Spring Security. Get Authenticated Principal Details.

In this Spring Boot tutorial, you will learn how to get the details of the currently authenticated principal user. There is more than one way to get currently authenticated user details and in this blog post, I am going to share with you a few.

Most likely you already have Spring Security configured for your Spring Boot application but if you do not have, here is a very short tutorial on how to configure Spring Security default username, password and a Role.

Get Principal In the Controller Class

Once you have Spring Security configured and working, here is how you can get the currently authenticated principal user object in the Controller class. Just add a Principal object to your method as an argument and you will be able to access the Principal user details.

@PreAuthorize("hasRole('MANAGER')")
@GetMapping("/managers/status/check")
public String managersStatusCheck(Principal principal) {
    return "Working for managers. Principal name = " + principal.getName();
}

Another way is to use the Authentication class which extends Principal.

@PreAuthorize("hasRole('MANAGER')")
@GetMapping("/managers/status/check")
public String managersStatusCheck(Authentication authentication) {
    return "Working for managers. Principal name = " + authentication.getName();
}

Authentication object provides you with all sort of details. You can get the current Principal object from Authentication object and get the username and other details like for example check if the user account is enabled or not.

@GetMapping("/managers/status/check")
public String managersStatusCheck(Authentication authentication) {
    
    UserDetails userPrincipal = (UserDetails)authentication.getPrincipal();
    System.out.println("User principal name =" + userPrincipal.getUsername());
    System.out.println("Is user enabled =" + userPrincipal.isEnabled());

    return "Working for managers. Principal name = " + authentication.getName();
}

You can also get a Principal object from HttpServletRequest.

@GetMapping("/managers/status/check")
 public String managersStatusCheck(HttpServletRequest request) {

     Principal userPrincipal =  request.getUserPrincipal();

     return "Working for managers. Principal name = " + userPrincipal.getName();
 }

Get Principal From the Security Context Holder Object

You can also get the user Principal object from other places in your code as long as you have access to a SecurityContextHolder object.

Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!(authentication instanceof AnonymousAuthenticationToken)) {
   UserDetails userPrincipal = (UserDetails)authentication.getPrincipal(); 
   System.out.println("User principal name =" + userPrincipal.getUsername()); 
   System.out.println("Is user enabled =" + userPrincipal.isEnabled());
}

I hope this short tutorial on how to get the currently logged in user details was helpful to you. To learn more about Spring Boot and how to build RESTful Web Services with Spring Boot and Spring MVC, please check my Spring Boot tutorials page. If you are interested to learn how to test RESTful Web Services, then check the Rest Assured tutorials page. For Spring Cloud tutorials check the Spring Cloud tutorials page.

Also, if you enjoy learning by watching video lessons then have a look at the below list of online video courses that teach Spring Security. One of them might have the information you are looking for to learn.

Leave a Reply

Your email address will not be published. Required fields are marked *