how to conditionally show jsp content to logged in users with Spring security

前端未结

关注

 8  1986

I want to show content to any user that is logged in and to hide if they are not logged in. I\'m using jsp\'s and spring security.

Obviously a home grown solution i

相关标签:

8条回答

野趣味

2020-12-07 13:01
the simplest i used to code this...
```
<%
if (request.getRemoteUser()== null) {%>  
    
<%}%>
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
清歌不尽

2020-12-07 13:03
The current version (3.1 perhaps even earlier) supports var parameters for saving the result into an attribute. By that you can code the following:
```
<sec:authorize var="loggedIn" access="isAuthenticated()" />
<c:choose>
    <c:when test="${loggedIn}">
        You are logged in
    </c:when>
    <c:otherwise>
        You are logged out
    </c:otherwise>
</c:choose>
```
0 讨论(0)
发布评论:

提交评论
- 加载中...

爱一瞬间的悲伤

2020-12-07 13:10

I've had success with the following:

    <sec:authorize ifAnyGranted="ROLE_ANONYMOUS">
        <td><a href="<c:url value="/login.htm"/>">Login</a></td>
    </sec:authorize>
    <sec:authorize ifNotGranted="ROLE_ANONYMOUS">
        <td><a href="<c:url value="/j_spring_security_logout"/>">Logout</a></td>
    </sec:authorize>

New roles can be added without affecting the logic here.

To bring this answer up to date with Spring Security 3, using the isAnonymous() and isAuthenticated() expressions have worked well in combination thus far to achieve the same thing. Here's an example:

<sec:authorize access="isAnonymous()">
    <form method="POST" action="<c:url value='j_spring_security_check'/>">
        Username: <input name="j_username" type="text" value="${SPRING_SECURITY_LAST_USERNAME}" /> 
        Password: <input name="j_password" type="password" /> 
        <input type="submit" value="Sign in" />
    </form>
</sec:authorize>
<sec:authorize access="isAuthenticated()">
    <a href="<c:url value="/j_spring_security_logout" />">Logout</a>
</sec:authorize>

0 讨论(0)

感情败类

2020-12-07 13:20

Here's how I am doing this:

<%@ page import="org.springframework.security.context.SecurityContextHolder" %>

<c:if test="<%=SecurityContextHolder.getContext().getAuthentication() != null %>">
    <!-- your secure content here -->
</c:if>

Let me know if this works for you too...

-aj

0 讨论(0)

天命终不由人

2020-12-07 13:22

How about:

<%@ taglib uri="http://acegisecurity.org/authz" prefix="authz" %>

<c:set var="authenticated" value="${false}"/>
<authz:authorize ifAllGranted="ROLE_USER">
    <c:set var="authenticated" value="${true}"/>
</authz:authorize>

<c:if test="${authenticated}">
<!-- your secure content here -->
</c:if>

0 讨论(0)

悲哀的现实

2020-12-07 13:25

You can use Spring EL in the tag <sec:authorize />, like this:

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

<sec:authorize access="isAuthenticated()">
   YES, you are logged in!
</sec:authorize>

0 讨论(0)

1 2 下一页