What Is Securitycontext Together With Securitycontextholder Inwards Boundary Security?

The SecurityContext and SecurityContextHolder are 2 cardinal classes of Spring Security. The SecurityContext is used to shop the details of the currently authenticated user, besides known every bit a principle. So, if yous guide keep to acquire the username or whatever other user details, yous postulate to acquire this SecurityContext first. The SecurityContextHolder is a helper class, which render access to the safety context. By default, it uses a ThreadLocal object to shop safety context, which agency that the safety context is ever available to methods inwards the same thread of execution, fifty-fifty if yous don't overstep the SecurityContext object around. Don't worry virtually the ThreadLocal retentivity leak inwards spider web application though, Spring Security takes aid of cleaning ThreadLocal.

Btw, that's non the only way a SecurityContextHolder tin give the axe shop electrical flow SecurityContext, it tin give the axe hold upward configured amongst a strategy on startup to specify how yous would the context to hold upward stored. For example, yous tin give the axe role SecurityContextHolder.MODE_GLOBAL strategy for a standalone application.

The key matter to acquire is that how do yous acquire the SecurityContext from the SecurityContextHolder? as well as and so retrieving electrical flow user details from that? For example, if yous desire to know the username of the electrical flow logged inwards user as well as so how do yous acquire that inwards Spring security?

In companionship to acquire the electrical flow username, yous showtime postulate a SecurityContext, which is obtained from SecurityContextHolder. This SecurityContext continue the user details inwards an Authentication object, which tin give the axe hold upward obtained past times calling getAuthentication() method.

Once yous got the Authentication object, yous tin give the axe either cast into UserDetails or role it every bit it is. The UserDetails object is the i Spring Security uses to continue user-related information.




How to acquire the electrical flow logged-in Username inwards Spring Security

Here is the code to acquire the safety context inwards Spring security as well as obtain the refer of the currently logged inwards user:

Object brain = SecurityContextHolder.getContext().getAuthentication().getPrincipal();  if (principal instanceof UserDetails) {   String username = ((UserDetails)principal).getUsername(); } else {   String username = principal.toString(); }

The object returned past times getContext() is an instance of the SecurityContext interface. This is the object that is stored inwards a thread-local storage.

The getPrincipal() method usually render UserDetails object inwards Spring Security, which contains all the details of currently logged inwards user. Btw, if yous are only starting amongst Spring safety as well as non familiar amongst these concepts as well as so Spring as well as dependency injection. So if yous ever postulate to know electrical flow logged-in user details e.g. inwards Spring MVC controller, I advise yous declare a dependency as well as allow the Spring render yous the Principal object, rather yous querying for them as well as do a tightly coupled system.


Here is an instance of that

import java.security.Principal; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody;  @Controller public class MVCController {    @RequestMapping(value = "/username", method = RequestMethod.GET)   @ResponseBody   public String currentUserName(Principal principal) {      return principal.getName();   }  }
Alternatively, yous tin give the axe besides inquire for Authentication object instead of a Principal object every bit shown below:

import org.springframework.security.core.Authentication; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody;  @Controller public class SpringMVCController {    @RequestMapping(value = "/username", method = RequestMethod.GET)   @ResponseBody   public String currentUserName(Authentication authentication) {      return authentication.getName();   } }

If yous desire to know to a greater extent than ways, yous tin give the axe besides run across my post virtually 3 ways to acquire the electrical flow username inwards Spring Security, where I guide keep discussed a twain of to a greater extent than ways to retrieve the electrical flow username inwards Spring MVC controller.

That's all virtually what is safety context inwards Spring security as well as how yous tin give the axe obtain a SecurityContext from SecurityContextHolder class. These are or so of the cardinal classes, thence yous must hold upward familiar amongst them.

The storage business office i.e. SecurityContext is stored inwards ThreadLocal is optional, but it's besides practiced to know the detail. Just remember, if yous ever postulate user details e.g. username etc, yous ameliorate inquire for Principal or Authentication object inwards Spring MVC controller, rather than using SecurityContextHolder to obtain them.

Other Spring Security Articles as well as Resources you may like:
20 Spring REST Interview Questions amongst Answers

Thanks for reading this article so far. If yous similar this Spring Security tutorial as well as so delight portion amongst your friends as well as colleagues. If yous guide keep whatever questions or feedback as well as so delight drib a note. 

0 Response to "What Is Securitycontext Together With Securitycontextholder Inwards Boundary Security?"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel