What Is Securitycontext As Well As Securitycontextholder Inwards Saltation Security?

The SecurityContext and SecurityContextHolder are 2 telephone substitution classes of Spring Security. The SecurityContext is used to shop the details of the currently authenticated user, equally good known equally a principle. So, if you lot cause got to acquire the username or whatever other user details, you lot require to acquire this SecurityContext first. The SecurityContextHolder is a helper class, which furnish access to the safety context. By default, it uses a ThreadLocal object to shop safety context, which agency that the safety context is e'er available to methods inwards the same thread of execution, fifty-fifty if you lot don't top the SecurityContext object around. Don't worry well-nigh the ThreadLocal retentiveness leak inwards spider web application though, Spring Security takes attention of cleaning ThreadLocal.

Btw, that's non the only way a SecurityContextHolder tin shop electrical current SecurityContext, it tin hold out configured amongst a strategy on startup to specify how you lot would the context to hold out stored. For example, you lot tin occupation SecurityContextHolder.MODE_GLOBAL strategy for a standalone application.

The key affair to larn is that how exercise you lot acquire the SecurityContext from the SecurityContextHolder? too so retrieving electrical current user details from that? For example, if you lot desire to know the username of the electrical current logged inwards user so how exercise you lot acquire that inwards Spring security?

In guild to acquire the electrical current username, you lot get-go require a SecurityContext, which is obtained from SecurityContextHolder. This SecurityContext expire along the user details inwards an Authentication object, which tin hold out obtained yesteryear calling getAuthentication() method.

Once you lot got the Authentication object, you lot tin either cast into UserDetails or occupation it equally it is. The UserDetails object is the i Spring Security uses to expire along user-related information.




How to acquire the electrical current logged-in Username inwards Spring Security

Here is the code to acquire the safety context inwards Spring security too obtain the mention of the currently logged inwards user:

Object master copy = SecurityContextHolder.getContext().getAuthentication().getPrincipal();  if (principal instanceof UserDetails) {   String username = ((UserDetails)principal).getUsername(); } else {   String username = principal.toString(); }

The object returned yesteryear getContext() is an illustration of the SecurityContext interface. This is the object that is stored inwards a thread-local storage.

The getPrincipal() method ordinarily render UserDetails object inwards Spring Security, which contains all the details of currently logged inwards user. Btw, if you lot are merely starting amongst Spring safety too non familiar amongst these concepts so Spring too dependency injection. So if you lot ever require to know electrical current logged-in user details e.g. inwards Spring MVC controller, I propose you lot declare a dependency too allow the Spring furnish you lot the Principal object, rather you lot querying for them too exercise a tightly coupled system.


Here is an illustration of that

import java.security.Principal; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody;  @Controller public class MVCController {    @RequestMapping(value = "/username", method = RequestMethod.GET)   @ResponseBody   public String currentUserName(Principal principal) {      return principal.getName();   }  }
Alternatively, you lot tin equally good enquire for Authentication object instead of a Principal object equally shown below:

import org.springframework.security.core.Authentication; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody;  @Controller public class SpringMVCController {    @RequestMapping(value = "/username", method = RequestMethod.GET)   @ResponseBody   public String currentUserName(Authentication authentication) {      return authentication.getName();   } }

If you lot desire to know to a greater extent than ways, you lot tin equally good meet my post well-nigh 3 ways to acquire the electrical current username inwards Spring Security, where I cause got discussed a duo of to a greater extent than ways to retrieve the electrical current username inwards Spring MVC controller.

That's all well-nigh what is safety context inwards Spring security too how you lot tin obtain a SecurityContext from SecurityContextHolder class. These are approximately of the telephone substitution classes, so you lot must hold out familiar amongst them.

The storage purpose i.e. SecurityContext is stored inwards ThreadLocal is optional, but it's equally good proficient to know the detail. Just remember, if you lot ever require user details e.g. username etc, you lot amend enquire for Principal or Authentication object inwards Spring MVC controller, rather than using SecurityContextHolder to obtain them.

Other Spring Security Articles too Resources you may like:
20 Spring REST Interview Questions amongst Answers

Thanks for reading this article so far. If you lot similar this Spring Security tutorial so delight portion amongst your friends too colleagues. If you lot cause got whatever questions or feedback so delight drib a note. 

Sumber https://javarevisited.blogspot.com/

0 Response to "What Is Securitycontext As Well As Securitycontextholder Inwards Saltation Security?"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel