Accessing UserDetails object from controller in Spring using Spring security

Question

I would like to access some user details from session. I am using spring security and custom authentication by overriding loadUserByUsername(String username) method.

I am returning a user and would like to access it from within my controller. I tried the principal object but i can not reach to the companyId field of my ESecurityUser object.

Any help would be appreciated..

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

    ESecurityUser user = new ESecurityUser();
    user.setUsername("hello");
    user.setPassword("world");
    user.setCompanyId(199);

    Set<EAuthority> authorities = new HashSet<EAuthority>();
    EAuthority authority = new EAuthority();
    authority.setAuthority("ROLE_ADMIN");
    authorities.add(authority);

    user.setAuthorities(authorities);;

    return user;
}

Sample Controller Code

@RequestMapping("")
    public String toPeriodicAdReport(@ModelAttribute("advertFormHelper") AdvertFormHelper advertFormHelper,
            Model model,Principal principal) {

        //What to write here so that i can access to authenticated user`s companyId field..

        return "Test";
    }

@brub Hello, I tried that but i got an exception.. `org.springframework.security.authentication.UsernamePasswordAuthenticationToken cannot be cast to tr.com.simroll.ada.rvm.report.entity.ESecurityUser` — rematnarab, Dec 21 '17 at 15:30
this looks similar: https://stackoverflow.com/questions/12078404/org-springframework-security-core-userdetails-user-cannot-be-cast-to-myuser — brub, Dec 21 '17 at 15:34
The question should be edited with the exception. It really helps to understand what has happened under the hood... — Serge Ballesta, Dec 21 '17 at 15:55

Sync · Accepted Answer · 2017-12-21T16:54:35.843

2

You can use the annotation @AuthenticationPrincipal to directly access ESecurityUser.

@RequestMapping("")
public String toPeriodicAdReport(@ModelAttribute("advertFormHelper") AdvertFormHelper advertFormHelper,
        Model model, @AuthenticationPrincipal ESecurityUser principal) {
    principal.getCompanyId();
    return "Test";
}

edited Dec 21 '17 at 16:54

answered Dec 21 '17 at 15:35

Sync

3,571
23
30

score 1 · Answer 2 · answered Dec 21 '17 at 15:53

You were not far...

The Principal that the SpringMVC machinery passed to a controller method is the Authentication token that identifies the user. You must use its getDetails() method to extract the ESecurityUser that you returned from your loadUserByUsername

Your code could become:

@RequestMapping("")
    public String toPeriodicAdReport(@ModelAttribute("advertFormHelper") AdvertFormHelper advertFormHelper,
            Model model,Principal principal) {

        ESecurityUser user = (ESecurityUser) ((Authentication) principal).getDetails();

        // stuff...
        return "Test";
}

score 0 · Answer 3 · answered Dec 21 '17 at 15:47

0

ESecurityUser e = (ESecurityUser)SecurityContextHolder.getContext().getAuthentication().getPrincipal();

This is working for me..

answered Dec 21 '17 at 15:47

rematnarab

1,277
4
22
42

Accessing UserDetails object from controller in Spring using Spring security

3 Answers3