Spring Security判断用户是否已经登录

原创地址:https://www.jianshu.com/p/70569b64f9a9

方法一、JSP中检查user principal

<c:if test="${pageContext.request.userPrincipal.name != null}">
    <label>
     Hi ${pageContext.request.userPrincipal.name} ! Welcome to our site
    </label>
</c:if>

<c:choose>
  <c:when test="${pageContext.request.userPrincipal.authenticated}">Show something</c:when>
  <c:otherwise>Show something else</c:otherwise>
</c:choose>

方法二、检查角色

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>

    <sec:authorize access="hasAnyAuthority('ROLE_ADMIN', 'ROLE_USER')" var="isAuthenticated">
    </sec:authorize>

    <c:out value="${isAuthenticated}"/>

和这个

<sec:authorize access="hasAnyRole('ROLE_ADMIN')">
    <a href="delete/${file.id}">Delete</a>
</sec:authorize>

方法三、 还是查询用户

Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 
if (!(auth instanceof AnonymousAuthenticationToken)) { 
     // do something...
}

方法四、 使用标签库

<%@taglib uri="http://www.springframework.org/security/tags" prefix="sec"%>
<sec:authorize access="isAuthenticated()">
    <% response.sendRedirect("main"); %>
</sec:authorize>

方法五、 使用注解
需要:

@Secured("ROLE_ADMIN")
@RequestMapping(params = "onlyForAdmins")    
public ModelAndView onlyForAdmins() {
    ....
}

 @PreAuthorize("isAuthenticated()")
 @RequestMapping(params = "onlyForAuthenticated")
 public ModelAndView onlyForAuthenticatedUsers() {
     ....
 }

方法六、 编程

 SecurityContextHolder.getContext().getAuthentication() != null &&
 SecurityContextHolder.getContext().getAuthentication().isAuthenticated() &&
 //when Anonymous Authentication is enabled
 !(SecurityContextHolder.getContext().getAuthentication() 
          instanceof AnonymousAuthenticationToken) 


if (SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
  System.out.println("LOGGED IN");
  } else {
  System.out.println("NOT LOGGED IN");
}


if (!SecurityContextHolder.getContext().getAuthentication().getName().
  equals("anonymousUser")) {
  System.out.println("LOGGED IN");
  } else {
  System.out.println("NOT LOGGED IN");
}

你可能感兴趣的:(Spring)