测试是否通过JSP / Spring-MVC登录用户
[英]Testing if a User is Logged in Via JSP/Spring-MVC
问题描述
Using Spring 3 MVC and JSP, I simply want to test if a user is logged in, I'm not interested in using Spring Security currently 
使用Spring 3 MVC和JSP,我只想测试用户是否已登录,我对目前使用Spring Security不感兴趣
<jsp:useBean id="myAppUser" type="com.xxx.MyUser" beanName="myUser" scope="session" />
<c:choose>
<c:when test="myUser.loggedIn">
//dostuff
</c:when>
<c:otherwise>
//dootherstuff
</c:otherwise>
</c:choose>
But the problem is that when there isn't yet a myAppUser in the session, jsp:useBean throws an exception. 但问题是,当会话中还没有myAppUser时,jsp:useBean会抛出异常。 Now I realize that I can have the JSP:useBean actually instantiate the object by giving it a class, but I don't like knowing that somewhere in some JSP fragment I have objects being instantiated and added to my session, so I either want to always set an initial value for that user, and have control over it programatically, or I'd like a way to get that bean that allows it to be null or not exist, if it doesn't exist just return null 现在我意识到我可以拥有JSP:useBean实际上通过给它一个类来实例化该对象,但是我不想知道某个JSP片段中的某个地方我将对象实例化并添加到我的会话中,所以我要么总是为该用户设置一个初始值,并以编程方式控制它,或者我想要一种方法来获取允许它为null或不存在的bean,如果它不存在则返回null
either way would be fine 无论哪种方式都没关系
if my question points to a fundamental misunderstanding in what I should be doing please provide a link to documentation that will thoroughly explain this use case 如果我的问题指向我应该做的事情的根本误解,请提供一个文档的链接,将彻底解释这个用例
2 个解决方案
解决方案1
4 已采纳 2010-06-04 16:19:46
This is not the right approach, but in fact you could solve the particular issue with the JSTL <c:catch> . 这不是正确的方法,但实际上您可以使用JSTL <c:catch>解决特定问题。
<c:catch var="e">
<jsp:useBean id="myAppUser" type="com.xxx.MyUser" beanName="myUser" scope="session" />
</c:catch>
<c:choose>
<c:when test="${empty e && myUser.loggedIn}">Logged in</c:when>
<c:otherwise>Bean doesn't exist or user is not logged in</c:otherwise>
</c:choose>
The right approach is described in answer of matt b. 在回答matt b时描述了正确的方法。 You really need to solve it at a higher level. 你真的需要在更高的层次上解决它。 Have a bean something like UserManager which has the User as child property along several methods like login(User) , logout() and isLoggedIn() . 有一个像UserManager这样的bean,它有一个User作为子属性,有几个方法,比如login(User) , logout()和isLoggedIn() 。 If the user is logged in, then the User ought to be non-null. 如果用户已登录,则User应该是非空的。 When the user logs out, then the User ought to be set to null. 当用户注销时, User应该设置为null。
Update as per comments: As an alternative, you can also just get rid of the whole jsp:useBean declaration and intercept on the presence of the MVC-framework injected ${myUser} in the session. 根据评论进行更新 :作为替代方案,您还可以删除整个jsp:useBean声明并拦截会话中注入${myUser}的MVC框架。
<c:choose>
<c:when test="${myUser.loggedIn}">Logged in</c:when>
<c:otherwise>Bean doesn't exist or user is not logged in</c:otherwise>
</c:choose>
EL will namely transparently "suppress" potential nullpointerexceptions and just return false. EL将透明地“抑制”潜在的nullpointerexceptions并返回false。
解决方案2
2 2010-06-04 15:54:22
Testing for something like "is this person logged in?" 测试“这个人登录了吗?” by examining the Session object in the View kind of blurs the lines between the roles of the Model, the View, and the Controller. 通过检查View类中的Session对象,模糊了Model,View和Controller的角色之间的界限。
Regardless of figuring out the correct JSTL syntax to use to not get jsp:useBean to throw an exception, I suggest moving the check for logged-in to the controller side and have the view test if a "isLoggedIn" property exists in the model. 无论找出正确的JSTL语法来使用jsp:useBean不会抛出异常,我建议将登录检查移到控制器端,如果模型中存在“isLoggedIn”属性,则进行视图测试。
- Controller checks if the session contains a user object, adds a property
isLoggedInto the model with a value oftrueorfalse.Controller检查会话是否包含用户对象,将属性isLoggedIn添加到模型中,其值为true或false。 - The logic in the view branches on the value of
${isLoggedIn}.视图中的逻辑分支为${isLoggedIn}的值。
In other words, the view should be checking only the model for properties/data, and not accessing the session or other state directly. 换句话说,该视图应被检查只对属性/数据模型,而不是直接访问会话或其他状态。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.