问题描述

我想向任何已登录的用户显示内容，并在他们未登录时隐藏.我正在使用 jsp 和 spring 安全性.

I want to show content to any user that is logged in and to hide if they are not logged in. I'm using jsp's and spring security.

显然，自产解决方案很容易完成.但实现这一目标的最干净的标准方法是什么?

Obviously a home grown solution is easily done. But what's the cleanest standard way of achieving this?

Spring 安全标签似乎没有很好的方式来允许在未来添加新角色.

Spring security tags don't seem to have nice way that will allow for the addition of new roles in the future.

推荐答案

我在以下方面取得了成功:

I've had success with the following:

    <sec:authorize ifAnyGranted="ROLE_ANONYMOUS">
        <td><a href="<c:url value="/login.htm"/>">Login</a></td>
    </sec:authorize>
    <sec:authorize ifNotGranted="ROLE_ANONYMOUS">
        <td><a href="<c:url value="/j_spring_security_logout"/>">Logout</a></td>
    </sec:authorize>

可以在不影响此处逻辑的情况下添加新角色.

New roles can be added without affecting the logic here.

为了使这个答案与 Spring Security 3 保持同步，使用 isAnonymous() 和 isAuthenticated() 表达式到目前为止已经很好地结合使用以达到相同的效果事物.举个例子:

To bring this answer up to date with Spring Security 3, using the isAnonymous() and isAuthenticated() expressions have worked well in combination thus far to achieve the same thing. Here's an example:

<sec:authorize access="isAnonymous()">
    <form method="POST" action="<c:url value='j_spring_security_check'/>">
        Username: <input name="j_username" type="text" value="${SPRING_SECURITY_LAST_USERNAME}" />
        Password: <input name="j_password" type="password" />
        <input type="submit" value="Sign in" />
    </form>
</sec:authorize>
<sec:authorize access="isAuthenticated()">
    <a href="<c:url value="/j_spring_security_logout" />">Logout</a>
</sec:authorize>

这篇关于如何使用 Spring security 有条件地向登录用户显示 jsp 内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！