Spring Security: How to retrieve user's information in sign in?

Question

I have implemented Spring boot, with Spring security. And here is how I configure the http requests:

@Override
protected void configure(HttpSecurity http) throws Exception {
  http.authorizeRequests()
    .antMatchers( "/registeration").permitAll()
    .antMatchers("/home").hasRole("USER")
    .anyRequest().authenticated().and()
    .formLogin().loginPage("/login").permitAll();
  http.formLogin().defaultSuccessUrl("/home", true);
}

So, I am trying to redirect my logged in users to the /home url, and here is the controller:

@GetMapping("/home")
public String home(Model model,@RequestParam Long userId) {
    model.addAttribute("user", userService.getUserById(userId));
    return "home";
}

But, as you see, I need to pass the userId, to add it as a model into my view. The problem is, I don't know how to retrieve the information of yje user before redirect, and after log in.

score 1 · Answer 1 · answered Nov 23 '17 at 15:07

1

Something like this should work

    @GetMapping("/home")
    public String home(Model model) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication()
        model.addAttribute("user", authentication.getPrincipal());
        return "home";
    }

Some good examples here

answered Nov 23 '17 at 15:07

Essex Boy

7,565
2
21
24

shouldn't i pass the result of `authentication.getPrincipal()` to the `userService.getUserById`? – Sal-laS Nov 23 '17 at 15:14
@Salman as look as you've set Spring Security up correctly this is all your need. – Essex Boy Nov 23 '17 at 15:49

score 1 · Answer 2 · edited Jul 11 '18 at 07:18

Thanks to @dur.

When the user logs in, then all of his information is in to the SecurityContextHolder, and the targeted uri can receive the principal, which contains the identity of the principal being authenticated. which contains the username of the logged in user. So, here is the solution:

@GetMapping("/home")
public String home(Model model,Principal principal) {
    final String currentUser = principal.getName();
    log.info("Logged User is:    "+ currentUser);

    model.addAttribute("user", userService.getUserByUsername(currentUser));
    return "home";
}

score 0 · Answer 3 · edited Nov 23 '17 at 18:41

0

I wanted to add a comment to @Salman's answer, but I don't have the reputation to do that. what I wanted to say is that I think:

in model.addAttribute("user", userService.getUserByUsername(currentUser));, userService.getUserByUsername(currentUser) would return the same result as the injected principal. Therefore, model.addAttribute("user", principal); can work a little better.

edited Nov 23 '17 at 18:41

Ahmad Raza

2,850
1
21
37

answered Nov 23 '17 at 16:37

glithedev

56
3

In general it is not the same. In this case it is not clear, because OP has not shown his user model class. – dur Nov 23 '17 at 17:06

Spring Security: How to retrieve user's information in sign in?

3 Answers3