When using Spring Security what is the proper way to obtain current username i e SecurityContext information in a bean

Question

I have a Spring MVC web app which uses Spring Security   I want to know the username of the currently logged in user   I m using the code snippet given below    Is this the accepted way     I don t like having a call to a static method inside this controller - that defeats the whole purpose of Spring  IMHO   Is there a way to configure the app to have the current SecurityContext  or current Authentication  injected instead        RequestMapping method   RequestMethod GET    public ModelAndView showResults final HttpServletRequest request           final String currentUser   SecurityContextHolder getContext   getAuthentication   getName

User · Answer

If you are using Spring Security ver    3 2  you can use the  AuthenticationPrincipal annotation    RequestMapping method   RequestMethod GET  public ModelAndView showResults  AuthenticationPrincipal CustomUser currentUser  HttpServletRequest request        String currentUsername   currentUser getUsername                   Here  CustomUser is a custom object that implements UserDetails that is returned by a custom UserDetailsService   More information can be found in the  AuthenticationPrincipal chapter of the Spring Security reference docs

User · Answer

If you are using Spring 3  the easiest way is     RequestMapping method   RequestMethod GET      public ModelAndView showResults final HttpServletRequest request  Principal principal          final String currentUser   principal getName

User · Answer

For the last Spring MVC app I wrote  I didn t inject the SecurityContext holder  but I did have a base controller that I had two utility methods related to this      isAuthenticated    amp  getUsername    Internally they do the static method call you described   At least then it s only in once place if you need to later refactor

User · Answer

Try this     Authentication authentication     SecurityContextHolder getContext   getAuthentication      String userName   authentication getName

User · Answer

A lot has changed in the Spring world since this question was answered  Spring has simplified getting the current user in a controller  For other beans  Spring has adopted the suggestions of the author and simplified the injection of  SecurityContextHolder   More details are in the comments     This is the solution I ve ended up going with   Instead of using SecurityContextHolder in my controller  I want to inject something which uses SecurityContextHolder under the hood but abstracts away that singleton-like class from my code   I ve found no way to do this other than rolling my own interface  like so   public interface SecurityContextFacade      SecurityContext getContext       void setContext SecurityContext securityContext        Now  my controller  or whatever POJO  would look like this   public class FooController      private final SecurityContextFacade securityContextFacade     public FooController SecurityContextFacade securityContextFacade        this securityContextFacade   securityContextFacade         public void doSomething        SecurityContext context   securityContextFacade getContext           do something w  context          And  because of the interface being a point of decoupling  unit testing is straightforward  In this example I use Mockito   public class FooControllerTest      private FooController controller    private SecurityContextFacade mockSecurityContextFacade    private SecurityContext mockSecurityContext      Before   public void setUp   throws Exception       mockSecurityContextFacade   mock SecurityContextFacade class       mockSecurityContext   mock SecurityContext class       stub mockSecurityContextFacade getContext    toReturn mockSecurityContext       controller   new FooController mockSecurityContextFacade           Test   public void testDoSomething         controller doSomething        verify mockSecurityContextFacade  getContext             The default implementation of the interface looks like this   public class SecurityContextHolderFacade implements SecurityContextFacade      public SecurityContext getContext         return SecurityContextHolder getContext           public void setContext SecurityContext securityContext        SecurityContextHolder setContext securityContext            And  finally  the production Spring config looks like this    lt bean id  myController  class  com foo FooController  gt              lt constructor-arg index  1  gt       lt bean class  com foo SecurityContextHolderFacade  gt     lt  constructor-arg gt   lt  bean gt    It seems more than a little silly that Spring  a dependency injection container of all things  has not supplied a way to inject something similar   I understand SecurityContextHolder was inherited from acegi  but still   The thing is  they re so close - if only SecurityContextHolder had a getter to get the underlying SecurityContextHolderStrategy instance  which is an interface   you could inject that   In fact  I even opened a Jira issue to that effect   One last thing - I ve just substantially changed the answer I had here before   Check the history if you re curious but  as a coworker pointed out to me  my previous answer would not work in a multi-threaded environment   The underlying SecurityContextHolderStrategy used by SecurityContextHolder is  by default  an instance of ThreadLocalSecurityContextHolderStrategy  which stores SecurityContexts in a ThreadLocal   Therefore  it is not necessarily a good idea to inject the SecurityContext directly into a bean at initialization time - it may need to be retrieved from the ThreadLocal each time  in a multi-threaded environment  so the correct one is retrieved

