Java 如何有条件地向具有 Spring 安全性的登录用户显示 jsp 内容
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1638170/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
how to conditionally show jsp content to logged in users with Spring security
提问by Pablojim
I want to show content to any user that is logged in and to hide if they are not logged in. I'm using jsp's and spring security.
我想向任何已登录的用户显示内容,如果他们未登录则隐藏。我正在使用 jsp 和 spring 安全性。
Obviously a home grown solution is easily done. But what's the cleanest standard way of achieving this?
显然,自制解决方案很容易完成。但实现这一目标的最干净的标准方法是什么?
Spring security tags don't seem to have nice way that will allow for the addition of new roles in the future.
Spring 安全标签似乎没有很好的方式来允许在未来添加新角色。
采纳答案by chrisjleu
I've had success with the following:
我在以下方面取得了成功:
<sec:authorize ifAnyGranted="ROLE_ANONYMOUS">
<td><a href="<c:url value="/login.htm"/>">Login</a></td>
</sec:authorize>
<sec:authorize ifNotGranted="ROLE_ANONYMOUS">
<td><a href="<c:url value="/j_spring_security_logout"/>">Logout</a></td>
</sec:authorize>
New roles can be added without affecting the logic here.
可以在不影响这里逻辑的情况下添加新角色。
To bring this answer up to date with Spring Security 3, using the isAnonymous()and isAuthenticated()expressions have worked well in combination thus far to achieve the same thing. Here's an example:
为了使这个答案与 Spring Security 3 保持同步,到目前为止,使用isAnonymous()和isAuthenticated()表达式可以很好地结合使用以实现相同的目的。下面是一个例子:
<sec:authorize access="isAnonymous()">
<form method="POST" action="<c:url value='j_spring_security_check'/>">
Username: <input name="j_username" type="text" value="${SPRING_SECURITY_LAST_USERNAME}" />
Password: <input name="j_password" type="password" />
<input type="submit" value="Sign in" />
</form>
</sec:authorize>
<sec:authorize access="isAuthenticated()">
<a href="<c:url value="/j_spring_security_logout" />">Logout</a>
</sec:authorize>
回答by AJ.
Here's how I am doing this:
这是我的做法:
<%@ page import="org.springframework.security.context.SecurityContextHolder" %>
<c:if test="<%=SecurityContextHolder.getContext().getAuthentication() != null %>">
<!-- your secure content here -->
</c:if>
Let me know if this works for you too...
让我知道这是否也适合你......
-aj
-aj
回答by Nes
How about:
怎么样:
<%@ taglib uri="http://acegisecurity.org/authz" prefix="authz" %>
<c:set var="authenticated" value="${false}"/>
<authz:authorize ifAllGranted="ROLE_USER">
<c:set var="authenticated" value="${true}"/>
</authz:authorize>
<c:if test="${authenticated}">
<!-- your secure content here -->
</c:if>
回答by Tommy Brettschneider
How 'bout this? - Spring 2.5 compliant ;-)
这个怎么样?- 符合 Spring 2.5 ;-)
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<security:authorize ifAllGranted="ROLE_USER">
Welcome <%= request.getUserPrincipal().getName() %>
<a href="<c:url value="/j_spring_security_logout"/>">Logout</a><br/>
</security:authorize>
回答by Joel S
You can use Spring EL in the tag <sec:authorize />, like this:
您可以在标签中使用 Spring EL <sec:authorize />,如下所示:
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<sec:authorize access="isAuthenticated()">
YES, you are logged in!
</sec:authorize>
回答by ewert
The current version (3.1 perhaps even earlier) supports var parameters for saving the result into an attribute. By that you can code the following:
当前版本(3.1 甚至更早版本)支持用于将结果保存到属性中的 var 参数。通过它,您可以编写以下代码:
<sec:authorize var="loggedIn" access="isAuthenticated()" />
<c:choose>
<c:when test="${loggedIn}">
You are logged in
</c:when>
<c:otherwise>
You are logged out
</c:otherwise>
</c:choose>
回答by mwendamseke
the simplest i used to code this...
我用来编码的最简单的......
<%
if (request.getRemoteUser()== null) {%>
<!-- put public-only information-->
<%}%>
回答by Moh-Othmanovic
you can use this inside jsp spring security tag
您可以在 jsp spring 安全标签中使用它
request.getUserPrincipal().getName()
