stackoom
  简体   繁体   中英

How to determine on login page, if there is some user already logged?

 原文  2013-03-24 20:46:46       java/ spring/ spring-mvc/ spring-security

Question

Is there any way, how to determine, if there is anybody already logged when using Spring 3 MVC + Spring security ? This is my security context: 

<beans xmlns:security="http://www.springframework.org/schema/security"
   xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://www.springframework.org/schema/beans
             http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
             http://www.springframework.org/schema/security
             http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:http pattern="/resources/**" security="none"/>
<security:http pattern="/login*" security="none" auto-config="true"/>
<security:http pattern="/denied" security="none"/>

<security:http auto-config="true" access-denied-page="/denied" servlet-api-provision="false">
    <security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <security:intercept-url pattern="/edit/**" access="ROLE_EDIT"/>
    <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
    <security:intercept-url pattern="/**" access="ROLE_USER"/>
    <security:form-login login-page="/login"  authentication-failure-url="/denied"
                         default-target-url="/"/>
    <security:logout/>
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <security:user-service>
            <security:user name="adam" password="adampassword" authorities="ROLE_USER"/>
            <security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/>
            <security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/>
        </security:user-service>
    </security:authentication-provider>
</security:authentication-manager>

</beans>

I can determine it ie on home page via 

<%
    User user = (User) SecurityContextHolder.getContext()
            .getAuthentication().getPrincipal();
    String username = user.getUsername();
%>

Nevertheless on login page it generates nullpointer exception.. :-/

And when there is somebody already logged in and somebody tries to log in again, then the browser goes to myurl.com/home page and I get 404 error, because the right address should be just myurl.com/ . When there is nobody logged in, then the browser redirects to right address. Any ideas where can be a bug?

My jsp page: 

<%@ page import="org.springframework.security.core.userdetails.User"%>
<%@ page import="org.springframework.security.core.context.SecurityContextHolder"%>
<%@ page import="java.util.Collection"%>
<%@ page import="javax.swing.text.AbstractDocument"%>
<%@ page import="org.springframework.security.core.GrantedAuthority"%>

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
</head>
<body>
<div class="form">
    <form name="f" action="j_spring_security_check" method="post">
        <input type="text" id="username" class="input-block-level"
            name="j_username" placeholder="Username"> <input
            type="password" id="password" name="j_password"
            class="input-block-level" placeholder="Password">
        <button class="btn btn-large btn-primary" type="submit">Sign
            in</button>
    </form>
</div>
</body>
</html>

2 answers

solution1
 4 ACCPTED  2013-03-25 04:52:21

Spring Security contains a JSP Tag Library, wich can be imported by the next code: 

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

With that imported, you can use the jsp tag "sec" (for Security), 

 <sec:authorize access="isAuthenticated()">
     ... <!-- Code or message to show when user is authenticated -->
 </sec:authorize>

Within the tag, you can run certain code, display tags or html.

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html

solution2
 3  2013-03-24 21:06:03

Within the jsp you can use

First question: 

 <sec:authorize access="isAuthenticated()">
     the user has logged in 
 </sec:authorize>

Second question:

You get the 404 error when some body already logged in request the login page directly, because you restricted the access to this page: 

 <security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

One solution is to use permitAll access restriction instead and the put some notice in the jsp for users that allready logged in: 

 <security:intercept-url pattern="/login*" access="permitAll"/>

login.jsp 

 <sec:authorize access="isAuthenticated()">
     you already logged in. 
 </sec:authorize>

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question redirect from CAS login page when user is already logged in How to redirect to jsp login page, if user does not logged in already, Java servlet? Authentication filter to prevent user from going to login page if he is already logged in Redirect already logged in user with java spring-security when he tries to enter login page How to redirect to the homepage if the user accesses the login page after being logged in? How to get the email from already logged user How to restrict a logged in user to access the login page in spring without using spring security? Android how to get user Facebook information when user is already logged in prevent back to login page after user is logged in jsp servlet “stay logged in” login page
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM