1

enter image description here I try: How to get the current logged in user object from spring security?

but doesn't work.

How convert org.springframework.security.oauth2.jwt.Jwt@9f4f7d6e to username jwt ?

My Class Starts With:

@Slf4j
@RestControllerAdvice
public class RestControllerExceptionHandler {

    @ExceptionHandler(Throwable.class)
    public final ResponseEntity<ErrorResponse> handleException(Throwable ex, WebRequest request) {
        // ex.printStackTrace();
        // Authentication authenticantion = SecurityContextHolder.getContext().getAuthentication();
        String username = new String();
        Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();

        AbstractAuthenticationToken auth = (AbstractAuthenticationToken)
                SecurityContextHolder.getContext().getAuthentication();

        UserDetails details = (UserDetails) auth.getDetails();

        log.error(ex.getMessage().toUpperCase() + " User:  "+ username  + " Source: " + request.getDescription(false));
....
paulo.sobrinho
  • 83
  • 1
  • 1
  • 11
  • Is not a good idea includes the raw Jwt as content of Spring `Principal` object, because the rest of your code will deal with an external format to extract security information and related data (as you have to do it currently). A better approach is transform the provided security information into an standard `Authentication` object (probably you are doing it into an own security filter). In that way, "the rest of your code" won't change if you modify the internal Jwt token or use another security option. – doctore Dec 08 '20 at 09:42

1 Answers1

1

If you just need the username, then you can access it from request.getRemoteUser(). Alternatively, you can also get the username from request.getUserPrincipal().getName(). If you don't need the WebRequest, you can instead change your signature to be:

@ExceptionHandler(Throwable.class)
public final ResponseEntity<ErrorResponse> handleException(Throwable ex, Principal principal) {
    String username = principal.getName();

You can also get the Jwt using @AuthenticationPrincipal

@ExceptionHandler(Throwable.class)
public final ResponseEntity<ErrorResponse> handleException(Throwable ex, @AuthenticationPrincipal Jwt jwt) {
    String username = jwt.getClaim("user_name");

You should also be able to do something like this:

@ExceptionHandler(Throwable.class)
public final ResponseEntity<ErrorResponse> handleException(Throwable ex, @AuthenticationPrincipal(expression = "claims['user_name']") String username) {

Finally if you are using the above code frequently, you can using something like:

@Target({ElementType.PARAMETER, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@AuthenticationPrincipal(expression = "claims['user_name']")
public @interface CurrentUsername {}

Then you can access it with:

@ExceptionHandler(Throwable.class)
public final ResponseEntity<ErrorResponse> handleException(Throwable ex, @CurrentUsername String username) {
Rob Winch
  • 21,440
  • 2
  • 59
  • 76