Spring Security - How to Get Current Logged-In Username in JSP

🎓 Top 15 Udemy Courses (80-90% Discount): My Udemy Courses - Ramesh Fadatare — All my Udemy courses are real-time and project oriented courses.

▶️ Subscribe to My YouTube Channel (178K+ subscribers): Java Guides on YouTube

▶️ For AI, ChatGPT, Web, Tech, and Generative AI, subscribe to another channel: Ramesh Fadatare on YouTube

In this short article, I show you how to get current logged-in username in JSP using Spring Security.

Spring Security has its own spring-security-taglibs library, which provides basic support for accessing security information and applying security constraints in JSPs.

Maven Dependencies

First of all, let’s add the spring-security-taglibs dependency to our pom.xml:

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-taglibs</artifactId>
    <version>5.1.5.RELEASE</version>
</dependency>

Declaring the Taglibs

Now, before we can use the tags, we need to import the taglib at the top of our JSP file:

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

After adding this, we’ll be able to specify Spring Security’s tags with the sec prefix.

How to Get Current Logged In Username in JSP using Spring Security

The currently authenticated principal or user can access in JSP pages, by leveraging the spring security taglib support. First, we need to define the tag in the page:

<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>

Next, we can refer to the principal:

<security:authorize access="isAuthenticated()">
    authenticated as <security:authentication property="principal.username" /> 
</security:authorize>

Let's understand the above spring security tags in briefly.

Spring provides basically 3 tags for securing view layer information i.e.

1. authorize tag
2. authenticate tag
3. accesscontrollist tag

1. authorize tag

This tag is used to determine whether its contents should be evaluated or not. This tag has two flavors i.e. securing information based on user’s role or securing information based on user’s permission to access a particular URL.

<security:authorize access="isAuthenticated()">

2. authenticate tag

This tag allows access to the current Authentication object stored in the security context. It renders a property of the object directly in the JSP. So, for example, if the principal property of the Authentication is an instance of Spring Security’s UserDetails object, then using <sec:authentication property=”principal.username”></sec:authentication> will render the name of the current user.

This tag is not for security purpose directly, but it can be used for accessing information which can be used for view layer security.

<security:authentication property="principal.username" />

3. accesscontrollist tag

This tag is only valid when used with Spring Security’s ACL module. It checks a comma-separated list of required permissions for a specified domain object. If the current user has any of those permissions, then the tag body will be evaluated. If they don’t, it will be skipped.

<sec:accesscontrollist hasPermission="1,2" domainObject="someObject">
    This will be shown if the user has either of the permissions
    represented by the values "1" or "2" on the given object.
</sec:accesscontrollist>

Related Tutorials

• Spring Security Basic Authentication

• Spring Security In-Memory Authentication

• Spring Security Form-Based Authentication

• Difference Between Basic Authentication and Form Based Authentication

• Spring Security Custom Login Page

• Spring Security Login Form Example with Database Authentication
  

• Spring Boot Login REST API

• Login and Registration REST API using Spring Boot, Spring Security, Hibernate, and MySQL Database

• Spring Boot User Registration and Login Example Tutorial

My Top and Bestseller Udemy Courses. The sale is going on with a 70 - 80% discount. The discount coupon has been added to each course below:

Build REST APIs with Spring Boot 4, Spring Security 7, and JWT

🆕 High-Demand 80–90% OFF

[NEW] Learn Apache Maven with IntelliJ IDEA and Java 25

🆕 High-Demand 80–90% OFF

ChatGPT + Generative AI + Prompt Engineering for Beginners

🚀 Trending Now 80–90% OFF

Spring 7 and Spring Boot 4 for Beginners (Includes 8 Projects)

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Building Real-Time REST APIs with Spring Boot - Blog App

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Building Microservices with Spring Boot and Spring Cloud

🌟 Top Rated 80–90% OFF
Available in Udemy for Business

Java Full-Stack Developer Course with Spring Boot and React JS

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Build 5 Spring Boot Projects with Java: Line-by-Line Coding

🌟 Top Rated 80–90% OFF

Testing Spring Boot Application with JUnit and Mockito

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Spring Boot Thymeleaf Real-Time Web Application - Blog App

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Master Spring Data JPA with Hibernate

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Spring Boot + Apache Kafka Course - The Practical Guide

🎓 Student Favorite 80–90% OFF
Available in Udemy for Business

Java Testing: Mastering JUnit 5 Framework

🆕 New 80–90% OFF

Reactive Programming in Java: Spring WebFlux and Testing

🌟 Top Rated 80–90% OFF

Spring Boot + RabbitMQ Course - The Practical Guide

🌟 Top Rated 80–90% OFF
Available in Udemy for Business

Functional Programming in Java (Includes Java Collections)

🎓 Student Favorite 80–90% OFF

ChatGPT for Java Developers: Boost Your Productivity with AI

🚀 Trending Now 80–90% OFF