Springboot通过Controller从Authentication获取用户名

Question

问题: 我想从authenticate.getName()中获取/提取用户名/电子邮件...如果可能,不要使用解析字符串.

authentication.getName()或principal.getName()值:

[username]: org.springframework.security.core.userdetails.User@21463e7a: Username: butitoy@iyotbihagay.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities

在这个例子中,我只想获得Username的值,即butitoy@iyotbihagay.com

解:

由于我只想获得用户名/电子邮件(butitoy@iyotbihagay.com),并且它返回了整个主要内容/文本(上图),我将主题中设置的值从主要值...替换为电子邮件价值..它现在有效.

@Override
protected void successfulAuthentication(HttpServletRequest req,
                                        HttpServletResponse res,
                                        FilterChain chain,
                                        Authentication auth) throws IOException, ServletException {
    String email = auth.getName();
    String principal = auth.getPrincipal().toString();
    Date expiration = new Date(System.currentTimeMillis() + SecurityConstants.EXPIRATION_TIME);
    String token = Jwts.builder()
            .setSubject(email) //from principal to email
            .setExpiration(expiration)
            .signWith(SignatureAlgorithm.HS512, SecurityConstants.SECRET.getBytes())
            .compact();
    AuthenticatedUser loginUser = new AuthenticatedUser(email);
    loginUser.setToken(token);
    String jsonUser = Util.objectToJsonResponseAsString(loginUser, "user");
    res.addHeader(SecurityConstants.HEADER_STRING, SecurityConstants.TOKEN_PREFIX + token);
    res.setContentType("application/json");
    res.setCharacterEncoding(ConstantUtil.DEFAULT_ENCODING);
    res.getWriter().write(jsonUser);
}

我现在可以使用不同的方式获取用户名/电子邮件值,就像你们建议的那样......甚至是我目前使用的那个.我现在不需要任何特殊的解析来获取Authentication对象的电子邮件值.

在我之前使用Spring的非RESTful应用程序...我可以使用在控制器方法参数中注入的Authentication类轻松获取用户名.

控制器:

...  
public Ticket getBySwertresNo(Authentication authentication, @PathVariable String swertresNo) {  
    logger.debug("Inside getBySwertresNo: " + swertresNo);  
    System.out.println("\n[username]: " + authentication.getName() + "\n");  
    return m_sugalService.getSwertresInfoBySwertresNo(swertresNo);  
}  
...  

安慰:

[username]: butitoy@iyotbihagay.com

现在,在我当前的项目中...我使用了RESTful方法,并且在成功进行身份验证后,我将返回一个将在请求标头中使用/注入的令牌.我可以使用令牌登录...但是当我获得authentication.getName()的值时...返回不仅仅是电子邮件地址,还包含一些其他信息.

控制台(REST + JWT):

[username]: org.springframework.security.core.userdetails.User@21463e7a: Username: butitoy@iyotbihagay.com; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Not granted any authorities

我想只获取用户名值"butitoy@iyotbihagay.com".

JWT身份验证过滤器:

public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

    private AuthenticationManager authenticationManager;

    public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    @Override
    public Authentication attemptAuthentication(HttpServletRequest req,
                                                HttpServletResponse res) throws AuthenticationException {
        String username = req.getParameter("username");
        String password = req.getParameter("password");
        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, password);
        Authentication authentication = authenticationManager.authenticate(authenticationToken);
        return authentication;
    }

    @Override
    protected void successfulAuthentication(HttpServletRequest req,
                                            HttpServletResponse res,
                                            FilterChain chain,
                                            Authentication auth) throws IOException, ServletException {
        String email = auth.getName();
        String principal = auth.getPrincipal().toString();
        Date expiration = new Date(System.currentTimeMillis() + SecurityConstants.EXPIRATION_TIME);
        String token = Jwts.builder()
                .setSubject(principal)
                .setExpiration(expiration)
                .signWith(SignatureAlgorithm.HS512, SecurityConstants.SECRET.getBytes())
                .compact();
        AuthenticatedUser loginUser = new AuthenticatedUser(email);
        loginUser.setToken(token);
        String jsonUser = Util.objectToJsonResponseAsString(loginUser, "user");
        res.addHeader(SecurityConstants.HEADER_STRING, SecurityConstants.TOKEN_PREFIX + token);
        res.setContentType("application/json");
        res.setCharacterEncoding(ConstantUtil.DEFAULT_ENCODING);
        res.getWriter().write(jsonUser);
    }

}

JWT授权过滤器:

public class JWTAuthorizationFilter extends BasicAuthenticationFilter {

    public JWTAuthorizationFilter(AuthenticationManager authManager) {
        super(authManager);
    }

    @Override
    protected void doFilterInternal(HttpServletRequest req,
                                    HttpServletResponse res,
                                    FilterChain chain) throws IOException, ServletException {
        String header = req.getHeader(SecurityConstants.HEADER_STRING);

        if (header == null || !header.startsWith(SecurityConstants.TOKEN_PREFIX)) {
            chain.doFilter(req, res);
            return;
        }

        UsernamePasswordAuthenticationToken authentication = getAuthentication(req);

SecurityContextHolder.getContext().setAuthentication(authentication);
        chain.doFilter(req, res);
    }

    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest request) {
        String token = request.getHeader(SecurityConstants.HEADER_STRING);
        if (token != null) {
            // parse the token.
            String user = Jwts.parser()
                    .setSigningKey(SecurityConstants.SECRET.getBytes())
                    .parseClaimsJws(token.replace(SecurityConstants.TOKEN_PREFIX, ""))
                    .getBody()
                    .getSubject();

            if (user != null) {
                return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
            }
            return null;
        }
        return null;
    }

}

Answer 1

就 Authentication/Principal 对象而言，您是使用令牌还是基本的 spring 安全身份验证并不重要。

在 spring 安全的情况下，您可以通过
1获取当前登录的用户。Object user = Authentication authentication（正如您已经在做的那样）
2。

Object user = SecurityContextHolder.getContext().getAuthentication()
                    .getPrincipal();

在这两种情况下，userwill 包含您从 返回的用户对象UserDetailsService.loadUserByUsername(...)。因此，使用默认UserDetailsService你会得到Spring Security的User对象包含了像用户的基本信息username，password等等。

因此，如果您使用默认 spring 的UserDetailsService，那么您可以通过简单地获取当前登录的用户

UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication()
                        .getPrincipal();
String username = userDetails.getUsername();

Answer 2

我看到了你的问题.我想你可以尝试以下一些方法.

• 在注入控制器身份验证或主体中

  @Controller
  @RequestMapping("/info")
  public class GetNameController {
  
      @RequestMapping(value = "/name", method = RequestMethod.GET)
      public String getName(Authentication authentication, Principal principal) {
          System.out.println(authentication.getName());
          System.out.println("-----------------");
          System.out.println(principal.getName());
          return "";
      }
  }
  

• 输出:

  admin
  -----------------
  admin
  

• 我想你可以这样写.

• 谢谢