我通过 Spring security 保护了项目。我需要确定刚刚访问 JSP 的用户是否已经登录。我已经阅读了一些文章、帖子和文档,并尝试使用以下代码实现它:
<sec:authorize ifAnyGranted="ROLE_ANONYMOUS">
USER NOT LOGGED IN
<td><a href="<c:url value="/login"/>">Login</a></td>
</sec:authorize>
<sec:authorize ifNotGranted="ROLE_ANONYMOUS">
USER LOGGED IN
<td><a href="<c:url value="/j_spring_security_logout"/>">Logout</a></td>
</sec:authorize>
尽管如此,我总是得到“用户登录”,我不知道为什么..这是我的安全上下文
<beans xmlns:security="http://www.springframework.org/schema/security"
xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http pattern="/resources/**" security="none"/>
<security:http pattern="/login*" security="none" auto-config="true"/>
<security:http pattern="/denied" security="none"/>
<security:http auto-config="true" access-denied-page="/denied" servlet-api-provision="false">
<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/edit/**" access="ROLE_EDIT"/>
<security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<security:form-login login-page="/login" authentication-failure-url="/denied"
default-target-url="/"/>
<security:logout logout-success-url="/login" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="adam" password="adampassword" authorities="ROLE_USER"/>
<security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/>
<security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
我会很感激任何帮助:)