的再认识在春季3项目登录用户JSP

Question

我有项目通过Spring的安全保护。我需要确定用户，谁刚刚访问到JSP是否已经登录我在这里读了一些文章，帖子和文档，并试图用这个代码来实现它。

<sec:authorize ifAnyGranted="ROLE_ANONYMOUS"> 
      USER NOT LOGGED IN 
    <td><a href="<c:url value="/login"/>">Login</a></td> 
</sec:authorize> 
<sec:authorize ifNotGranted="ROLE_ANONYMOUS">  
      USER LOGGED IN 
    <td><a href="<c:url value="/j_spring_security_logout"/>">Logout</a></td> 
</sec:authorize> 

不过，我总是得到“用户登录”我不能明白为什么。这是我的安全上下文

<beans xmlns:security="http://www.springframework.org/schema/security" 
    xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

<security:http pattern="/resources/**" security="none"/> 
<security:http pattern="/login*" security="none" auto-config="true"/> 
<security:http pattern="/denied" security="none"/> 

<security:http auto-config="true" access-denied-page="/denied" servlet-api-provision="false"> 
    <security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
    <security:intercept-url pattern="/edit/**" access="ROLE_EDIT"/> 
    <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/> 
    <security:intercept-url pattern="/**" access="ROLE_USER"/> 
    <security:form-login login-page="/login" authentication-failure-url="/denied" 
         default-target-url="/"/> 
    <security:logout logout-success-url="/login" /> 
</security:http> 

<security:authentication-manager> 
    <security:authentication-provider> 
     <security:user-service> 
      <security:user name="adam" password="adampassword" authorities="ROLE_USER"/> 
      <security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/> 
      <security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/> 
     </security:user-service> 
    </security:authentication-provider> 
</security:authentication-manager> 

</beans> 

我想感谢所有帮助:)

Answer 1

如果页面入店给任何人，在你的secruity设置上下文中，您可以有条件地显示如下内容：

<sec:authorize var="loggedIn" access="isAuthenticated()"/> 

，并使用相当标准的JSTL则可以：

<c:choose> 
    <c:when test="${loggedIn}"> 
    <td><a href="<c:url value="/j_spring_security_logout"/>">Logout</a></td>   

谷歌搜索一点点告诉我ifnotgranted is deprecated