0
点赞
收藏
分享

微信扫一扫

Spring Security判断用户是否已经登录


方法一、JSP中检查user principal

<c:if test="${pageContext.request.userPrincipal.name != null}">

<label>

Hi ${pageContext.request.userPrincipal.name} ! Welcome to our site

</label>

</c:if>


<c:choose>

<c:when test="${pageContext.request.userPrincipal.authenticated}">Show something</c:when>

<c:otherwise>Show something else</c:otherwise>

</c:choose>


方法二、检查角色

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>


<sec:authorize access="hasAnyAuthority('ROLE_ADMIN', 'ROLE_USER')" var="isAuthenticated">

</sec:authorize>


<c:out value="${isAuthenticated}"/>


和这个

<sec:authorize access="hasAnyRole('ROLE_ADMIN')">

<a href="delete/${file.id}">Delete</a>

</sec:authorize>


方法三、 还是查询用户

Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 

if (!(auth instanceof AnonymousAuthenticationToken)) {

// do something...

}


方法四、 使用标签库

<%@taglib uri="http://www.springframework.org/security/tags" prefix="sec"%>

<sec:authorize access="isAuthenticated()">

<% response.sendRedirect("main"); %>

</sec:authorize>


方法五、 使用注解

需要:<global-method-security secured-annotations="enabled" />

@Secured("ROLE_ADMIN")

@RequestMapping(params = "onlyForAdmins")

public ModelAndView onlyForAdmins() {

....

}


@PreAuthorize("isAuthenticated()")

@RequestMapping(params = "onlyForAuthenticated")

public ModelAndView onlyForAuthenticatedUsers() {

....

}


方法六、 编程

SecurityContextHolder.getContext().getAuthentication() != null &&

SecurityContextHolder.getContext().getAuthentication().isAuthenticated() &&

//when Anonymous Authentication is enabled

!(SecurityContextHolder.getContext().getAuthentication()

instanceof AnonymousAuthenticationToken)



if (SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {

System.out.println("LOGGED IN");

} else {

System.out.println("NOT LOGGED IN");

}



if (!SecurityContextHolder.getContext().getAuthentication().getName().

equals("anonymousUser")) {

System.out.println("LOGGED IN");

} else {

System.out.println("NOT LOGGED IN");

}

举报

相关推荐

0 条评论