How to get current username in Spring Security?

In my earlier articles I have written about the basic spring security mechanism and how to use the login form to redirect the users. Before jumping on to the advanced details on spring security, lets learn about how to get the currently logged in user details. This example illustrates how to get the user details in the controller using the spring security API. Also this examples redirect to the different landing pages depends on the user names. This example is important to understand the advanced topics in my future articles. I will not explain the basic details on how to setup the environment to get started, I assume that readers are aware of the Spring MVC framework. If you are not familiar with Spring framework, please read our articles on Spring MVC, Spring Interceptor and Spring AOP. Please subscribe here to receive the future articles. provides the required API for retrieving the logged in user details. This class has the methods getAuthorities, getCredentials, getDetails, getPrincipal and getName. The last method getName is used for fetching the user name. You can try by executing the below example. The following snippet is another way we can query the user details:

Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (principal instanceof UserDetails) {
  String username = ((UserDetails)principal).getUsername();
} else {
  String username = principal.toString();

In the above code, SecurityContextHolder is used for getting the context of the current thread. Note that this is the primary interface in spring security which stores the user details across the multiple requests. By obtaining this interface, you can easily get the details of the user.

File : mvc-dispatcher-servlet.xml

<beans xmlns=""
	<context:component-scan base-package="com.spring.controller" />
	  <property name="prefix">
	  <property name="suffix">


File : web.xml

<web-app id="WebApp_ID" version="2.4"

	<display-name>Spring MVC Application</display-name>

	<!-- Spring MVC -->
	<!-- Spring Security -->

File : spring-security.xml

<beans:beans xmlns=""
	<http auto-config="true">
		<intercept-url pattern="/webapp*" access="ROLE_USER" />
			<user name="Spring" password="Spring" authorities="ROLE_USER" />

File :

package com.spring.controller;

import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

public class SpringSecurityController {

	@RequestMapping(method = RequestMethod.GET)
	public String printWelcome(ModelMap model) {
		Authentication authentication = SecurityContextHolder.getContext().
		String name = authentication.getName();
		System.out.println("User Name : "+name);
		model.addAttribute("message", "User Name : " + name);
		return "hello";



File : hello.jsp

	<h1>Message : ${message}</h1>



About Krishna Srinivasan

He is Founder and Chief Editor of JavaBeat. He has more than 8+ years of experience on developing Web applications. He writes about Spring, DOJO, JSF, Hibernate and many other emerging technologies in this blog.

  • Noel

    Good article.
    I have an application with a header, in that header I have the user name, but this user name is only present in my first page, If i change the page the user name disappears.
    I know tha I can get the user name with Principal, but I would like avoid write Principal in every controller. Are there other way to keep the name in the header?