Reputation:
How to differentiate users in web application
How to differentiate users, after they log in into their account, in the way that they cannot see and edit other users' data? Is it a good approach to remember somehow user id during logging procedure and then make queries like WHERE user_id=x? or is there any other smart way?
Basically, I am using spring framework for logging procedure, but I am not really advanced user of this framework. After user log in they have to insert some informations about themselves to the database (i.e. name, surname, e-mail etc) and fill in their timetables. I don't really know how to get id of current user to let them edit and insert only their own data.
Upvotes: 0
Views: 365
Answers (2)
Reputation: 300
You can always get the current logged in user using SecurityContextHolder. SecurityContextHolder has the logged in user for the current thread.
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null && !authentication.getPrincipal().toString().equalsIgnoreCase("anonymous")) {
User loggedInUser = (User) authentication.getPrincipal();
}
Upvotes: 0
Reputation: 399
yes, you should store their user id in a session variable (if you don't know what sessions are look those up too)
Upvotes: 1
Related Questions
- How to handle authentication/authorization with users in a database?
- Authentication of users from two database tables in Spring Security
- User class for Spring Security application
- Only one user accessible spring security
- How to implement different type of users in Spring Security
- Spring Security + Hibernate authentication
- Spring Security 3.2 separate data between users
- Spring MVC multi user application
- How can I provide security in a web-application by jdbcRealm when I have few user tables
- spring security with custom user details