Spring Security判断用户是否已经登录

心已赠人 2023-06-10 10:28 2阅读 0赞

原创地址：https://www.jianshu.com/p/70569b64f9a9

**方法一、JSP中检查user principal**

<c:if test="${pageContext.request.userPrincipal.name != null}">
        <label>
         Hi ${ pageContext.request.userPrincipal.name} ! Welcome to our site
        </label>
    </c:if>
    
    <c:choose>
      <c:when test="${pageContext.request.userPrincipal.authenticated}">Show something</c:when>
      <c:otherwise>Show something else</c:otherwise>
    </c:choose>

**方法二、检查角色**

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
    <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
    
        <sec:authorize access="hasAnyAuthority('ROLE_ADMIN', 'ROLE_USER')" var="isAuthenticated">
        </sec:authorize>
    
        <c:out value="${isAuthenticated}"/>

和这个

<sec:authorize access="hasAnyRole('ROLE_ADMIN')">
        <a href="delete/${file.id}">Delete</a>
    </sec:authorize>

**方法三、 还是查询用户**

Authentication auth = SecurityContextHolder.getContext().getAuthentication(); 
    if (!(auth instanceof AnonymousAuthenticationToken)) {  
         // do something...
    }

**方法四、 使用标签库**

<%@taglib uri="http://www.springframework.org/security/tags" prefix="sec"%>
    <sec:authorize access="isAuthenticated()">
        <% response.sendRedirect("main"); %>
    </sec:authorize>

**方法五、 使用注解**  
`需要：<global-method-security secured-annotations="enabled" />`

@Secured("ROLE_ADMIN")
    @RequestMapping(params = "onlyForAdmins")    
    public ModelAndView onlyForAdmins() { 
        ....
    }
    
     @PreAuthorize("isAuthenticated()")
     @RequestMapping(params = "onlyForAuthenticated")
     public ModelAndView onlyForAuthenticatedUsers() { 
         ....
     }

**方法六、 编程**

SecurityContextHolder.getContext().getAuthentication() != null &&
     SecurityContextHolder.getContext().getAuthentication().isAuthenticated() &&
     //when Anonymous Authentication is enabled
     !(SecurityContextHolder.getContext().getAuthentication() 
              instanceof AnonymousAuthenticationToken) 
    
    
    if (SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) { 
      System.out.println("LOGGED IN");
      } else { 
      System.out.println("NOT LOGGED IN");
    }
    
    
    if (!SecurityContextHolder.getContext().getAuthentication().getName().
      equals("anonymousUser")) { 
      System.out.println("LOGGED IN");
      } else { 
      System.out.println("NOT LOGGED IN");
    }

Spring Security判断用户是否已经登录

发表评论取消回复

还没有评论，来说两句吧...

相关阅读