Spring Security 3 isAuthenticated()不起作用 [英] spring security 3 isAuthenticated() not working

问题描述

对不起，我的英语.为什么在Spring Security中无法使用方法isAuthenticated()?我在JSF中使用:

Sorry for my english. Why does not working method isAuthenticated() in Spring security? I use in JSF:

#{loginMB.authentication.authenticated}

<sec:authorize access="hasRole('ROLE_ADMIN')">
    test
</sec:authorize>

它不起作用.无论是否通过身份验证，它始终都返回true.

It is not working. All time it return true, if I authenticated or not.

如果显示角色:

#{loginMB.authentication.authorities}

这是正确的，当经过身份验证的角色为[ROLE_ADMIN]，当未经身份验证的角色为[ROLE_ANONYMOUS].

It is show right, when is authenticated a role is [ROLE_ADMIN], when is not authenticated a role is [ROLE_ANONYMOUS].

什么时候出问题?

====更新====

如果在LoginBean中创建方法isAuthenticated()以检查AnonymousAuthenticationToken，如Aleksandr所述:

If create metod isAuthenticated() in LoginBean for check AnonymousAuthenticationToken as said Aleksandr:

public boolean isAuthenticated(){

    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    return authentication != null && !(authentication instanceof AnonymousAuthenticationToken) && authentication.isAuthenticated();

}

正在工作.谢谢Aleksandr.但是授权标签不起作用.如果我在JSF页面中添加:

It is working. Thank you Aleksandr. But authorize tag is not working. If I add in a JSF page:

<sec:authorize access="hasRole('ROLE_ANONYMOUS')">
    ROLE_ANONYMOUS
</sec:authorize>
<sec:authorize access="hasRole('ROLE_ADMIN')">
    ROLE_ADMIN
</sec:authorize>

它打印ROLE_ANONYMOUS和ROLE_ADMIN.为什么?

It print ROLE_ANONYMOUS and ROLE_ADMIN. Why?

====更新2 ====

applicationContext-security.xml:

applicationContext-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:context="http://www.springframework.org/schema/context"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <beans:import resource="applicationContext.xml"/>


    <global-method-security jsr250-annotations="enabled" />

    <http auto-config="true" use-expressions="true">
        <form-login login-page="/pages/login.html" authentication-failure-url="/fail.html"/>
        <intercept-url pattern="/**" access="permitAll" />

    </http>

    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="UserDAO">
            <password-encoder hash="plaintext" />
        </authentication-provider>
    </authentication-manager>

</beans:beans>

推荐答案

问题已解决.

1. 如果在LoginBean中创建方法isAuthenticated()来检查AnonymousAuthenticationToken，如Aleksandr所述:

1. If create metod isAuthenticated() in LoginBean for check AnonymousAuthenticationToken as said Aleksandr:

   public boolean isAuthenticated(){

       Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
       return authentication != null && !(authentication instanceof AnonymousAuthenticationToken) && authentication.isAuthenticated();

   }

正在工作.谢谢Aleksandr.

It is working. Thank you Aleksandr.

在JSF页面中，该标签将在此处起作用.而且我有它问题.

For will work authorize tag in JSF page to read here. And i had it problem.

这篇关于Spring Security 3 isAuthenticated()不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！