Spring Security 相关资料整理:获取登陆用户
2015-01-09 11:53
267 查看
获取登陆用户名:
JSP中用sec标签:
<sec:authentication property="name"></sec:authentication>
controller 中从HttpServeletRequest 参数得到:
request.getUserPrincipal().getName();
springSecurity 有个叫 SecurityContextHolder的类,里面有静态方法,可以拿到authentitaion,进而可以拿到principal等对象
使用taglib在页面显示登陆用户名:
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<div>username : <sec:authentication property="name"/></div>
获得当前登陆用户对象:
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()
.getAuthentication()
.getPrincipal();
或:
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal instanceof UserDetails) {
String username = ((UserDetails)principal).getUsername();
} else {
String username = principal.toString();
}
获得当前登陆用户所拥有的权限:
GrantedAuthority[] authorities = userDetails.getAuthorities();
但是SS 过滤器执行完之后,org.springframework.security.web.context.SecurityContextPersistenceFilter 类会调用SecurityContextHolder.clearContext(),这样SecurityContextHolder就被清空了,所以 在JSP中的SecurityContextHolder会返回NULL
解决方法:
在经过Spring Security认证之后,Security会把一个SecurityContextImpl对象存储到session中,这个对象中存有当前用户的信息。
SecurityContextImpl securityContextImpl = (SecurityContextImpl) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
//登录名
System.out.println("Username:" + securityContextImpl.getAuthentication().getName());
//登录密码,未加密的
System.out.println("Credentials:" + securityContextImpl.getAuthentication().getCredentials());
WebAuthenticationDetails details = (WebAuthenticationDetails)securityContextImpl.getAuthentication().getDetails();
//获得访问地址
System.out.println("RemoteAddress" + details.getRemoteAddress());
//获得sessionid
System.out.println("SessionId" + details.getSessionId());
//获得当前用户所拥有的权限
List<GrantedAuthority> authorities = (List<GrantedAuthority>)securityContextImpl.getAuthentication().getAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
System.out.println(“Authority” + grantedAuthority.getAuthority());
}
在spring security3 获取所有的登录用户
import java.text.Format;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;
@Component("getUser")
public class GetUser {
@Autowired
//利用spring注入后就可以取所有登录用户,不能加static属性,否则会取不到
private SessionRegistry sessionRegistry;
private Format ft = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
public void findlgUser() {
List<Object> slist = sessionRegistry.getAllPrincipals();
String json = "共 " + slist.size() + " 用户登录,服务器时间:" + ft.format(new Date()) + "\n";
for(int i=0; i<slist.size(); i++) {
User u =
(org.springframework.security.core.userdetails.User) slist.get(i);
json = json + "第 " + (i+1) + " 个用户 => " +
"用户名:" + u.getUsername() + "\n";
//第二个参数表示是否取单点登录时,超出限制而被弹出用户
List<SessionInformation> ilist = sessionRegistry.getAllSessions(slist.get(i), true);
json = json + "----" + ilist.size() + " 处登录\n";
for(int j=0; j<ilist.size(); j++) {
SessionInformation sif = ilist.get(j);
json = json + "--------" + (j+1) +
" 最后访问时间:" + ft.format(sif.getLastRequest()) +
" session:" + sif.getSessionId() +
" 限制登录:" + sif.isExpired() + "\n";
//强制退出1.将其限制,2.将其移除,使用第一种比较好
//sif.expireNow();
//sessionRegistry.removeSessionInformation(sif.getSessionId());
}
}
out.println(json);
}
}
在JSF的ManagedBean中获得request session对象以及写入和读取的method:
获得request对象:
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext ec = context.getExternalContext();
HttpServletRequest request = (HttpServletRequest)ec.getRequest();
获得session对象:
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext ec = context.getExternalContext();
HttpSession session = (HttpSession) ec.getSession(true);
写入session:
FacesContext.getCurrentInstance().getExternalContext().getSession(true);
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().
