Spring Boot Security 取得登入者名稱 get login username

Spring Boot Security應用程式取得登入者名稱的方式如下。

透過SecurityContextHolder.getContext()可取得目前的Spring Security環境資訊SecurityContext，然後從中取得登入者的名稱。

例如下面在DemoController.getUsername()方法中取得使用者名稱。

DemoController

package com.abc.demo.controller;

import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class DemoController {

    @GetMapping(value = "/username")
    public String getUsername() {
        String username = SecurityContextHolder.getContext().getAuthentication().getName();
        System.out.println(username); // user
        return username;
    }
}

或是從Authentication取得Principal，也就是UserDetails再取得登入者名稱。

DemoController

package com.abc.demo.controller;

import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class DemoController {

    @GetMapping(value = "/username")
    public String getUsername() {

        Object object = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        String username = null;
        if (object instanceof UserDetails) {
            UserDetails userDetails = (UserDetails) object;
            username = userDetails.getUsername();
        }
        System.out.println(username); // user
        return username;
    }
}

或直接將驗證資訊Authentication注入至方法參數中。

DemoController

package com.abc.demo.controller;

import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class DemoController {

    @GetMapping(value = "/username")
    public String getUsername(Authentication authentication) {
        String username = authentication.getName();
        System.out.println(username); // user
        return username;
    }
}

或直接將Principal資訊Principal注入至方法參數中。

DemoController

package com.abc.demo.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import java.security.Principal;

@RestController
public class DemoController {

    @GetMapping(value = "/username")
    public String getUsername(Principal principal) {
        String username = principal.getName();
        System.out.println(username); // user
        return username;
    }
}

或是直接從HttpServletRequest.getUserPrincipal()取得Principal。

DemoController

package com.abc.demo.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;

@RestController
public class DemoController {

    @GetMapping(value = "/username")
    public String getUsername(HttpServletRequest request) {
        String username = request.getUserPrincipal().getName();
        System.out.println(username); // user
        return username;
    }
}

參考：

• Obtaining information about the current user
• Spring Security 什麼是Principal
• Spring Security UserDetailsService 用途
• Spring Security 什麼是 UsernamePasswordAuthenticationToken