Results 1 to 2 of 2

Thread: Spring 3 Security: Accessing the user Id

  1. Feb 3rd, 2010, 12:59 PM #1
    benoitx
    benoitx is offline Senior Member
    Join Date
    Aug 2005
    Location
    London (the English one!)
    Posts
    378

    Default Spring 3 Security: Accessing the user Id

    Hi

    I've implemented the basic http authentication mechanism by using this:

    My question is, given that I am using Spring MVC 3 with @RequestMapping, I do not pass the HttpServletRequest everywhere... so how could I detect the user that has sent this request? I simply need the user Id to log it against some internal actions.

    Is there a bean that contains that information? I guess it is some info in a ThreadLocal variable but is there a bean to inject that contains it?

    Many thanks

    web.xml
    Code:
    <context-param>
	<param-name>contextConfigLocation</param-name>
	<param-value>
		/WEB-INF/applicationContext.xml
		/WEB-INF/securityContext.xml
	</param-value>
</context-param>
....
<filter>
	<filter-name>springSecurityFilterChain</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
	<filter-name>springSecurityFilterChain</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>
...
    securityContext.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

	<http auto-config="true">
		<intercept-url pattern="/**"
			access="ROLE_USER" />
	</http>

	<authentication-manager>
		<authentication-provider>
			<user-service>
				<user name="me" password="password" authorities="ROLE_USER" />
			</user-service>
		</authentication-provider>
	</authentication-manager>

</beans:beans>
    e.g. How could I detect who's called this:
    Code:
    @Controller
public class IssuerController {
    @Autowired private IssuerDao issuerDao;

    @RequestMapping(value = "/issuers")
    public void issuers(final Model model) {
        model.addAttribute("issuers", issuerDao.getAll());

... // I NEED TO KNOW WHO CALLED THIS... How could I do it?

    }
    Many thanks!

    Benoit
  2. Feb 11th, 2010, 04:46 AM #2
    benoitx
    benoitx is offline Senior Member
    Join Date
    Aug 2005
    Location
    London (the English one!)
    Posts
    378

    Default Oh well..

    Oh well, I shall answer my own question.

    It seems possible to get access to the authenticated user this way:

    Code:
    public static String getAuthenticatedUser() {
        return SecurityContextHolder.getContext().getAuthentication().getName();
}
    May not be the best way... but it works.

    Benoit
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules