如何确定登录页面上是否有某个用户已经登录？

Question

有没有什么办法，如何确定，如果有人在使用时已经登录了Spring 3 MVC + Spring security？这是我的安全上下文：

<beans xmlns:security="http://www.springframework.org/schema/security" 
    xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

<security:http pattern="/resources/**" security="none"/> 
<security:http pattern="/login*" security="none" auto-config="true"/> 
<security:http pattern="/denied" security="none"/> 

<security:http auto-config="true" access-denied-page="/denied" servlet-api-provision="false"> 
    <security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
    <security:intercept-url pattern="/edit/**" access="ROLE_EDIT"/> 
    <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/> 
    <security:intercept-url pattern="/**" access="ROLE_USER"/> 
    <security:form-login login-page="/login" authentication-failure-url="/denied" 
         default-target-url="/"/> 
    <security:logout/> 
</security:http> 

<security:authentication-manager> 
    <security:authentication-provider> 
     <security:user-service> 
      <security:user name="adam" password="adampassword" authorities="ROLE_USER"/> 
      <security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/> 
      <security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/> 
     </security:user-service> 
    </security:authentication-provider> 
</security:authentication-manager> 

</beans> 

我可以通过

<% 
    User user = (User) SecurityContextHolder.getContext() 
      .getAuthentication().getPrincipal(); 
    String username = user.getUsername(); 
%> 

然而在登录页面，它会产生空指针异常即确定其主页上..： -/

当有有人已经登录，有人试图再次登录，然后浏览器去myurl.com/home页，我得到404错误，因为正确的地址应该只是myurl.com/。当没有人登录时，浏览器重定向到正确的地址。任何想法可能是一个错误？

我的jsp页面：

<%@ page import="org.springframework.security.core.userdetails.User"%> 
<%@ page import="org.springframework.security.core.context.SecurityContextHolder"%> 
<%@ page import="java.util.Collection"%> 
<%@ page import="javax.swing.text.AbstractDocument"%> 
<%@ page import="org.springframework.security.core.GrantedAuthority"%> 

<!DOCTYPE html> 
<html lang="en"> 
<head> 
<meta charset="utf-8" /> 
</head> 
<body> 
<div class="form"> 
    <form name="f" action="j_spring_security_check" method="post"> 
     <input type="text" id="username" class="input-block-level" 
      name="j_username" placeholder="Username"> <input 
      type="password" id="password" name="j_password" 
      class="input-block-level" placeholder="Password"> 
     <button class="btn btn-large btn-primary" type="submit">Sign 
      in</button> 
    </form> 
</div> 
</body> 
</html> 

Answer 1

春季安全包含一个JSP标签库，可以通过下一个代码导入：

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> 

凭借原装进口，您可以使用JSP标签“SEC”（安全），

<sec:authorize access="isAuthenticated()"> 
    ... <!-- Code or message to show when user is authenticated --> 
</sec:authorize> 

内的标签，您可以运行特定的代码，显示标签或HTML。

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html

Answer 2

在jsp中可以使用

第一个问题：

<sec:authorize access="isAuthenticated()"> 
    the user has logged in 
</sec:authorize> 

第二个问题：

你获得404错误，当一些身体已直接登录请求登录页面，因为您限制了对此页面的访问：

<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 

一种解决方案是使用permitAll访问限制，而不是和把一些通知，在jsp的用户在登录媒体链接：

<security:intercept-url pattern="/login*" access="permitAll"/> 

的login.jsp

<sec:authorize access="isAuthenticated()"> 
    you already logged in. 
</sec:authorize>