如何在使用j_security_check进行身份验证之后,在我的index.jsp上获取j_username? [英] How can I get j_username on my index.jsp after successful authentication with j_security_check?
问题描述
我在login.jsp上使用j_security_check。服务器是GlassFish Server 3.它全部有效,当用户通过身份验证后,它将打开index.jsp。我的问题是我需要在我的index.jsp中获取j_username,但是我找不到这样做的方法。我找到的所有解决方案都是用Java编写的,而且我需要一些适用于我的jsp的东西。
有什么想法?非常感谢您提前!
涉及的请求在JSP EL中可用 PageContext#getRequest()
。登录用户可通过 的HttpServletRequest#getUserPrincipal()
。用户名又可通过获取 Principal#getName()
。
$ b $ b $ b
< p>欢迎,< c:out value =$ {pageContext.request.userPrincipal.name}/>< / p>
应该这样做。
使用< c:out>
是不必要的,但对于用户名可能包含特殊HTML字符的情况很有用,这些字符可能会使HTML输出出错,如 <
,>
,等等(这是XSS的来源攻击),
< c:out>
只是逃避它们,所以它们会逐字显示,而不是被解释为HTML标记的一部分。
I'm using j_security_check on a login.jsp. The server is GlassFish Server 3. It all works, when the user is authenticated it then opens index.jsp. My problem is I need to get j_username in my index.jsp, but I couldn't find a way of doing it. All solutions I found are in Java and I need something that works with my jsp.
Any ideas? Thank you very much in advance!
The involved request is in JSP EL available by PageContext#getRequest()
. The logged-in user is available by HttpServletRequest#getUserPrincipal()
. The username is in turn available by Principal#getName()
.
So,
<p>Welcome, <c:out value="${pageContext.request.userPrincipal.name}" /></p>
should do.
Using <c:out>
is by the way not necessary, but useful for the case that the username could contain special HTML characters which could malform the HTML output like <
, >
, "
and so on (which is a source for XSS attacks). The <c:out>
just escapes them so that they get displayed literally instead of being interpreted as part of HTML markup.
这篇关于如何在使用j_security_check进行身份验证之后,在我的index.jsp上获取j_username?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!