I am using Spring MVC and Spring Security version 3.0.6.RELEASE. What is the easiest way to get the user name in my JSP? Or even just whether or not the user is logged in? I
j tag is:
<%@taglib prefix="j" uri="http://java.sun.com/jsp/jstl/core" %>
sec tag is:
<%@taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
Add to pom.xml:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
Add to the page:
<sec:authentication var="principal" property="principal"/>
<j:choose>
<j:when test="${principal eq 'anonymousUser'}">
NOT AUTHENTICATED
</j:when>
<j:otherwise>
AUTHENTICATED
</j:otherwise>
</j:choose>
I agree with alephx, I even voted his answer.
But if you need another approach, you could use the one that Spring Roo uses.
If you have the SecurityContextHolderAwareRequestFilter, it provides the standard servlet API security methods, using a request wrapper which accesses the SecurityContext.
This filter is registered with the <http>
tag from the Spring Security namespace. You can also register it in the FilterChainProxy's security filter chain (just add the reference to a declared bean in your applicationContext-security.xml)
Then, you can access the security servlet API as Roo does (find the footer.jspx to see how a conditional logout link is written)
<c:if test="${pageContext['request'].userPrincipal != null}">
<c:out value=" | "/>
...
I know there are other answers in the thread, but none have answered how you can check if user is authenticated. So I'm sharing what my code look likes.
Include the tag lib in your project:
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
Then create a user object in current scope by adding:
<sec:authentication var="user" property="principal" />
Then you can easily show the username by adding. Remember the 'principal' object is generally of type string unless you have implemented the spring security in a way to change it to another Class in your project:
<sec:authorize access="hasRole('ROLE_USER') and isAuthenticated()">
${user}
</sec:authorize>
I hope this helps somebody looking to check user roles.
If you are using Maven, then add the dependency tag as mentioned by Christian Vielma in this thread.
Thanks!
I think <sec:authentication property="principal.username" />
will not always work because type returned by Authentication.getPrincipal() is Object, ie: it could be a UserDetail (for which the above will work), a String or anything else.
For purpose of displaying username in JSP page what I find more reliable is using ${pageContext.request.userPrincipal.name}
.
This uses java.security.Principal.getName() which returns String.
I was using Maven so I had to add the taglibs library adding this to the pom.xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.3.RELEASE</version>
</dependency>
Then in my jsp added:
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
And:
<sec:authentication property="principal" />
principal.username
kept giving me errors (maybe is the way I created the UsernamePasswordAuthenticationToken
object, not sure).