Home  >  Spring Security

How to Access Roles and User Details Using Spring Security

By Arvind Rai, December 25, 2013
In spring security, it is required to show some zones on the basis of access roles. For this we need role details and user details to decide which zone should be shown and which are not. In UI like JSP and spring controller, at both place we may require roles and user details. So in this page we learn in details how to access roles and user details using spring security. First find the configured users and roles.
security-config.xml
  <http auto-config="true">
	<intercept-url pattern="/login" access="ROLE_USER,ROLE_SUPERWISER" />
	<logout logout-success-url="/login" />
  </http>
  <authentication-manager>
   <authentication-provider>
  <password-encoder hash="sha"/>
  <user-service>
	<user name="ram" password="0733824cc1549ce36139e8c790a9344d1e385cd2" authorities="ROLE_USER" />
	<user name="shyam" password="0733824cc1549ce36139e8c790a9344d1e385cd2" authorities="ROLE_SUPERWISER" />
  </user-service>
   </authentication-provider>
 </authentication-manager>
 <beans:bean id="webSecurityExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
  
Two user ram and shyam has been configured with password con1234. Ram has ROLE_USER and shyam has ROLE_SUPERWISER.

How to Access Role in JSP Using Spring Security

To access roles in jsp we need to configure the security tag library in jsp. The required jar dependency must be there in you lib directory.
 <dependency>
 <groupId>org.springframework.security</groupId>
 <artifactId>spring-security-taglibs</artifactId>
  <version>${spring.version}</version>
 </dependency>
 
So start configuring tag library in jsp as below and use it.
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="security" %>
<html>
<body>
<table><tr><td>
 <security:authorize access="hasRole('ROLE_SUPERWISER')">
This zone will be visible to Superwiser only.<br/>
You have Superwiser role.<br/>
</security:authorize>
 </td></tr>
 <tr><td>
 <a href="j_spring_security_logout">logout </a>
 </td></tr>
 </table>
 </body>
 </html>
 
You need to configure a bean as below
 <beans:bean id="webSecurityExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
 
If you will not configure it then you will get the below error.
java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context.
If we will login with shyam user, we will see the below UI.

How to Access Roles and User Details Using Spring Security

SecurityContextHolder in Spring Security

org.springframework.security.core.context.SecurityContextHolder will help to access roles and user details in spring controller. SecurityContextHolder provides the context of spring controller and that provides authentication and authorization details. Now we will see some method implementation to access roles and user details using spring security.

How to Access Role in Controller Using Spring Security

Find the method that will check if provided role has access or not.
private boolean hasRole(String role) {
  Collection<GrantedAuthority> authorities = (Collection<GrantedAuthority>)
  SecurityContextHolder.getContext().getAuthentication().getAuthorities();
  boolean hasRole = false;
  for (GrantedAuthority authority : authorities) {
     hasRole = authority.getAuthority().equals(role);
     if (hasRole) {
	  break;
     }
  }
  return hasRole;
}
 

How To Get User Details using Spring Security

Find the method that will provide the user details.
private void getUserDetails() {
   UserDetails userDetails = (UserDetails)SecurityContextHolder.getContext().
   getAuthentication().getPrincipal();
   System.out.println(userDetails.getPassword());
   System.out.println(userDetails.getUsername());
   System.out.println(userDetails.isEnabled());
}
 

Download Source Code

POSTED BY
ARVIND RAI
ARVIND RAI
FIND MORE TUTORILAS








Copyright ©2017 concretepage.com, all rights reserved |Privacy Policy | Contact Us