Get current logged in username in Spring Security

In this article, we show you three ways to get current logged in username in Spring Security.

1. SecurityContextHolder + Authentication.getName()

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
 
@Controller
public class LoginController {
 
  @RequestMapping(value="/login", method = RequestMethod.GET)
  public String printUser(ModelMap model) {
 
      Authentication auth = SecurityContextHolder.getContext().getAuthentication();
      String name = auth.getName(); //get logged in username
 
      model.addAttribute("username", name);
      return "hello";
 
  }
  //...

2. SecurityContextHolder + User.getUsername()

import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
 
@Controller
public class LoginController {
 
  @RequestMapping(value="/login", method = RequestMethod.GET)
  public String printUser(ModelMap model) {
 
      User user = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
      String name = user.getUsername(); //get logged in username
 
      model.addAttribute("username", name);
      return "hello";
 
  }
  //...

3. UsernamePasswordAuthenticationToken

This is more elegant solution, in runtime, Spring will inject “UsernamePasswordAuthenticationToken” into the “Principal” interface.

import java.security.Principal;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
 
@Controller
public class LoginController {
 
  @RequestMapping(value="/login", method = RequestMethod.GET)
  public String printWelcome(ModelMap model, Principal principal ) {
 
      String name = principal.getName(); //get logged in username
      model.addAttribute("username", name);
      return "hello";
 
  }
  //...

Download Source Code

Download it – Spring-Security-Get-Logged-In-Username.zip (9 KB)

References

Tags : spring security username

mkyong

Founder of Mkyong.com, love Java and open source stuffs. Follow him on Twitter, or befriend him on Facebook or Google Plus.

Here are some of my recommended Books

Popular Posts

SEVERE: Servlet.service() for servlet [dispatcher] in context with path [] threw exception [Request processing failed; nested exception is java.lang.NullPointerException] with root cause java.lang.NullPointerException at com.mkyong.common.controller.LoginController.printWelcome(LoginController.java:19) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:174) at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:414) at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:402) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:771) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:716) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:647) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:552) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:343) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:498) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:394) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619)

public String logar() { try { RequestDispatcher dispatcher = FacesUtil.getServletRequest().getRequestDispatcher("/j_spring_security_check"); dispatcher.forward(FacesUtil.getServletRequest(), FacesUtil.getServletResponse()); FacesContext.getCurrentInstance().responseComplete(); HttpSession session = FacesUtil.getServletRequest().getSession(); current = FacesUtil.getPrincipal(session); if(current!=null) {System.out.println("Username="+current.getUsername()); role = current.getAuthority(); } else System.out.println("Null User"); } catch (Exception ex) { FacesUtil.exibirMensagemErro(ex.getMessage()); return null; } return null; }

Cesar123 May 16, 2013 at 4:53 am
Hi Mkyong,
I have to say thank you. Your tutorials had helped me a lot. I have a question related to how to get the current username. I have a table in MySQL with some fields (username, password, enabled, name) my question is: Is there anyway to return the value of the “name” field in that table? and how can i do that?
Thanks in advance.
Greetings
Sandro Simas April 23, 2013 at 10:11 pm
Hi mkyong, i’m trying to get the userPrincipal from any bean in my JSF application, but i’m getting a null pointer. I think that is because the spring getContext uses a ThreadLocal.
Do you have any idea ?
See this post:
http://www.lejava.com.br/java/jsf/jsf-2-spring-spring-security-3-and-database
Do you know if i use @ManagedProperty in any Bean, i will get the userPrincipal correctly ?
Thanks in advance
jatin March 1, 2013 at 11:45 am
how can retrieve userid using spring security?
bala January 31, 2013 at 3:43 pm
i am spring security in my current project..i have following code in springsecurity.taglib.xml
http://www.springframework.org/security/tags
authorize
org.springframework.faces.security.FaceletsAuthorizeTagHandler
areAllGranted
org.springframework.faces.security.FaceletsAuthorizeTagUtils
boolean areAllGranted(java.lang.String)
areAnyGranted
org.springframework.faces.security.FaceletsAuthorizeTagUtils
boolean areAnyGranted(java.lang.String)
areNotGranted
org.springframework.faces.security.FaceletsAuthorizeTagUtils
boolean areNotGranted(java.lang.String)
isAllowed
org.springframework.faces.security.FaceletsAuthorizeTagUtils
boolean isAllowed(java.lang.String, java.lang.String)
i want add new tag authentication…how can i add that
pls help me

atri September 14, 2012 at 11:58 am

first of all, your site is very helpful . It makes things a whole lot easier for me.

I m trying your first example , i am unable to get the authentication object .
“Authentication auth = SecurityContextHolder.getContext().getAuthentication();”

i am getting null value. I m following your code , but i m not able to figure out how to resolve this. Following is the error message generated for me.

Arun March 29, 2012 at 3:30 pm
I think you mean RequestMapping as “/welcome” instead of “/login” that you have put. You will get hold of principal (USer) only after successful authentication.
- K. Arun
- antonioa89 July 31, 2012 at 5:19 pm
  Come ti permetti ? ;) mkyoung sa il fatto suo ;)

Spring Security Framework Video Tutorial August 18, 2011 at 10:44 am

This is my login function

Get current logged in username in Spring Security

1. SecurityContextHolder + Authentication.getName()

2. SecurityContextHolder + User.getUsername()

3. UsernamePasswordAuthenticationToken

Download Source Code

References

Popular Posts

What is your opinion?

Do you know the answer?

1. SecurityContextHolder + Authentication.getName()

2. SecurityContextHolder + User.getUsername()

3. UsernamePasswordAuthenticationToken

Download Source Code

References

Related Posts

Popular Posts

What is your opinion?

Do you know the answer?