1.在session中取得spring security的登录用户名如下

${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}

spring security 把SPRING_SECURITY_CONTEXT 放入了session 没有直接把username 放进去。

下面一段代码主要描述的是session中的存的变量

view plaincopy to clipboardprint?

存跳转时候的URL

session {SPRING_SECURITY_SAVED_REQUEST_KEY=SavedRequest[http://localhost:8080/AVerPortal/resourceAction/resourceIndex.action]}

存的是登录成功时候session中存的信息

session {SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@87b16984: Authentication: org.springframework.security.providers.cas.CasAuthenticationToken@87b16984: Principal: com.avi.casExtends.UserInfo@ff631d80: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: AE56E8925195DFF4C50ABD384574CCEA; Granted Authorities: ROLE_ADMIN Assertion: org.jasig.cas.client.validation.AssertionImpl@661a11 Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2, userName=test}

存跳转时候的URL

session {SPRING_SECURITY_SAVED_REQUEST_KEY=SavedRequest[http://localhost:8080/AVerPortal/resourceAction/resourceIndex.action]}

存的是登录成功时候session中存的信息

session {SPRING_SECURITY_CONTEXT=org.springframework.security.context.SecurityContextImpl@87b16984: Authentication: org.springframework.security.providers.cas.CasAuthenticationToken@87b16984: Principal: com.avi.casExtends.UserInfo@ff631d80: Username: test; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@12afc: RemoteIpAddress: 127.0.0.1; SessionId: AE56E8925195DFF4C50ABD384574CCEA; Granted Authorities: ROLE_ADMIN Assertion: org.jasig.cas.client.validation.AssertionImpl@661a11 Credentials (Service/Proxy Ticket): ST-3-1lX3acgZ6HNgmhvjXuxB-cas, userId=2, userName=test}

2.在页面端用tag获取

<%@ taglib prefix='security' uri='http://www.springframework.org/security/tags'%>

<security:authentication property="principal.username"></security:authentication>

或者

<security:authorize ifAllGranted="ROLE_ADMIN">

<security:authentication property="principal.username"></security:authentication>

</security:authorize>

或者取session中的值

session.SPRING_SECURITY_CONTEXT.authentication.principal.username等同于

3.在后台获取

UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()

.getAuthentication()

.getPrincipal();

userDetails.getUsername()

想要获取更多的信息得扩展userDetails的默认实现类user类和UserDetailsService接口

由于springsecurity是把整个user信息放入session中的即:session.SPRING_SECURITY_CONTEXT.authentication.principal

这个就是代表着user对象

因此我做了扩展增加user里的信息 加上userId

代码如下:扩展user

  • expand sourceview plaincopy to clipboardprint?

    package com.avi.casExtends;

import org.springframework.security.GrantedAuthority;

import org.springframework.security.userdetails.User;

public class UserInfo extends User{

private static final long serialVersionUID = 1L;

private String userId;  

@SuppressWarnings("deprecation")

public UserInfo(String username, String password, boolean enabled, GrantedAuthority[] authorities)

    throws IllegalArgumentException {

    super(username,password, enabled, authorities);

}  

public String getUserId() {

    return userId;

}  

public void setUserId(String userId) {

    this.userId = userId;

}  

public static long getSerialVersionUID() {

    return serialVersionUID;

}

}

package com.avi.casExtends;

import org.springframework.security.GrantedAuthority;

import org.springframework.security.userdetails.User;

public class UserInfo extends User{

private static final long serialVersionUID = 1L;

private String userId;

@SuppressWarnings("deprecation")

public UserInfo(String username, String password, boolean enabled, GrantedAuthority[] authorities)

throws IllegalArgumentException {

super(username,password, enabled, authorities);

}

public String getUserId() {

return userId;

}

public void setUserId(String userId) {

this.userId = userId;

}

public static long getSerialVersionUID() {

return serialVersionUID;

}

}

实现userDetailsservice接口

  • expand sourceview plaincopy to clipboardprint?

