How to Get User Information in Spring Security

🎓 Top 15 Udemy Courses (80-90% Discount): My Udemy Courses - Ramesh Fadatare — All my Udemy courses are real-time and project oriented courses.

▶️ Subscribe to My YouTube Channel (178K+ subscribers): Java Guides on YouTube

▶️ For AI, ChatGPT, Web, Tech, and Generative AI, subscribe to another channel: Ramesh Fadatare on YouTube

Retrieving user information in a Spring Security application is essential for many functionalities such as personalizing user experiences, auditing, and logging activities. This tutorial will guide you through setting up a Spring Boot 3.2 application with Spring Security 6.1 and demonstrating how to retrieve authenticated user information.

Prerequisites

• JDK 17 or later
• Maven or Gradle
• IDE (IntelliJ IDEA, Eclipse, etc.)

Step 1: Set Up a Spring Boot Project

1.1 Create a New Spring Boot Project

Use Spring Initializr to create a new project with the following dependencies:

• Spring Web
• Spring Security
• Thymeleaf (optional, for the frontend)

Download and unzip the project, then open it in your IDE.

1.2 Configure application.properties

Set up the application properties for your project. This file is located in the src/main/resources directory.

# src/main/resources/application.properties

# Server port
server.port=8080

# Thymeleaf configuration (optional)
spring.thymeleaf.cache=false

Step 2: Configure Spring Security

2.1 Create a Security Configuration Class

Create a configuration class to set up Spring Security.

package com.example.demo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
public class SecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
            .authorizeHttpRequests(authorizeRequests ->
                authorizeRequests
                    .requestMatchers("/login", "/resources/**").permitAll()
                    .anyRequest().authenticated()
            )
            .formLogin(formLogin ->
                formLogin
                    .loginPage("/login")
                    .permitAll()
            )
            .logout(logout ->
                logout
                    .logoutUrl("/logout")
                    .logoutSuccessUrl("/login?logout")
                    .permitAll()
            );

        return http.build();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        UserDetails user = User.builder()
            .username("user")
            .password("{noop}password")
            .roles("USER")
            .build();

        UserDetails admin = User.builder()
            .username("admin")
            .password("{noop}admin")
            .roles("ADMIN")
            .build();

        return new InMemoryUserDetailsManager(user, admin);
    }
}

Explanation:

• SecurityFilterChain: Configures the security filter chain.
• authorizeHttpRequests: Defines URL authorization.
• formLogin: Configures form-based login.
• logout: Configures logout functionality.
• UserDetailsService: Provides user details for authentication. Here, an in-memory user store is used.

Step 3: Create the Login and Home Pages

3.1 Create the Login Page

Create a login page using Thymeleaf. Create a file named login.html in the src/main/resources/templates directory.

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <title>Login</title>
</head>
<body>
    <h1>Login</h1>
    <form th:action="@{/login}" method="post">
        <div>
            <label>Username:</label>
            <input type="text" name="username"/>
        </div>
        <div>
            <label>Password:</label>
            <input type="password" name="password"/>
        </div>
        <div>
            <button type="submit">Login</button>
        </div>
    </form>
    <div th:if="${param.logout}">
        You have been logged out.
    </div>
    <div th:if="${param.error}">
        Invalid username or password.
    </div>
</body>
</html>

3.2 Create the Home Page

Create a home page that will be accessible only to authenticated users. Create a file named home.html in the src/main/resources/templates directory.

<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<head>
    <title>Home</title>
</head>
<body>
    <h1>Welcome, <span th:text="${userDetails.username}">User</span>!</h1>
    <p>Your roles: <span th:text="${userDetails.authorities}"></span></p>
    <a th:href="@{/logout}">Logout</a>
</body>
</html>

Step 4: Create a Controller

4.1 Create the HomeController

Create a controller to handle requests to the login and home pages and to retrieve the authenticated user's information.

package com.example.demo.controller;

import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class HomeController {

    @GetMapping("/login")
    public String login() {
        return "login";
    }

    @GetMapping("/")
    public String home(@AuthenticationPrincipal UserDetails userDetails, Model model) {
        model.addAttribute("userDetails", userDetails);
        return "home";
    }
}

Explanation:

• @Controller: Marks the class as a web controller.
• @GetMapping("/login"): Maps GET requests for the login page.
• @GetMapping("/"): Maps GET requests for the home page.
• @AuthenticationPrincipal: Injects the currently authenticated UserDetails object.
• Model: Used to pass attributes to the view.

Step 5: Running and Testing the Application

5.1 Run the Application

Run the Spring Boot application using your IDE or the command line:

./mvnw spring-boot:run

5.2 Test the Login and User Information Retrieval

1. Open a web browser and navigate to http://localhost:8080.
2. You will be redirected to the login page.
3. Enter the username user and password password, and click the "Login" button.
4. You should be redirected to the home page and see a welcome message with the username and roles displayed.

Conclusion

In this tutorial, you have learned how to retrieve user information using Spring Security 6.1 in a Spring Boot 3.2 application. We covered:

• Setting up a Spring Boot project with Spring Security.
• Configuring Spring Security to handle login and user information retrieval.
• Creating login and home pages using Thymeleaf.
• Creating a controller to handle requests and retrieve authenticated user information.

By following these steps, you can effectively manage and retrieve user information in your Spring Boot applications using Spring Security.

My Top and Bestseller Udemy Courses. The sale is going on with a 70 - 80% discount. The discount coupon has been added to each course below:

Build REST APIs with Spring Boot 4, Spring Security 7, and JWT

🆕 High-Demand 80–90% OFF

[NEW] Learn Apache Maven with IntelliJ IDEA and Java 25

🆕 High-Demand 80–90% OFF

ChatGPT + Generative AI + Prompt Engineering for Beginners

🚀 Trending Now 80–90% OFF

Spring 7 and Spring Boot 4 for Beginners (Includes 8 Projects)

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Building Real-Time REST APIs with Spring Boot - Blog App

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Building Microservices with Spring Boot and Spring Cloud

🌟 Top Rated 80–90% OFF
Available in Udemy for Business

Java Full-Stack Developer Course with Spring Boot and React JS

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Build 5 Spring Boot Projects with Java: Line-by-Line Coding

🌟 Top Rated 80–90% OFF

Testing Spring Boot Application with JUnit and Mockito

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Spring Boot Thymeleaf Real-Time Web Application - Blog App

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Master Spring Data JPA with Hibernate

🔥 Bestseller 80–90% OFF
Available in Udemy for Business

Spring Boot + Apache Kafka Course - The Practical Guide

🎓 Student Favorite 80–90% OFF
Available in Udemy for Business

Java Testing: Mastering JUnit 5 Framework

🆕 New 80–90% OFF

Reactive Programming in Java: Spring WebFlux and Testing

🌟 Top Rated 80–90% OFF

Spring Boot + RabbitMQ Course - The Practical Guide

🌟 Top Rated 80–90% OFF
Available in Udemy for Business

Functional Programming in Java (Includes Java Collections)

🎓 Student Favorite 80–90% OFF

ChatGPT for Java Developers: Boost Your Productivity with AI

🚀 Trending Now 80–90% OFF