User · Answer

In Spring 3  you have have following options   Option 1      RequestMapping method   RequestMethod GET      public String currentUserNameByPrincipal Principal principal        return principal getName        Option 2      RequestMapping method   RequestMethod GET  public String currentUserNameByAuthentication Authentication authentication        return authentication getName        Option 3    RequestMapping method   RequestMethod GET      public String currentUserByHTTPRequest HttpServletRequest request        return request getUserPrincipal   getName         Option 4   Fancy one   Check this out for more details  public ModelAndView someRequestHandler  ActiveUser User activeUser

User · Answer

I get authenticated user by HttpServletRequest getUserPrincipal     Example   import javax servlet http HttpServletRequest   import org springframework beans factory annotation Autowired  import org springframework security web authentication preauth RequestHeaderAuthenticationFilter  import org springframework stereotype Controller  import org springframework ui Model  import org springframework web bind annotation RequestMapping  import org springframework web bind annotation RequestMethod  import org springframework web servlet support RequestContext   import foo Form    Controller  RequestMapping value   welcome   public class IndexController         RequestMapping method RequestMethod GET      public String getCreateForm Model model  HttpServletRequest request             if request getUserPrincipal      null                String loginName   request getUserPrincipal   getName                System out println  loginName       loginName                       model addAttribute  form   new Form             return  welcome

User · Answer

You could use Spring AOP aproach  For example if you have some service  that needs to know current principal  You could introduce custom annotation i e   Principal   which indicate that this Service should be principal dependent   public class SomeService       private String principal       Principal     public setPrincipal String principal           this principal principal            Then in your  advice  which I think needs to extend MethodBeforeAdvice  check that particular service has  Principal annotation and inject Principal name  or set it to  ANONYMOUS  instead

User · Answer

Yes  statics are generally bad - generally  but in this case  the static is the most secure code you can write   Since the security context associates a Principal with the currently running thread  the most secure code would access the static from the thread as directly as possible   Hiding the access behind a wrapper class that is injected provides an attacker with more points to attack   They wouldn t need access to the code  which they would have a hard time changing if the jar was signed   they just need a way to override the configuration  which can be done at runtime or slipping some XML onto the classpath   Even using annotation injection in the signed code would be overridable with external XML   Such XML could inject the running system with a rogue principal   This is probably why Spring is doing something so un-Spring-like in this case

User · Answer

Define Principal as a dependency in your controller method and spring will inject the current authenticated user in your method at invocation

User · Answer

You could use Spring AOP aproach  For example if you have some service  that needs to know current principal  You could introduce custom annotation i e   Principal   which indicate that this Service should be principal dependent   public class SomeService       private String principal       Principal     public setPrincipal String principal           this principal principal            Then in your  advice  which I think needs to extend MethodBeforeAdvice  check that particular service has  Principal annotation and inject Principal name  or set it to  ANONYMOUS  instead

User · Answer

For the last Spring MVC app I wrote  I didn t inject the SecurityContext holder  but I did have a base controller that I had two utility methods related to this      isAuthenticated    amp  getUsername    Internally they do the static method call you described   At least then it s only in once place if you need to later refactor

User · Answer

The only problem is that even after authenticating with Spring Security  the user principal bean doesn t exist in the container  so dependency-injecting it will be difficult   Before we used Spring Security we would create a session-scoped bean that had the current Principal  inject that into an  AuthService  and then inject that Service into most of the other services in the Application   So those Services would simply call authService getCurrentUser   to get the object   If you have a place in your code where you get a reference to the same Principal in the session  you can simply set it as a property on your session-scoped bean

User · Answer

If you are using Spring Security ver    3 2  you can use the  AuthenticationPrincipal annotation    RequestMapping method   RequestMethod GET  public ModelAndView showResults  AuthenticationPrincipal CustomUser currentUser  HttpServletRequest request        String currentUsername   currentUser getUsername                   Here  CustomUser is a custom object that implements UserDetails that is returned by a custom UserDetailsService   More information can be found in the  AuthenticationPrincipal chapter of the Spring Security reference docs