    package com.avi.casExtends;

import java.util.HashMap;

import java.util.List;

import java.util.Map;

import org.springframework.dao.DataAccessException;

import org.springframework.security.GrantedAuthority;

import org.springframework.security.GrantedAuthorityImpl;

import org.springframework.security.userdetails.UserDetails;

import org.springframework.security.userdetails.UserDetailsService;

import org.springframework.security.userdetails.UsernameNotFoundException;

import com.avi.dao.AccountDao;

import com.avi.data.User;

public class UserInfoService implements UserDetailsService{

private AccountDao accountDao;

private Map<String, UserInfo> userMap = null;  

public UserInfoService() {  

}

public void fillMap(){

     userMap = new HashMap<String, UserInfo>();

     List<User> users = accountDao.findAllUsers();

     UserInfo userInfo = null;

     for(User user:users){

        userInfo = new UserInfo(user.getUserName(),user.getPassword(),true,new GrantedAuthority[]{

            new GrantedAuthorityImpl(user.getRole()),

        });

        userInfo.setUserId(user.getId().toString());  

         userMap.put(user.getUserName(), userInfo);

     }

}  

public UserDetails loadUserByUsername(String username)

    throws UsernameNotFoundException, DataAccessException {

    if(userMap==null)

        fillMap();

    return userMap.get(username);

}  

public AccountDao getAccountDao() {

    return accountDao;

}  

public void setAccountDao(AccountDao accountDao) {

    this.accountDao = accountDao;

}  

public Map<String, UserInfo> getUserMap() {

    return userMap;

}  

public void setUserMap(Map<String, UserInfo> userMap) {

    this.userMap = userMap;

}

}

package com.avi.casExtends;

import java.util.HashMap;

import java.util.List;

import java.util.Map;

import org.springframework.dao.DataAccessException;

import org.springframework.security.GrantedAuthority;

import org.springframework.security.GrantedAuthorityImpl;

import org.springframework.security.userdetails.UserDetails;

import org.springframework.security.userdetails.UserDetailsService;

import org.springframework.security.userdetails.UsernameNotFoundException;

import com.avi.dao.AccountDao;

import com.avi.data.User;

public class UserInfoService implements UserDetailsService{

private AccountDao accountDao;

private Map<String, UserInfo> userMap = null;

public UserInfoService() {

}

public void fillMap(){

  userMap = new HashMap<String, UserInfo>();

     List<User> users = accountDao.findAllUsers();

     UserInfo userInfo = null;

     for(User user:users){

      userInfo = new UserInfo(user.getUserName(),user.getPassword(),true,new GrantedAuthority[]{

       new GrantedAuthorityImpl(user.getRole()),

      });

      userInfo.setUserId(user.getId().toString());

         userMap.put(user.getUserName(), userInfo);

     }

}

public UserDetails loadUserByUsername(String username)

    throws UsernameNotFoundException, DataAccessException {

 if(userMap==null)

  fillMap();

    return userMap.get(username);

}

public AccountDao getAccountDao() {

return accountDao;

}

public void setAccountDao(AccountDao accountDao) {

this.accountDao = accountDao;

}

public Map<String, UserInfo> getUserMap() {

return userMap;

}

public void setUserMap(Map<String, UserInfo> userMap) {

this.userMap = userMap;

}

}

private AccountDao accountDao;是注入进来的查数据库的类

然后修改XML文件指定所要用到的service

  • expand sourceview plaincopy to clipboardprint?

${session.SPRING_SECURITY_CONTEXT.authentication.principal.username}

===================================== 分割线 ======================================

根据以上内容,在扩展了自己的user之后,可以在自己的Thymeleaf下面做一些事情了。

admin

sucess

(转)SpringSecurity扩展User类,获取Session的更多相关文章

  1. 一个简单的C#获取Session、设置Session类文件

    一个简单的C#获取Session.设置Session类文件,本类主要实现大家最常用的两个功能: 1.GetSession(string name)根据session名获取session对象: 2.Se ...

  2. asp.net 类库中获取session c#类中获取session

    asp.net  类库中获取session c#类中获取session 1. 先引入命名空间 using System.Web; using System.Web.SessionState; 在使用H ...

