Spring Security判断用户是否已经登录

最新推荐文章于 2023-05-13 13:06:57 发布

sunsides

最新推荐文章于 2023-05-13 13:06:57 发布

阅读量7.2k

点赞数 2

分类专栏： Spring实践技术笔记文章标签： spring security

技术笔记同时被 2 个专栏收录

111 篇文章 0 订阅

订阅专栏

Spring实践

13 篇文章 0 订阅

订阅专栏

方法一、JSP中检查user principal

<c:if test="${pageContext.request.userPrincipal.name != null}">
    <label>
     Hi ${pageContext.request.userPrincipal.name} ! Welcome to our site
    </label>
</c:if>

<c:choose>
  <c:when test="${pageContext.request.userPrincipal.authenticated}">Show something</c:when>
  <c:otherwise>Show something else</c:otherwise>
</c:choose>

方法二、检查角色

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

    <sec:authorize access="hasAnyAuthority('ROLE_ADMIN', 'ROLE_USER')" var="isAuthenticated">
    </sec:authorize>

    <c:out value="${isAuthenticated}"/>

和这个

<sec:authorize access="hasAnyRole('ROLE_ADMIN')">
    <a href="delete/${file.id}">Delete</a>
</sec:authorize>

方法三、还是查询用户

Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 
if (!(auth instanceof AnonymousAuthenticationToken)) { 
     // do something...
}

方法四、使用标签库

<%@taglib uri="http://www.springframework.org/security/tags" prefix="sec"%>
<sec:authorize access="isAuthenticated()">
    <% response.sendRedirect("main"); %>
</sec:authorize>

方法五、使用注解

需要：<global-method-security secured-annotations="enabled" />

@Secured("ROLE_ADMIN")
@RequestMapping(params = "onlyForAdmins")    
public ModelAndView onlyForAdmins() {
    ....
}

 @PreAuthorize("isAuthenticated()")
 @RequestMapping(params = "onlyForAuthenticated")
 public ModelAndView onlyForAuthenticatedUsers() {
     ....
 }

方法六、编程

 SecurityContextHolder.getContext().getAuthentication() != null &&
 SecurityContextHolder.getContext().getAuthentication().isAuthenticated() &&
 //when Anonymous Authentication is enabled
 !(SecurityContextHolder.getContext().getAuthentication() 
          instanceof AnonymousAuthenticationToken) 


if (SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
  System.out.println("LOGGED IN");
  } else {
  System.out.println("NOT LOGGED IN");
}


if (!SecurityContextHolder.getContext().getAuthentication().getName().
  equals("anonymousUser")) {
  System.out.println("LOGGED IN");
  } else {
  System.out.println("NOT LOGGED IN");
}

sunsides

关注

2
点赞
踩
5

收藏

觉得还不错? 一键收藏
4
评论
Spring Security判断用户是否已经登录

方法一、JSP中检查user principal&lt;c:if test="${pageContext.request.userPrincipal.name != null}"&gt; &lt;label&gt; Hi ${pageContext.request.userPrincipal.name} ! Welcome to our site &lt;/...
复制链接

扫一扫