Reputation: 1019
Store User object in session with Spring Security
Based on my understanding, there are a number of different ways to retrieve the authenticated username in Spring Security.
I'm currently grabbing the username by included the Principal as a controller method argument:
@RequestMapping(value = "/dashboard", method = RequestMethod.GET)
public ModelAndView displayHomePage(ModelAndView modelAndView, Principal principal) {
modelAndView.addObject("email", principal.getName());
// Render template located at src/main/resources/templates/dashboard.html
modelAndView.setViewName("dashboard");
return modelAndView;
}
Does Spring Security offer an easy way for me to store the User object into the session so it can be easily retrieved by any controller method?
I want to avoid performing a DB lookup each time:
// Lookup user in database by e-mail
User user = userService.findUserByEmail(principal.getName());
I'm using Spring Security 4.2.
Upvotes: 6
Views: 18817
Answers (2)
Reputation: 1646
Spring Security provides you with a static method for quickly and easy access:
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
String name = auth.getName();
Or
User user = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String name = user.getUsername();
Maybe you would like do this in a base abstract class
public abstract class BaseController {
protected User getCurrentUser() {
return (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
}
}
...
public YourController extends BaseController {
...
}
Update
If you want to store the current authenticated user in session, then you need store only first time in a object as suggested by @gkatzioura.
@Component
@Scope("session")
public class MySessionInfo {
private User user;
protected User getCurrentUser() {
if (user == null) {
user = userService.findUserByEmail(SecurityContextHolder.getContext().getAuthentication().getPrincipal().getName());
}
return user;
}
}
You can inject this bean in yours controllers like
@Autowired
private MySessionInfo mySessionInfo;
You must take care about cases when user is not logged, but this is another problem.
Upvotes: 9
Reputation: 2820
You can always use the methods that spring security provides to get basic information such as name, authorities and everything provided by the Authentication.class.
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
authentication.getAuthorities();
authentication.getName();
But if you want more information, using a session bean to store the information is also a good idea.
@Component
@Scope("session")
public class UserInfo { .. }
Upvotes: 0
Related Questions
- Spring Security access any user Authentication object
- Storing User Information into session, Spring Security
- Keep a user session on Spring MVC
- how to use session inside UserDetailsService in spring security?
- How to manage a custom user object in session when Spring Security authenticates user?
- How to manage session in Spring Boot with Spring Security?
- Populate user session after login
- Get User details from Session in Spring Security
- Set User Object in session using Spring
- How To Save Spring Security Logged In User In Session