如何使用Spring安全性有条件地向登录用户显示jsp内容 [英] how to conditionally show jsp content to logged in users with Spring security

问题描述

我想向任何登录的用户显示内容，如果他们没有登录则要隐藏。我正在使用jsp和spring安全性。

I want to show content to any user that is logged in and to hide if they are not logged in. I'm using jsp's and spring security.

显然，一个成熟的解决方案很容易完成。但实现这一目标最简洁的标准方法是什么？

Obviously a home grown solution is easily done. But what's the cleanest standard way of achieving this?

Spring安全标签似乎没有很好的方法可以在将来添加新角色。

Spring security tags don't seem to have nice way that will allow for the addition of new roles in the future.

推荐答案

我已成功完成以下任务：

I've had success with the following:

    <sec:authorize ifAnyGranted="ROLE_ANONYMOUS">
        <td><a href="<c:url value="/login.htm"/>">Login</a></td>
    </sec:authorize>
    <sec:authorize ifNotGranted="ROLE_ANONYMOUS">
        <td><a href="<c:url value="/j_spring_security_logout"/>">Logout</a></td>
    </sec:authorize>

可以在不影响逻辑的情况下添加新角色。

New roles can be added without affecting the logic here.

要使用Spring Security 3更新此答案，请使用 isAnonymous（）和 isAuthenticated（）到目前为止，表达式在组合方面运作良好，以实现相同的目的。以下是一个示例：

To bring this answer up to date with Spring Security 3, using the isAnonymous() and isAuthenticated() expressions have worked well in combination thus far to achieve the same thing. Here's an example:

<sec:authorize access="isAnonymous()">
    <form method="POST" action="<c:url value='j_spring_security_check'/>">
        Username: <input name="j_username" type="text" value="${SPRING_SECURITY_LAST_USERNAME}" /> 
        Password: <input name="j_password" type="password" /> 
        <input type="submit" value="Sign in" />
    </form>
</sec:authorize>
<sec:authorize access="isAuthenticated()">
    <a href="<c:url value="/j_spring_security_logout" />">Logout</a>
</sec:authorize>

这篇关于如何使用Spring安全性有条件地向登录用户显示jsp内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！