The SecurityContext and SecurityContextHolder are 2 key classes of Spring Security. The SecurityContext is used to shop the details of the currently authenticated user, equally good known equally a principle. So, if you lot stimulate got to acquire the username or whatever other user details, you lot take away to acquire this SecurityContext first. The SecurityContextHolder is a helper class, which supply access to the safety context. By default, it uses a ThreadLocal object to shop safety context, which agency that the safety context is ever available to methods inwards the same thread of execution, fifty-fifty if you lot don't top the SecurityContext object around. Don't worry most the ThreadLocal retentivity leak inwards spider web application though, Spring Security takes attention of cleaning ThreadLocal.
Btw, that's non the only way a SecurityContextHolder tin shop electrical current SecurityContext, it tin live on configured alongside a strategy on startup to specify how you lot would the context to live on stored. For example, you lot tin occupation SecurityContextHolder.MODE_GLOBAL strategy for a standalone application.
The key affair to larn is that how practise you lot acquire the SecurityContext from the SecurityContextHolder? in addition to and so retrieving electrical current user details from that? For example, if you lot desire to know the username of the electrical current logged inwards user in addition to so how practise you lot acquire that inwards Spring security?
In lodge to acquire the electrical current username, you lot outset take away a SecurityContext, which is obtained from SecurityContextHolder. This SecurityContext choke on the user details inwards an Authentication object, which tin live on obtained past times calling getAuthentication() method.
Once you lot got the Authentication object, you lot tin either cast into UserDetails or occupation it equally it is. The UserDetails object is the 1 Spring Security uses to choke on user-related information.
The object returned past times getContext() is an event of the SecurityContext interface. This is the object that is stored inwards a thread-local storage.
The getPrincipal() method ordinarily render UserDetails object inwards Spring Security, which contains all the details of currently logged inwards user. Btw, if you lot are but starting alongside Spring safety in addition to non familiar alongside these concepts in addition to so Spring in addition to dependency injection. So if you lot ever take away to know electrical current logged-in user details e.g. inwards Spring MVC controller, I advise you lot declare a dependency in addition to allow the Spring supply you lot the Principal object, rather you lot querying for them in addition to practise a tightly coupled system.
Here is an illustration of that
If you lot desire to know to a greater extent than ways, you lot tin equally good encounter my ship service most 3 ways to acquire the electrical current username inwards Spring Security, where I stimulate got discussed a dyad of to a greater extent than ways to retrieve the electrical current username inwards Spring MVC controller.
That's all most what is safety context inwards Spring security in addition to how you lot tin obtain a SecurityContext from SecurityContextHolder class. These are but about of the key classes, so you lot must live on familiar alongside them.
The storage role i.e. SecurityContext is stored inwards ThreadLocal is optional, but it's equally good proficient to know the detail. Just remember, if you lot ever take away user details e.g. username etc, you lot amend enquire for Principal or Authentication object inwards Spring MVC controller, rather than using SecurityContextHolder to obtain them.
Other Spring Security Articles in addition to Resources you may like:
20 Spring REST Interview Questions alongside Answers
Btw, that's non the only way a SecurityContextHolder tin shop electrical current SecurityContext, it tin live on configured alongside a strategy on startup to specify how you lot would the context to live on stored. For example, you lot tin occupation SecurityContextHolder.MODE_GLOBAL strategy for a standalone application.
The key affair to larn is that how practise you lot acquire the SecurityContext from the SecurityContextHolder? in addition to and so retrieving electrical current user details from that? For example, if you lot desire to know the username of the electrical current logged inwards user in addition to so how practise you lot acquire that inwards Spring security?
In lodge to acquire the electrical current username, you lot outset take away a SecurityContext, which is obtained from SecurityContextHolder. This SecurityContext choke on the user details inwards an Authentication object, which tin live on obtained past times calling getAuthentication() method.
Once you lot got the Authentication object, you lot tin either cast into UserDetails or occupation it equally it is. The UserDetails object is the 1 Spring Security uses to choke on user-related information.
How to acquire the electrical current logged-in Username inwards Spring Security
Here is the code to acquire the safety context inwards Spring security in addition to obtain the lift of the currently logged inwards user:Object master copy = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (principal instanceof UserDetails) { String username = ((UserDetails)principal).getUsername(); } else { String username = principal.toString(); }
The object returned past times getContext() is an event of the SecurityContext interface. This is the object that is stored inwards a thread-local storage.
The getPrincipal() method ordinarily render UserDetails object inwards Spring Security, which contains all the details of currently logged inwards user. Btw, if you lot are but starting alongside Spring safety in addition to non familiar alongside these concepts in addition to so Spring in addition to dependency injection. So if you lot ever take away to know electrical current logged-in user details e.g. inwards Spring MVC controller, I advise you lot declare a dependency in addition to allow the Spring supply you lot the Principal object, rather you lot querying for them in addition to practise a tightly coupled system.
Here is an illustration of that
import java.security.Principal; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @Controller public class MVCController { @RequestMapping(value = "/username", method = RequestMethod.GET) @ResponseBody public String currentUserName(Principal principal) { return principal.getName(); } }Alternatively, you lot tin equally good enquire for Authentication object instead of a Principal object equally shown below:
import org.springframework.security.core.Authentication; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.ResponseBody; @Controller public class SpringMVCController { @RequestMapping(value = "/username", method = RequestMethod.GET) @ResponseBody public String currentUserName(Authentication authentication) { return authentication.getName(); } }
If you lot desire to know to a greater extent than ways, you lot tin equally good encounter my ship service most 3 ways to acquire the electrical current username inwards Spring Security, where I stimulate got discussed a dyad of to a greater extent than ways to retrieve the electrical current username inwards Spring MVC controller.
That's all most what is safety context inwards Spring security in addition to how you lot tin obtain a SecurityContext from SecurityContextHolder class. These are but about of the key classes, so you lot must live on familiar alongside them.
The storage role i.e. SecurityContext is stored inwards ThreadLocal is optional, but it's equally good proficient to know the detail. Just remember, if you lot ever take away user details e.g. username etc, you lot amend enquire for Principal or Authentication object inwards Spring MVC controller, rather than using SecurityContextHolder to obtain them.
Other Spring Security Articles in addition to Resources you may like:
20 Spring REST Interview Questions alongside Answers
Learn Spring Security four Basic hands-on
Difference between @RestController in addition to @Controller inwards Spring MVC?
Difference between @RestController in addition to @Controller inwards Spring MVC?
3 Online Courses to larn Spring Security better
Difference between @Service, @Component, in addition to @Controller inwards Spring?
5 Courses to larn Spring Core, Spring MVC, in addition to Spring Boot
Difference between @Service, @Component, in addition to @Controller inwards Spring?
5 Courses to larn Spring Core, Spring MVC, in addition to Spring Boot
How to enable Http Basic Authentication inwards Spring Security App?
Spring Security Certification Class past times Eugen Paraschiv
Spring Security Certification Class past times Eugen Paraschiv
Thanks for reading this article so far. If you lot similar this Spring Security tutorial in addition to so delight part alongside your friends in addition to colleagues. If you lot stimulate got whatever questions or feedback in addition to so delight drib a note.