In some scenarios we need to get who the current user is? If you are using Spring Secrity as a security framework you can get the current user by using the following means.
Either in stateful Session mode or in the popular JWT mode you can use
SecurityContext to get the current user.
Of course, this approach is not rigorous enough, if the interface allows anonymous access is likely to return an anonymous user, and anonymous users can not be obtained directly through
getName, so we need to optimize the above logic.
In fact, I usually use this approach the most. I like to use an abstract parent controller to encapsulate the method of getting the current user.
java.security.Principal object can also get the current user information, in Spring Security this object is represented as
Authentication object, if we define
Principal object in Spring MVC interface we can also get the current user.
Authentication object is also possible.
Many times we customize the user object
UserDetails , we can get the custom
UserDetails object for the current user by using the annotation
@AuthenticationPrincipal provided by Spring Security 4.0. If
CustomUser is an implementation of
UserDetails, then we can do this.
It could be simpler.
CustomUser to contain a
It is even possible to customize an annotation.
Spring Security 5 provides a new annotation
@CurrentSecurityContext to get the current user’s security context, which you can do.
Of course you can also declare SpEL expressions with the
expression parameter to get other properties, such as getting the
getUserPrincipal() method of
HttpServletRequest is said to work, but I haven’t used it, so if you’re interested, try getting it directly from the method in the Spring Security framework.
Today we have summarized the various ways how to get the current user in Spring Security, each of them has slightly different scenarios, you can choose the most suitable scenario for your application based on these listings.