landing pages depends on the user names. This example is important to understand the advanced topics in my future articles. I will not explain the basic details on how to setup the environment to get started, I assume that readers are aware of the Spring MVC framework. If you are not familiar with Spring framework, please read our articles on Spring MVC, Spring Interceptor and Spring AOP. Please subscribe here to receive the future articles.
org.springframework.security.core.Authentication provides the required API for retrieving the logged in user details. This class has the methods getAuthorities, getCredentials, getDetails, getPrincipal and getName. The last method getName is used for fetching the user name. You can try by executing the below example. The following snippet is another way we can query the user details:
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (principal instanceof UserDetails) { String username = ((UserDetails)principal).getUsername(); } else { String username = principal.toString(); }
In the above code, SecurityContextHolder is used for getting the context of the current thread. Note that this is the primary interface in spring security which stores the user details across the multiple requests. By obtaining this interface, you can easily get the details of the user.
File : mvc-dispatcher-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:component-scan base-package="com.spring.controller" /> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix"> <value>/WEB-INF/pages/</value> </property> <property name="suffix"> <value>.jsp</value> </property> </bean> </beans>
File : web.xml
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <display-name>Spring MVC Application</display-name> <!-- Spring MVC --> <servlet> <servlet-name>mvc-dispatcher</servlet-name> <servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>mvc-dispatcher</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/mvc-dispatcher-servlet.xml, /WEB-INF/spring-security.xml </param-value> </context-param> <!-- Spring Security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
File : spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <http auto-config="true"> <intercept-url pattern="/webapp*" access="ROLE_USER" /> </http> <authentication-manager> <authentication-provider> <user-service> <user name="Spring" password="Spring" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
File : SpringSecurityController.java
package com.spring.controller; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @Controller @RequestMapping("/webapp") public class SpringSecurityController { @RequestMapping(method = RequestMethod.GET) public String printWelcome(ModelMap model) { Authentication authentication = SecurityContextHolder.getContext(). getAuthentication(); String name = authentication.getName(); System.out.println("User Name : "+name); model.addAttribute("message", "User Name : " + name); return "hello"; } }
File : hello.jsp
<html> <body> <h1>Message : ${message}</h1> </body> </html>