Package org.springframework.security.web.method.annotation

Class AuthenticationPrincipalArgumentResolver

java.lang.Object
org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver
All Implemented Interfaces:
org.springframework.web.method.support.HandlerMethodArgumentResolver
public final class AuthenticationPrincipalArgumentResolver extends Object implements org.springframework.web.method.support.HandlerMethodArgumentResolver
Allows resolving the Authentication.getPrincipal() using the AuthenticationPrincipal annotation. For example, the following Controller: 
 @Controller
 public class MyController {
     @MessageMapping("/im")
     public void im(@AuthenticationPrincipal CustomUser customUser) {
         // do something with CustomUser
     }
 }

Will resolve the CustomUser argument using Authentication.getPrincipal() from the SecurityContextHolder. If the Authentication or Authentication.getPrincipal() is null, it will return null. If the types do not match, null will be returned unless AuthenticationPrincipal.errorOnInvalidType() is true in which case a ClassCastException will be thrown.

Alternatively, users can create a custom meta annotation as shown below: 

 @Target({ ElementType.PARAMETER })
 @Retention(RetentionPolicy.RUNTIME)
 @AuthenticationPrincipal
 public @interface CurrentUser {
 }

The custom annotation can then be used instead. For example: 

 @Controller
 public class MyController {
     @MessageMapping("/im")
     public void im(@CurrentUser CustomUser customUser) {
         // do something with CustomUser
     }
 }
Since:
4.0

  • Constructor Details

    • AuthenticationPrincipalArgumentResolver

      public AuthenticationPrincipalArgumentResolver()

  • Method Details

    • supportsParameter

      public boolean supportsParameter(org.springframework.core.MethodParameter parameter)
      Specified by:
      supportsParameter in interface org.springframework.web.method.support.HandlerMethodArgumentResolver

    • resolveArgument

      public Object resolveArgument(org.springframework.core.MethodParameter parameter, org.springframework.web.method.support.ModelAndViewContainer mavContainer, org.springframework.web.context.request.NativeWebRequest webRequest, org.springframework.web.bind.support.WebDataBinderFactory binderFactory)
      Specified by:
      resolveArgument in interface org.springframework.web.method.support.HandlerMethodArgumentResolver

    • setBeanResolver

      public void setBeanResolver(org.springframework.expression.BeanResolver beanResolver)
      Sets the BeanResolver to be used on the expressions
      Parameters:
      beanResolver - the BeanResolver to use

    • setSecurityContextHolderStrategy

      public void setSecurityContextHolderStrategy(SecurityContextHolderStrategy securityContextHolderStrategy)
      Sets the SecurityContextHolderStrategy to use. The default action is to use the SecurityContextHolderStrategy stored in SecurityContextHolder.
      Since:
      5.8

    • setTemplateDefaults

      public void setTemplateDefaults(AnnotationTemplateExpressionDefaults templateDefaults)
      Configure AuthenticationPrincipal template resolution

      By default, this value is null, which indicates that templates should not be resolved.

      Parameters:
      templateDefaults - - whether to resolve AuthenticationPrincipal templates parameters
      Since:
      6.4