Retrieve user session details by username

Question

Is there a way I can get details about a user's session (e.g. Authorities) by identifying the suer by the username or some other object?

I know that it is easy to get hold of these details for the current user (e.g. Collection<?> authorities = authentication.getAuthorities()) but is there any way I can do something like

Collection<?> authorities = authentication.getAuthoritiesByUsername('skn');

or

Collection<?> authorities = authentication.getAuthorities(principalObject);

The use case is that I need to get hold of user's session details through a REST API call.

Answer 1

Spring retrieves the authorities for a user via the org.springframework.security.core.userdetails.UserDetailsService interface.

You will typically provide a UserDetailsService implementation bean to the authentication manager, and the manager will make calls to the interface to retrieve user details.

Depending on how you have configured your service, it should be possible to inject the UserDetailsService into any other bean. At that point, you can simply call loadUserByUsername() to retrieve the UserDetails object for the user and then call getAuhtorities() on it.