[英]How to determine on login page, if there is some user already logged?
Is there any way, how to determine, if there is anybody already logged when using Spring 3 MVC
+ Spring security
? 使用
Spring 3 MVC
+ Spring security
时,是否有任何方法可以确定是否已经登录? This is my security context: 这是我的安全上下文:
<beans xmlns:security="http://www.springframework.org/schema/security"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http pattern="/resources/**" security="none"/>
<security:http pattern="/login*" security="none" auto-config="true"/>
<security:http pattern="/denied" security="none"/>
<security:http auto-config="true" access-denied-page="/denied" servlet-api-provision="false">
<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/edit/**" access="ROLE_EDIT"/>
<security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<security:form-login login-page="/login" authentication-failure-url="/denied"
default-target-url="/"/>
<security:logout/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="adam" password="adampassword" authorities="ROLE_USER"/>
<security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/>
<security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
I can determine it ie on home page via 我可以通过主页来确定它
<%
User user = (User) SecurityContextHolder.getContext()
.getAuthentication().getPrincipal();
String username = user.getUsername();
%>
Nevertheless on login page it generates nullpointer exception.. :-/ 但是,在登录页面上它会生成nullpointer异常。
And when there is somebody already logged in and somebody tries to log in again, then the browser goes to myurl.com/home
page and I get 404 error, because the right address should be just myurl.com/
. 并且当有人已经登录并且有人尝试再次登录时,浏览器转到
myurl.com/home
页面,我收到404错误,因为正确的地址应该只是myurl.com/
。 When there is nobody logged in, then the browser redirects to right address. 当没有人登录时,浏览器将重定向到正确的地址。 Any ideas where can be a bug?
有什么想法可以解决错误吗?
My jsp page: 我的jsp页面:
<%@ page import="org.springframework.security.core.userdetails.User"%>
<%@ page import="org.springframework.security.core.context.SecurityContextHolder"%>
<%@ page import="java.util.Collection"%>
<%@ page import="javax.swing.text.AbstractDocument"%>
<%@ page import="org.springframework.security.core.GrantedAuthority"%>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
</head>
<body>
<div class="form">
<form name="f" action="j_spring_security_check" method="post">
<input type="text" id="username" class="input-block-level"
name="j_username" placeholder="Username"> <input
type="password" id="password" name="j_password"
class="input-block-level" placeholder="Password">
<button class="btn btn-large btn-primary" type="submit">Sign
in</button>
</form>
</div>
</body>
</html>
Spring Security contains a JSP Tag Library, wich can be imported by the next code: Spring Security包含一个JSP标签库,可以通过以下代码导入:
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
With that imported, you can use the jsp tag "sec" (for Security), 导入该文件后,您可以使用jsp标记“ sec”(用于安全性),
<sec:authorize access="isAuthenticated()">
... <!-- Code or message to show when user is authenticated -->
</sec:authorize>
Within the tag, you can run certain code, display tags or html. 在标记内,您可以运行某些代码,显示标记或html。
http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html
Within the jsp you can use 在jsp中,您可以使用
First question: 第一个问题:
<sec:authorize access="isAuthenticated()">
the user has logged in
</sec:authorize>
Second question: 第二个问题:
You get the 404 error when some body already logged in request the login page directly, because you restricted the access to this page: 当某些机构已经登录时直接请求登录页面时,您会收到404错误,因为您限制了对该页面的访问:
<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
One solution is to use permitAll
access restriction instead and the put some notice in the jsp for users that allready logged in: 一种解决方案是改为使用
permitAll
访问限制,并在jsp中为所有已经登录的用户添加一些注意事项:
<security:intercept-url pattern="/login*" access="permitAll"/>
login.jsp login.jsp
<sec:authorize access="isAuthenticated()">
you already logged in.
</sec:authorize>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.