put(key[String],value[object]);
读取session:
public String getTestSession()String testSession =FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get("usersession").toString();
System.out.println(testSession);
return testSession;
}
JSP中用sec标签:
<sec:authentication property="name"></sec:authentication>
controller 中从HttpServeletRequest 参数得到:
request.getUserPrincipal().getName();
springSecurity 有个叫 SecurityContextHolder的类,里面有静态方法,可以拿到authentitaion,进而可以拿到principal等对象
使用taglib在页面显示登陆用户名:
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<div>username : <sec:authentication property="name"/></div>
获得当前登陆用户对象:
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()
.getAuthentication()
.getPrincipal();
或:
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal instanceof UserDetails) {
String username = ((UserDetails)principal).getUsername();
} else {
String username = principal.toString();
}
获得当前登陆用户所拥有的权限:
GrantedAuthority[] authorities = userDetails.getAuthorities();
但是SS 过滤器执行完之后,org.springframework.security.web.context.SecurityContextPersistenceFilter 类会调用SecurityContextHolder.clearContext(),这样SecurityContextHolder就被清空了,所以 在JSP中的SecurityContextHolder会返回NULL
解决方法:
在经过Spring Security认证之后,Security会把一个SecurityContextImpl对象存储到session中,这个对象中存有当前用户的信息。
SecurityContextImpl securityContextImpl = (SecurityContextImpl) request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
//登录名
System.out.println("Username:" + securityContextImpl.getAuthentication().getName());
//登录密码,未加密的
System.out.println("Credentials:" + securityContextImpl.getAuthentication().getCredentials());
WebAuthenticationDetails details = (WebAuthenticationDetails)securityContextImpl.getAuthentication().getDetails();
//获得访问地址
System.out.println("RemoteAddress" + details.getRemoteAddress());
//获得sessionid
System.out.println("SessionId" + details.getSessionId());
//获得当前用户所拥有的权限
List<GrantedAuthority> authorities = (List<GrantedAuthority>)securityContextImpl.getAuthentication().getAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
System.out.println(“Authority” + grantedAuthority.getAuthority());
}
在spring security3 获取所有的登录用户
import java.text.Format;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;
@Component("getUser")
public class GetUser {
@Autowired
//利用spring注入后就可以取所有登录用户,不能加static属性,否则会取不到
private SessionRegistry sessionRegistry;
private Format ft = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
public void findlgUser() {
List<Object> slist = sessionRegistry.getAllPrincipals();
String json = "共 " + slist.size() + " 用户登录,服务器时间:" + ft.format(new Date()) + "\n";
for(int i=0; i<slist.size(); i++) {
User u =
(org.springframework.security.core.userdetails.User) slist.get(i);
json = json + "第 " + (i+1) + " 个用户 => " +
"用户名:" + u.getUsername() + "\n";
//第二个参数表示是否取单点登录时,超出限制而被弹出用户
List<SessionInformation> ilist = sessionRegistry.getAllSessions(slist.get(i), true);
json = json + "----" + ilist.size() + " 处登录\n";
for(int j=0; j<ilist.size(); j++) {
SessionInformation sif = ilist.get(j);
json = json + "--------" + (j+1) +
" 最后访问时间:" + ft.format(sif.getLastRequest()) +
" session:" + sif.getSessionId() +
" 限制登录:" + sif.isExpired() + "\n";
//强制退出1.将其限制,2.将其移除,使用第一种比较好
//sif.expireNow();
//sessionRegistry.removeSessionInformation(sif.getSessionId());
}
}
out.println(json);
}
}
在JSF的ManagedBean中获得request session对象以及写入和读取的method:
获得request对象:
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext ec = context.getExternalContext();
HttpServletRequest request = (HttpServletRequest)ec.getRequest();
获得session对象:
FacesContext context = FacesContext.getCurrentInstance();
ExternalContext ec = context.getExternalContext();
HttpSession session = (HttpSession) ec.getSession(true);
写入session:
FacesContext.getCurrentInstance().getExternalContext().getSession(true);
FacesContext.getCurrentInstance().getExternalContext().getSessionMap().
put(key[String],value[object]);
读取session:
public String getTestSession()String testSession =FacesContext.getCurrentInstance().getExternalContext().getSessionMap().get("usersession").toString();
System.out.println(testSession);
return testSession;
}
相关文章推荐
- VC中枚举进程,及获取进程相关信息的资料整理
- 整合Spring Security3,在JSP中获取当前登陆用户信息
- 获取spring security用户相关信息
- [WWF]相关资料整理
- API 获取当前登陆用户的名字和机器名
- dnn 模块 获取服务器端路径、获取用户ID、需要登陆才能访问的页面的处理
- epoll相关资料整理
- AIX相关资料(未整理)
- C#和VB.NET中类型相关资料整理
- 跨域登陆相关资料
- HttpSessionBindingListener获取在线用户数,同一用户登陆一次
- 在delphi程序中实现QQ用户的Web登陆并获取个人信息
- VC下获取各个驱动器路径,分类及其获取其信息的资料整理
- j2se相关资料整理
- JAVA编程相关资料(初学整理合集)
- 一些Winodws mobile相关资料的整理
- [WCF]相关资料整理
- 枚举进程,及其进程相关信息的资料整理
- 有关ASP.NET如果获取登陆用户信息问题
- CAS如何在服务器端的登陆成功页面获取登陆用户帐号的方法