How to Access Roles and User Details Using Spring Security
November 27, 2019
security-config.xml
<http auto-config="true"> <intercept-url pattern="/login" access="ROLE_USER,ROLE_SUPERVISOR" /> <logout logout-success-url="/login" /> </http> <authentication-manager> <authentication-provider> <password-encoder hash="sha"/> <user-service> <user name="ram" password="0733824cc1549ce36139e8c790a9344d1e385cd2" authorities="ROLE_USER" /> <user name="shyam" password="0733824cc1549ce36139e8c790a9344d1e385cd2" authorities="ROLE_SUPERVISOR" /> </user-service> </authentication-provider> </authentication-manager> <beans:bean id="webSecurityExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
How to Access Role in JSP Using Spring Security
To access roles in JSP we need to configure the security tag library. The required jar dependency must be there in you lib directory.
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.version}</version>
</dependency>
<%@ taglib uri="http://www.springframework.org/security/tags" prefix="security" %>
<html>
<body>
<table><tr><td>
<security:authorize access="hasRole('ROLE_SUPERVISOR')">
This zone will be visible to Supervisor only.<br/>
You have Supervisor role.<br/>
</security:authorize>
</td></tr>
<tr><td>
<a href="j_spring_security_logout">logout </a>
</td></tr>
</table>
</body>
</html>
<beans:bean id="webSecurityExpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
java.io.IOException: No visible WebSecurityExpressionHandler instance could be found in the application context.
When we access the URL
http://localhost:8080/SpringSecurity/login
SecurityContextHolder in Spring Security
Spring securitySecurityContextHolder will help to access roles and user details in Spring controller. SecurityContextHolder provides the context of Spring controller and that provides authentication and authorization details. Now we will see a method implementation to access roles and user details.
How to Access Role in Controller Using Spring Security
Find the method that will check if provided role has access or not.
private boolean hasRole(String role) {
Collection<GrantedAuthority> authorities = (Collection<GrantedAuthority>)
SecurityContextHolder.getContext().getAuthentication().getAuthorities();
boolean hasRole = false;
for (GrantedAuthority authority : authorities) {
hasRole = authority.getAuthority().equals(role);
if (hasRole) {
break;
}
}
return hasRole;
}
How To Get User Details using Spring Security
Find the method that will provide the user details.
private void getUserDetails() {
UserDetails userDetails = (UserDetails)SecurityContextHolder.getContext().
getAuthentication().getPrincipal();
System.out.println(userDetails.getPassword());
System.out.println(userDetails.getUsername());
System.out.println(userDetails.isEnabled());
}
