blocks|key|383154|text|尝试从HttpServletRequest调用getUserPrincipal()。|type|unstyled|depth|inlineStyleRanges|entityRanges|offset|length|data|383155|entityMap|0|LINK|mutability|MUTABLE|url|http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal%2528%2529^0|N|I|0|0^^$0|@$1|2|3|4|5|6|7|L|8|@]|9|@$A|M|B|N|1|O]]|C|$]]|$1|D|3|-4|5|6|7|P|8|@]|9|@]|C|$]]]|E|$F|$5|G|H|I|C|$J|K]]]]

Try to call <a href="http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal%28%29" rel="nofollow noreferrer">getUserPrincipal()</a> from HttpServletRequest.

blocks|key|599099|text|您可以尝试如下所示：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|599100|Collection<SimpleGrantedAuthority>+authorities+=+(Collection<SimpleGrantedAuthority>)++++SecurityContextHolder.getContext().getAuthentication().getAuthorities();|code-block|syntax|javascript|599101|您在权限变量中有角色的集合。|599102|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|L|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|M|8|@]|9|@]|A|$]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

You can try something like this:

<pre><code>Collection&lt;SimpleGrantedAuthority&gt; authorities = (Collection&lt;SimpleGrantedAuthority&gt;) SecurityContextHolder.getContext().getAuthentication().getAuthorities();
</code></pre>

You have the collection of roles in the authorities variable.

blocks|key|383224|text|要完成这两个答案...|type|unstyled|depth|inlineStyleRanges|entityRanges|data|383225|下面是getUserPrincipal的一个Spring安全实现，因此您可以看到getUserPrincipal实际上是SecurityContextHolder|offset|length|style|CODE|383226|public+Principal+getUserPrincipal()+{
++++Authentication+auth+=+getAuthentication();

++++if+((auth+==+null)+%7C%7C+(auth.getPrincipal()+==+null))+{
++++++++return+null;
++++}
++++return+auth;
}

//+And+the+getAuthentication
private+Authentication+getAuthentication()+{
++++Authentication+auth+=+SecurityContextHolder.getContext().getAuthentication();

++++if+(!trustResolver.isAnonymous(auth))+{
++++++++return+auth;
++++}
++++return+null;
}|code-block|syntax|javascript|383227|entityMap^0|0|3|G|14|G|1O|L|0|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|P|8|@$D|Q|E|R|F|G]|$D|S|E|T|F|G]|$D|U|E|V|F|G]]|9|@]|A|$]]|$1|H|3|I|5|J|7|W|8|@]|9|@]|A|$K|L]]|$1|M|3|-4|5|6|7|X|8|@]|9|@]|A|$]]]|N|$]]

To complete both answers...

Here is a Spring security implementation of <code>getUserPrincipal</code>, so you can see that the <code>getUserPrincipal</code> actually is <code>SecurityContextHolder</code>

<pre><code>public Principal getUserPrincipal() {
 Authentication auth = getAuthentication();

 if ((auth == null) || (auth.getPrincipal() == null)) {
 return null;
 }
 return auth;
}

// And the getAuthentication
private Authentication getAuthentication() {
 Authentication auth = SecurityContextHolder.getContext().getAuthentication();

 if (!trustResolver.isAnonymous(auth)) {
 return auth;
 }
 return null;
}
</code></pre>

blocks|key|599202|text|我已经为我的项目创建了一个自定义的hasRole函数。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|599203|public+static+boolean+hasRole+(String+roleName)
{
++++return+SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream()
++++++++++++.anyMatch(grantedAuthority+->+grantedAuthority.getAuthority().equals(roleName));
}|code-block|syntax|javascript|599204|entityMap^0|H|7|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@$9|N|A|O|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|P|8|@]|D|@]|E|$I|J]]|$1|K|3|-4|5|6|7|Q|8|@]|D|@]|E|$]]]|L|$]]

I've created a custom <code>hasRole</code> function for my project.

<pre><code>public static boolean hasRole (String roleName)
{
 return SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream()
 .anyMatch(grantedAuthority -&gt; grantedAuthority.getAuthority().equals(roleName));
}
</code></pre>

blocks|key|599253|text|这可能会对某些人有所帮助。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|599254|import+org.springframework.security.core.Authentication;
import+org.springframework.web.bind.annotation.GetMapping;
import+org.springframework.ui.Model;
import+org.springframework.security.core.userdetails.User;
++++
++++@GetMapping("/home")
++++public+String+getHomePage(Authentication+authentication,+Model+model)+{
++++++++User+u+=+(User)+authentication.getPrincipal();
++++++++model.addAttribute("cu",+u);
++++++++return+"sb/homePage";
++++}|code-block|syntax|javascript|599255|在模板Thymeleaf中：|599256|Current+user:
++++<div+th:if="${cu}">
++++++++Username:+[[${cu.username}]]
++++++++Password:+[[${cu.password}]]
++++++++Role:+[[${cu.authorities[0]}]]
++++++++Enabled:+[[${cu.enabled}]]
++++++++Full:+[[${cu}]]
++++</div>
++++<div+th:unless="${cu}">
++++++++Not+logged-in!
++++</div>|599257|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|N|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|O|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|P|8|@]|9|@]|A|$E|F]]|$1|K|3|-4|5|6|7|Q|8|@]|9|@]|A|$]]]|L|$]]

This may help someone.
<pre><code>import org.springframework.security.core.Authentication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.ui.Model;
import org.springframework.security.core.userdetails.User;
 
 @GetMapping(&quot;/home&quot;)
 public String getHomePage(Authentication authentication, Model model) {
 User u = (User) authentication.getPrincipal();
 model.addAttribute(&quot;cu&quot;, u);
 return &quot;sb/homePage&quot;;
 }
</code></pre>
And in template Thymeleaf:
<pre><code>Current user:&lt;/br&gt;
 &lt;div th:if=&quot;${cu}&quot;&gt;
 Username: [[${cu.username}]]&lt;/br&gt;
 Password: [[${cu.password}]]&lt;/br&gt;
 Role: [[${cu.authorities[0]}]]&lt;/br&gt;
 Enabled: [[${cu.enabled}]]&lt;/br&gt;
 Full: [[${cu}]]&lt;/br&gt;
 &lt;/div&gt;
 &lt;div th:unless=&quot;${cu}&quot;&gt;
 Not logged-in!
 &lt;/div&gt;
</code></pre>

I have loaded the roles from the database for the current user. And I can access the user role with spring security expression in JSP, and can hide the options and URLs which are not authorized with hasRole. Now I wanted to have it in the servlet and display it in the logs (or store in the user object session). How can we achieve it?

How can I get the current user roles from Spring security 3.1

数据库

我已经从数据库中为当前用户加载了角色。我可以在JSP中使用spring安全表达式来访问用户角色，并且可以隐藏未被hasRole授权的选项和URL。现在，我希望将它放在servlet中，并在日志中显示它(或存储在用户对象会话中)。我们如何才能做到这一点？

问如何从Spring security 3.1获取当前用户角色
EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何从Spring security 3.1获取当前用户角色EN

社区

活动

资源

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问如何从Spring security 3.1获取当前用户角色
EN