  3. 教你在Java的普通类中轻松获取Session以及request中保存的值

    曾经有多少人因为不知如何在业务类中获取自己在Action或页面上保存在Session中值,当然也包括我,但是本人已经学到一种办法可以解决这个问题,来分享下,希望对你有多多少少的帮助! 如何在Java的 ...

  4. spring 普通类获取四大作用域request、applicationContext、session、page

    几乎所有web应用容器都提供了四种类似Map的结构:application session request page,Jsp或者Servlet通过向着这四个对象放入数据,从而实现Jsp和Servlet ...

  5. SQLServer中使用扩展事件获取Session级别的等待信息以及SQLServer 2016中Session级别等待信息的增强

    本文出处:http://www.cnblogs.com/wy123/p/6835939.html 什么是等待 简单说明一下什么是等待:当应用程序对SQL Server发起一个Session请求的时候, ...

  6. spring的普通类中获取session和request对像

    在使用spring时,经常需要在普通类中获取session,request等对像. 1.第一钟方式,针对Spring和Struts2集成的项目: 在有使用struts2时,因为struts2有一个接口 ...

  7. jeecg中的一个上下文工具类获取request,session

    通过调用其中的方法可以获取到request和session,调用方式如下: HttpServletRequest request = ContextHolderUtils.getRequest();H ...

  8. SpringBoot 封装返回类以及session 添加获取

    1.创建返回类Result public class Result<T>{ /*错误码*/ private Integer code; /*提示信息 */ private String m ...

  9. spring在普通类中获取session和request

    在使用spring时,经常需要在普通类中获取session,request等对像.比如一些AOP拦截器类,在有使用struts2时,因为struts2有一个接口使用org.apache.struts2 ...

随机推荐

  1. Jvm支持的最大线程数

    摘自 http://blog.csdn.net/xyls12345/article/details/26482387 JVM最大线程数 (2012-07-04 23:20:15) 转载▼ 标签: jv ...

  2. [vivado系列]设置Xilinx Documention Navigator

    版本:2015.1 ------------------------------------------ 这是一个很便利FPGA工程师的文档整理收纳神器. 针对个人使用上的习惯,进行简单的2项设置. ...

  3. 深入理解js——一切都是对象

    "一切皆对象" 当然也不是所有的都是对象,值类型(undefined,number,string,boolean)就不是对象:而函数.对象.数组.null.new Number(1 ...

  4. Ruby-调用windows窗体

    发现SharpDevelop 也支持Ruby ,特别是可以直接把winform的控件直接用在 require "mscorlib" require "System.Win ...

  5. mysql事务处理用法与实例详解

    来源:转载  MySQL的事务支持不是绑定在MySQL服务器本身,而是与存储引擎相关1.MyISAM:不支持事务,用于只读程序提高性能 2.InnoDB:支持ACID事务.行级锁.并发 3.Berke ...

  6. xUtils框架的使用

    xUtils简介 xUtils 包含了很多实用的android工具,xUtils 源于Afinal框架,对Afinal进行了大量重构,使得xUtils支持大文件上传,更全面的http请求协议支持,拥有 ...

  7. Intellij_idea-14官方快捷键中文版

    编辑类: Ctrl+Space 基本代码实例(类.方法.变量) Ctrl + Shift + Space 智能代码实例(根据需要的类型过滤方法和变量) Ctrl + Shift + Enter 完整的 ...

  8. 一个简单的SNTP客户端

    借鉴于python网络编程攻略 #/usr/local/bin/python3.5 #coding:utf-8 import socket, struct, time NTP_server = &qu ...

  9. JavaScript密码复杂度

    <!DOCTYPE html><html><head lang="en"> <meta charset="UTF-8" ...

  10. 电梯多媒体WinForm项目Q&A总结

    最近,我给一家公司做了个电梯多媒体软件,该软件使用C#编写,现在我将其中遇到的问题及其解决方法总结一下,以便下次再遇到同样的问题可以快速解决:同时,也给博友分享一下,共同学习,共同提高. 1.Ques ...