How to find out the currently logged-in user in Spring Boot?

JavaSpring Boot

Java Problem Overview

In this Spring Boot application there is a web service, which returns some data for a logged-in user:

@RequestMapping("/resource")
public Map<String, Object> home() {
	Map<String, Object> model = new HashMap<String, Object>();
	model.put("id", UUID.randomUUID().toString());
	model.put("content", "Hello World");
	return model;
}

Imagine, the return value of the method depends on what user is currently logged in.

How can I find out, which user is logged in in that method?

Java Solutions

Solution 1 - Java

As per request:

Spring Boot which uses Spring Security internally provides a SecurityContextHolder class which allows the lookup of the currently authenticated user via:

Authentication auth = SecurityContextHolder.getContext().getAuthentication();

The authentication instance now provides the following methods:

  • Get the username of the logged in user: getPrincipal()
  • Get the password of the authenticated user: getCredentials()
  • Get the assigned roles of the authenticated user: getAuthorities()
  • Get further details of the authenticated user: getDetails()

Solution 2 - Java

Since Spring Security 3.2 you can get currently logged in user (your implementation of UserDetails) by adding a parameter inside your controller method:

import org.springframework.security.web.bind.annotation.AuthenticationPrincipal;

@RequestMapping("/resource")
public Map<String, Object> home(@AuthenticationPrincipal User user) {
   ..
}

Replace User with the name of your class which implements UserDetails interface.

Edit:

Since Spring Security 4.0 annotation was moved to a different package:

import org.springframework.security.core.annotation.AuthenticationPrincipal;

Addendum:

This will work even in WebFlux reactive environment versus the SecurityContextHolder.getContext().getAuthentication() which won't work because of paradigm shift from thread per request model to multiple requests per thread.

Solution 3 - Java

You can simply use HttpServletRequest also to get user principle,

using HttpServletRequest request,

String user=request.getUserPrincipal().getName();

Solution 4 - Java

One way is to add java.security.Principal as a parameter as follows:

@RequestMapping("/resource")
public Map<String, Object> home(Principal principal) {
    Map<String, Object> model = new HashMap<String, Object>();
    model.put("id", UUID.randomUUID().toString());
    model.put("content", "Hello " + principal.getName());
    return model;
}

Solution 5 - Java

Since version 5.2 you can use CurrentSecurityContext annotation:

@GetMapping("/hello")
public String hello(@CurrentSecurityContext(expression="authentication?.name")
                    String username) {
    return "Hello, " + username + "!";
}

Solution 6 - Java

In Spring boot v2.1.9.RELEASE if you are trying to get the name, email , given_name you can get those details from Pricipal. Note: I am using spring security with google oauth2

Map<String , Object> userDetails = ((DefaultOidcUser)SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getAttributes(); System.out.println(userDetails.get("name")); System.out.println(userDetails.get("email")); System.out.println(userDetails.get("given_name"));

Solution 7 - Java

Recently using Keycloak authentication server and accessing currently logged-in user data is accessible like this

String userID;

KeycloakPrincipal kcPrincipal = getPrincipal();
KeycloakSecurityContext ksContext = kcPrincipal.getKeycloakSecurityContext();
IDToken idToken = ksContext.getToken();
userID = idToken.getName();

Solution 8 - Java

Im using spring boot 2.0 with OAuth so I'm doing it like this

Authentication auth = SecurityContextHolder.getContext().getAuthentication();
Object pricipal = auth.getPrincipal();
String user="";
if (pricipal instanceof DefaultOidcUser) {
       user = ((DefaultOidcUser) pricipal).getName();
}

Solution 9 - Java

You can find the currently logged in user name without using any spring Security features. All you need is a jdk 1.8

Do the following :

@RequestMapping("/login")
@Override
public ModelAndView AuthChecker(@RequestParam("email") String email, @RequestParam("password") String password, Customers cust) {

	 ModelAndView mv = new ModelAndView("index");
	 if((repo.findByEmail(email)!=null) && (repo.findByPassword(password)!=null)) {
		
		 
      List<Customers> l=  repo.findAll();
      
      cust = (Customers) l.stream() 
      .filter(x -> email.equals(x.getEmail()))        
      .findAny()                                      
      .orElse(null); 
	
		mv.addObject("user",cust.getName());
		 mv.setViewName("DashBoardRedirect");
	
		 return mv;

Once name fetched successfully, you can use the same in any jsp/thymeleaf view.

Categories
Recommended Java Solutions
Recommended Spring Boot Solutions

Previous Solution:

What is python-dev package used for

PythonHeader FilesCpython

Next Solution:

Repository Pattern - How to understand it and how does it work with "complex" entities?

JavaSpringHibernateRepository Pattern

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionPDPView Question on Stackoverflow
Solution 1 - JavaRoman VottnerView Answer on Stackoverflow
Solution 2 - JavaNikolaBView Answer on Stackoverflow
Solution 3 - JavaNikhilPView Answer on Stackoverflow
Solution 4 - JavaDavidView Answer on Stackoverflow
Solution 5 - JavattulkaView Answer on Stackoverflow
Solution 6 - JavaGouravView Answer on Stackoverflow
Solution 7 - JavaPetko MirchevView Answer on Stackoverflow
Solution 8 - JavaPetko MirchevView Answer on Stackoverflow
Solution 9 - JavaDeepak SharmaView Answer on Stackoverflow