Spring Security 3 check if user is authenticated
Question
I'm working on an old Spring 3.0.7 project. I have to add a jsp accessible to anyone. I have to check if anyone who land on this page is an authenticated one or is an anonymous one, so I decide to use this
<security:authorize access="isAuthenticated()">
...
</security:authorize>
<security:authorize access="isAnonymous()">
....
</security:authorize>
to show proper contents to users. When I land on that jsp as a logged user everithing is fine. When I land on that without login isAuthenticated() does not return false but throws an Exception:
java.lang.RuntimeException: org.apache.jasper.JasperException: javax.servlet.ServletException: javax.servlet.jsp.JspException: org.springframework.beans.NotReadablePropertyException: Invalid property 'principal.username' of bean class [org.springframework.security.authentication.AnonymousAuthenticationToken]: Bean property 'principal.username' is not readable or has an invalid getter method: Does the return type of the getter match the parameter type of the setter?
I'm pretty new to Spring, surely I miss something. But what?
update
This is my jsp relevant code:
<%@ page isELIgnored="false" contentType="text/html" pageEncoding="UTF-8" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<c:set var="contextPath" value="${pageContext.request.contextPath}"/>
<content tag="top">
<security:authorize access="isAuthenticated()">
<!-- authenticated users content -->
</security:authorize>
<security:authorize access="isAnonymous()">
<li><a href="${contextPath}/"><i class="login"></i> Login</a></li>
</security:authorize>
</content>
...
1 answers
solution1
0 2015-05-27 11:30:22
have to add a jsp accessible to anyone??
Then dont include that jsp into this below security.xml file.
Inside the configuration element, you can restrict access to particular URLs with one or more elements. Each element specifies a URL pattern and a set of access attributes required to access the URLs. Remember that you must always include a wildcard at the end of a URL pattern. Failing to do so will make the URL pattern unable to match a URL that has request parameters.
<security:http auto-config="true" >
<security:intercept-url pattern="/index*" access="ROLE_USER" />
<security:intercept-url pattern="/Transit*" access="ROLE_USER" />
<security:form-login login-page="/login.htm" default-target-url="/index.htm"
authentication-failure-url="/loginerror.htm" />
<security:logout logout-success-url="/logout.htm" />
</security:http>
When ever we are going to describe a url without any security, Then we should remove the particular url from the above lines of code under security configured xml file. for example if we dont need any security for index page then the above coding should look like this.
<security:http auto-config="true" >
<security:intercept-url pattern="/Transit*" access="ROLE_USER" />
<security:form-login login-page="/login.htm" default-target-url="/index.htm"
authentication-failure-url="/loginerror.htm" />
<security:logout logout-success-url="/logout.htm" />
</security:http>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.