User · Answer

To make it just show up in your JSP pages  you can use the Spring Security Tag Lib   http   static springsource org spring-security site docs 3 0 x reference taglibs html  To use any of the tags  you must have the security taglib declared in your JSP    lt    taglib prefix  security  uri  http   www springframework org security tags    gt    Then in a jsp page do something like this    lt security authorize access  isAuthenticated    gt      logged in as  lt security authentication property  principal username    gt    lt  security authorize gt    lt security authorize access    isAuthenticated    gt      not logged in  lt  security authorize gt    NOTE  As mentioned in the comments by  SBerg413  you ll need to add      use-expressions  true    to the  http  tag in the security xml config for this to work

User · Answer

Yes  statics are generally bad - generally  but in this case  the static is the most secure code you can write   Since the security context associates a Principal with the currently running thread  the most secure code would access the static from the thread as directly as possible   Hiding the access behind a wrapper class that is injected provides an attacker with more points to attack   They wouldn t need access to the code  which they would have a hard time changing if the jar was signed   they just need a way to override the configuration  which can be done at runtime or slipping some XML onto the classpath   Even using annotation injection in the signed code would be overridable with external XML   Such XML could inject the running system with a rogue principal   This is probably why Spring is doing something so un-Spring-like in this case

User · Answer

I am using the  AuthenticationPrincipal annotation in  Controller classes as well as in  ControllerAdvicer annotated ones  Ex     ControllerAdvice public class ControllerAdvicer       private static final Logger LOGGER   LoggerFactory getLogger ControllerAdvicer class          ModelAttribute  userActive       public UserActive currentUser  AuthenticationPrincipal UserActive currentUser                return currentUser            Where UserActive is the class i use for logged users services  and extends from org springframework security core userdetails User  Something like   public class UserActive extends org springframework security core userdetails User        private final User user       public UserActive User user                super user getUsername    user getPasswordHash    user getGrantedAuthorities             this user   user                More functions     Really easy

User · Answer

I agree that having to query the SecurityContext for the current user stinks  it seems a very un-Spring way to handle this problem   I wrote a static  helper  class to deal with this problem  it s dirty in that it s a global and static method  but I figured this way if we change anything related to Security  at least I only have to change the details in one place         Returns the domain User object for the currently logged in user  or null   if no User is logged in        return User object for the currently logged in user  or null if no User           is logged in     public static User getCurrentUser          Object principal   SecurityContextHolder getContext   getAuthentication   getPrincipal        if  principal instanceof MyUserDetails  return   MyUserDetails  principal  getUser            principal object is either null or represents anonymous user -        neither of which our domain User object can represent - so return null     return null             Utility method to determine if the current user is logged in      authenticated      lt p gt     Equivalent of calling      lt p gt      lt code gt getCurrentUser      null lt  code gt          return if user is logged in     public static boolean isLoggedIn         return getCurrentUser      null

User · Answer

If you are using Spring 3  the easiest way is     RequestMapping method   RequestMethod GET      public ModelAndView showResults final HttpServletRequest request  Principal principal          final String currentUser   principal getName

User · Answer

I agree that having to query the SecurityContext for the current user stinks  it seems a very un-Spring way to handle this problem   I wrote a static  helper  class to deal with this problem  it s dirty in that it s a global and static method  but I figured this way if we change anything related to Security  at least I only have to change the details in one place         Returns the domain User object for the currently logged in user  or null   if no User is logged in        return User object for the currently logged in user  or null if no User           is logged in     public static User getCurrentUser          Object principal   SecurityContextHolder getContext   getAuthentication   getPrincipal        if  principal instanceof MyUserDetails  return   MyUserDetails  principal  getUser            principal object is either null or represents anonymous user -        neither of which our domain User object can represent - so return null     return null             Utility method to determine if the current user is logged in      authenticated      lt p gt     Equivalent of calling      lt p gt      lt code gt getCurrentUser      null lt  code gt          return if user is logged in     public static boolean isLoggedIn         return getCurrentUser      null

User · Answer

The only problem is that even after authenticating with Spring Security  the user principal bean doesn t exist in the container  so dependency-injecting it will be difficult   Before we used Spring Security we would create a session-scoped bean that had the current Principal  inject that into an  AuthService  and then inject that Service into most of the other services in the Application   So those Services would simply call authService getCurrentUser   to get the object   If you have a place in your code where you get a reference to the same Principal in the session  you can simply set it as a property on your session-scoped bean

User · Answer

The best solution if you are using Spring 3 and need the authenticated principal in your controller is to do something like this   import org springframework security authentication UsernamePasswordAuthenticationToken  import org springframework security core userdetails User  import org springframework stereotype Controller  import org springframework ui Model        Controller     public class KnoteController            RequestMapping method   RequestMethod GET          public java lang String list Model uiModel  UsernamePasswordAuthenticationToken authToken                 if  authToken instanceof UsernamePasswordAuthenticationToken                    user    User  authToken getPrincipal

User · Answer

To make it just show up in your JSP pages  you can use the Spring Security Tag Lib   http   static springsource org spring-security site docs 3 0 x reference taglibs html  To use any of the tags  you must have the security taglib declared in your JSP    lt    taglib prefix  security  uri  http   www springframework org security tags    gt    Then in a jsp page do something like this    lt security authorize access  isAuthenticated    gt      logged in as  lt security authentication property  principal username    gt    lt  security authorize gt    lt security authorize access    isAuthenticated    gt      not logged in  lt  security authorize gt    NOTE  As mentioned in the comments by  SBerg413  you ll need to add      use-expressions  true    to the  http  tag in the security xml config for this to work

User · Answer

The best solution if you are using Spring 3 and need the authenticated principal in your controller is to do something like this   import org springframework security authentication UsernamePasswordAuthenticationToken  import org springframework security core userdetails User  import org springframework stereotype Controller  import org springframework ui Model        Controller     public class KnoteController            RequestMapping method   RequestMethod GET          public java lang String list Model uiModel  UsernamePasswordAuthenticationToken authToken                 if  authToken instanceof UsernamePasswordAuthenticationToken                    user    User  authToken getPrincipal

User · Answer

For the last Spring MVC app I wrote  I didn t inject the SecurityContext holder  but I did have a base controller that I had two utility methods related to this      isAuthenticated    amp  getUsername    Internally they do the static method call you described   At least then it s only in once place if you need to later refactor

User · Answer

The only problem is that even after authenticating with Spring Security  the user principal bean doesn t exist in the container  so dependency-injecting it will be difficult   Before we used Spring Security we would create a session-scoped bean that had the current Principal  inject that into an  AuthService  and then inject that Service into most of the other services in the Application   So those Services would simply call authService getCurrentUser   to get the object   If you have a place in your code where you get a reference to the same Principal in the session  you can simply set it as a property on your session-scoped bean

User · Answer

In Spring 3  you have have following options   Option 1      RequestMapping method   RequestMethod GET      public String currentUserNameByPrincipal Principal principal        return principal getName        Option 2      RequestMapping method   RequestMethod GET  public String currentUserNameByAuthentication Authentication authentication        return authentication getName        Option 3    RequestMapping method   RequestMethod GET      public String currentUserByHTTPRequest HttpServletRequest request        return request getUserPrincipal   getName         Option 4   Fancy one   Check this out for more details  public ModelAndView someRequestHandler  ActiveUser User activeUser

User · Answer

You could use Spring AOP aproach  For example if you have some service  that needs to know current principal  You could introduce custom annotation i e   Principal   which indicate that this Service should be principal dependent   public class SomeService       private String principal       Principal     public setPrincipal String principal           this principal principal            Then in your  advice  which I think needs to extend MethodBeforeAdvice  check that particular service has  Principal annotation and inject Principal name  or set it to  ANONYMOUS  instead

User · Answer

Try this     Authentication authentication     SecurityContextHolder getContext   getAuthentication      String userName   authentication getName

User · Answer

Define Principal as a dependency in your controller method and spring will inject the current authenticated user in your method at invocation

User · Answer

The only problem is that even after authenticating with Spring Security  the user principal bean doesn t exist in the container  so dependency-injecting it will be difficult   Before we used Spring Security we would create a session-scoped bean that had the current Principal  inject that into an  AuthService  and then inject that Service into most of the other services in the Application   So those Services would simply call authService getCurrentUser   to get the object   If you have a place in your code where you get a reference to the same Principal in the session  you can simply set it as a property on your session-scoped bean

