如果用户登录（如果使用JSTL <if>语句），如何检查JSP，并显示用户名？

Question

I am aware there are many similar questions on SO - most of them referring to implement this concept with servlet filters.

I am using form based, declarative security approach. And, when some user, on login form enters his(or her) credentials (username and password), he is being redirected to certain/secured jsp page. Part of that page content is:

Hello <%=request.getUserPrincipal().getName().toString()%>
    You are able to view this page because you are authorized user.

Now, if user is logged in, I would like display his/her username, no matter if its secured jsp page or not. Something like this:

<c:if test="${statement that checks if some user is logged in}">
   User: ${username of the logged user here}
</c:if>

EDIT I would also like to replace JSP scriptlet part: <%=request.getUserPrincipal().getName().toString()%> with appropriate JSTL command.

Answer 1

<c:if test="${not empty pageContext.request.userPrincipal}">
    User: <c:out value="${pageContext.request.userPrincipal.name}" />
</c:if>

Use c:out to correctly escape printed values and prevent XSS attacks.

Answer 2

I was missing pageContext object in both situations, request by itself is not implicit object in JSP page.

<c:if test="${not empty pageContext.request.userPrincipal}">
    User <c:out value="${pageContext.request.userPrincipal.name}" />
</c:if>

And JSTL equivalent for <%=request.getUserPrincipal().getName().toString()%> is: <c:out value="${pageContext.request.userPrincipal.name}"/>