JSTL標簽中的Spring安全開關案例

Question

有沒有辦法轉換窗體的jsp代碼

<security:authorize access="hasRole('ROLE_USER')">You're an user</security:authorize>
<security:authorize access="hasRole('ROLE_ADMIN')">You're an admin</security:authorize>
<security:authorize access="hasRole('ROLE_SADMIN')">You're a superadmin</security:authorize>

到另一種形式，類似於以下（不起作用）？

<c:choose>
  <c:when test="hasRole('ROLE_USER')">
    You're an user
  </c:when>
  <c:when test="hasRole('ROLE_ADMIN')">
    You're an admin
  </c:when>
  <c:when test="hasRole('ROLE_SADMIN')">
    You're a superadmin
  </c:when>
  <c:otherwise>
    You have no relevant role
  </c:otherwise>
</c:choose>

更確切地說，有沒有辦法用JSTL標簽替換這個Spring Security taglib功能？

Answer 1

您可以使用<security:authorize/>標記的var屬性來創建：

一個頁面范圍的變量，其中將寫入標記評估的布爾結果，允許在頁面中隨后重用相同的條件而無需重新評估。

<security:authorize access="hasRole('ROLE_USER')" var="isUser" />
<security:authorize access="hasRole('ROLE_ADMIN')" var="isAdmin" />
<security:authorize access="hasRole('ROLE_SADMIN')" var="isSuperUser" />

<c:choose>
  <c:when test="${isSuperUser}">
    You're a superadmin
  </c:when>
  <c:when test="${isAdmin}">
    You're an admin
  </c:when>
  <c:when test="${isUser}">
    You're an user
  </c:when>
  <c:otherwise>
    You have no relevant role
  </c:otherwise>
</c:choose>

Answer 2

Workarround：如果只有這個簡單的hasRole(XXX)表達式，那么你可以擁有一個包含當前用戶角色的變量。 這個變量可以由控制器填充，或者在幾乎所有jsps中需要時，由Spring HandlerInterceptor或Servlet Filter（在Spring Security Filter之后注冊）填充。