User · Answer

A lot has changed in the Spring world since this question was answered  Spring has simplified getting the current user in a controller  For other beans  Spring has adopted the suggestions of the author and simplified the injection of  SecurityContextHolder   More details are in the comments     This is the solution I ve ended up going with   Instead of using SecurityContextHolder in my controller  I want to inject something which uses SecurityContextHolder under the hood but abstracts away that singleton-like class from my code   I ve found no way to do this other than rolling my own interface  like so   public interface SecurityContextFacade      SecurityContext getContext       void setContext SecurityContext securityContext        Now  my controller  or whatever POJO  would look like this   public class FooController      private final SecurityContextFacade securityContextFacade     public FooController SecurityContextFacade securityContextFacade        this securityContextFacade   securityContextFacade         public void doSomething        SecurityContext context   securityContextFacade getContext           do something w  context          And  because of the interface being a point of decoupling  unit testing is straightforward  In this example I use Mockito   public class FooControllerTest      private FooController controller    private SecurityContextFacade mockSecurityContextFacade    private SecurityContext mockSecurityContext      Before   public void setUp   throws Exception       mockSecurityContextFacade   mock SecurityContextFacade class       mockSecurityContext   mock SecurityContext class       stub mockSecurityContextFacade getContext    toReturn mockSecurityContext       controller   new FooController mockSecurityContextFacade           Test   public void testDoSomething         controller doSomething        verify mockSecurityContextFacade  getContext             The default implementation of the interface looks like this   public class SecurityContextHolderFacade implements SecurityContextFacade      public SecurityContext getContext         return SecurityContextHolder getContext           public void setContext SecurityContext securityContext        SecurityContextHolder setContext securityContext            And  finally  the production Spring config looks like this    lt bean id  myController  class  com foo FooController  gt              lt constructor-arg index  1  gt       lt bean class  com foo SecurityContextHolderFacade  gt     lt  constructor-arg gt   lt  bean gt    It seems more than a little silly that Spring  a dependency injection container of all things  has not supplied a way to inject something similar   I understand SecurityContextHolder was inherited from acegi  but still   The thing is  they re so close - if only SecurityContextHolder had a getter to get the underlying SecurityContextHolderStrategy instance  which is an interface   you could inject that   In fact  I even opened a Jira issue to that effect   One last thing - I ve just substantially changed the answer I had here before   Check the history if you re curious but  as a coworker pointed out to me  my previous answer would not work in a multi-threaded environment   The underlying SecurityContextHolderStrategy used by SecurityContextHolder is  by default  an instance of ThreadLocalSecurityContextHolderStrategy  which stores SecurityContexts in a ThreadLocal   Therefore  it is not necessarily a good idea to inject the SecurityContext directly into a bean at initialization time - it may need to be retrieved from the ThreadLocal each time  in a multi-threaded environment  so the correct one is retrieved

User · Answer

I am using the  AuthenticationPrincipal annotation in  Controller classes as well as in  ControllerAdvicer annotated ones  Ex     ControllerAdvice public class ControllerAdvicer       private static final Logger LOGGER   LoggerFactory getLogger ControllerAdvicer class          ModelAttribute  userActive       public UserActive currentUser  AuthenticationPrincipal UserActive currentUser                return currentUser            Where UserActive is the class i use for logged users services  and extends from org springframework security core userdetails User  Something like   public class UserActive extends org springframework security core userdetails User        private final User user       public UserActive User user                super user getUsername    user getPasswordHash    user getGrantedAuthorities             this user   user                More functions     Really easy

User · Answer

I agree that having to query the SecurityContext for the current user stinks  it seems a very un-Spring way to handle this problem   I wrote a static  helper  class to deal with this problem  it s dirty in that it s a global and static method  but I figured this way if we change anything related to Security  at least I only have to change the details in one place         Returns the domain User object for the currently logged in user  or null   if no User is logged in        return User object for the currently logged in user  or null if no User           is logged in     public static User getCurrentUser          Object principal   SecurityContextHolder getContext   getAuthentication   getPrincipal        if  principal instanceof MyUserDetails  return   MyUserDetails  principal  getUser            principal object is either null or represents anonymous user -        neither of which our domain User object can represent - so return null     return null             Utility method to determine if the current user is logged in      authenticated      lt p gt     Equivalent of calling      lt p gt      lt code gt getCurrentUser      null lt  code gt          return if user is logged in     public static boolean isLoggedIn         return getCurrentUser      null

User · Answer

I like to share my way of supporting user details on freemarker page  Everything is very simple and working perfectly   You just have to place Authentication rerequest on default-target-url  page after form-login  This is my Controler method for that page    RequestMapping value     monitoring   method   RequestMethod GET  public ModelAndView getMonitoringPage Model model  final HttpServletRequest request        showRequestLog  monitoring          Authentication authentication   SecurityContextHolder getContext   getAuthentication        String userName   authentication getName          create a new session     HttpSession session   request getSession true       session setAttribute  username   userName        return new ModelAndView catalogPath    monitoring        And this is my ftl code    lt  security authorize ifAnyGranted  ROLE ADMIN  ROLE USER  gt   lt p style  padding-right  20px   gt Logged in as   username  Anonymous    lt  p gt   lt   security authorize gt     And that s it  username will appear on every page after authorisation

User · Answer

You could use Spring AOP aproach  For example if you have some service  that needs to know current principal  You could introduce custom annotation i e   Principal   which indicate that this Service should be principal dependent   public class SomeService       private String principal       Principal     public setPrincipal String principal           this principal principal            Then in your  advice  which I think needs to extend MethodBeforeAdvice  check that particular service has  Principal annotation and inject Principal name  or set it to  ANONYMOUS  instead

User · Answer

I would just do this   request getRemoteUser

User · Answer

For the last Spring MVC app I wrote  I didn t inject the SecurityContext holder  but I did have a base controller that I had two utility methods related to this      isAuthenticated    amp  getUsername    Internally they do the static method call you described   At least then it s only in once place if you need to later refactor

User · Answer

I get authenticated user by HttpServletRequest getUserPrincipal     Example   import javax servlet http HttpServletRequest   import org springframework beans factory annotation Autowired  import org springframework security web authentication preauth RequestHeaderAuthenticationFilter  import org springframework stereotype Controller  import org springframework ui Model  import org springframework web bind annotation RequestMapping  import org springframework web bind annotation RequestMethod  import org springframework web servlet support RequestContext   import foo Form    Controller  RequestMapping value   welcome   public class IndexController         RequestMapping method RequestMethod GET      public String getCreateForm Model model  HttpServletRequest request             if request getUserPrincipal      null                String loginName   request getUserPrincipal   getName                System out println  loginName       loginName                       model addAttribute  form   new Form             return  welcome

User · Answer

I like to share my way of supporting user details on freemarker page  Everything is very simple and working perfectly   You just have to place Authentication rerequest on default-target-url  page after form-login  This is my Controler method for that page    RequestMapping value     monitoring   method   RequestMethod GET  public ModelAndView getMonitoringPage Model model  final HttpServletRequest request        showRequestLog  monitoring          Authentication authentication   SecurityContextHolder getContext   getAuthentication        String userName   authentication getName          create a new session     HttpSession session   request getSession true       session setAttribute  username   userName        return new ModelAndView catalogPath    monitoring        And this is my ftl code    lt  security authorize ifAnyGranted  ROLE ADMIN  ROLE USER  gt   lt p style  padding-right  20px   gt Logged in as   username  Anonymous    lt  p gt   lt   security authorize gt     And that s it  username will appear on every page after authorisation

User · Answer

I would just do this   request getRemoteUser

User · Answer

I agree that having to query the SecurityContext for the current user stinks  it seems a very un-Spring way to handle this problem   I wrote a static  helper  class to deal with this problem  it s dirty in that it s a global and static method  but I figured this way if we change anything related to Security  at least I only have to change the details in one place         Returns the domain User object for the currently logged in user  or null   if no User is logged in        return User object for the currently logged in user  or null if no User           is logged in     public static User getCurrentUser          Object principal   SecurityContextHolder getContext   getAuthentication   getPrincipal        if  principal instanceof MyUserDetails  return   MyUserDetails  principal  getUser            principal object is either null or represents anonymous user -        neither of which our domain User object can represent - so return null     return null             Utility method to determine if the current user is logged in      authenticated      lt p gt     Equivalent of calling      lt p gt      lt code gt getCurrentUser      null lt  code gt          return if user is logged in     public static boolean isLoggedIn         return getCurrentUser      null

[java] When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?

Examples related to java

Examples related to spring

Examples related to spring-mvc

Examples related to spring-security