Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Get Spring Security Principal in JSP EL expression

Tags:

java

spring-mvc

spring

jsp

spring-security

I am using Spring MVC and Spring Security version 3.0.6.RELEASE. What is the easiest way to get the user name in my JSP? Or even just whether or not the user is logged in? I can think of a couple ways:

1. Using a scriptlet

Using a scriptlet like this to determine if the user is logged in: 

<%=org.springframework.security.core.context.SecurityContextHolder.getContext()
    .getAuthentication().getPrincipal().equals("anonymousUser")
    ? "false":"true"%>

I'm not a fan of using scriptlets, though, and I want to use this in some <c:if> tags, which requires putting it back as a page attribute.

2. Using SecurityContextHolder

I could again use SecurityContextHolder from my @Controller and put it on the model. I need this on every page, though, so I'd rather not have to add this logic in every one of my Controllers.

I suspect there's a cleaner way to do this...

like image 712
Jeremiah Orr Avatar asked Jan 28 '12 21:01

Jeremiah Orr

3 Answers

Check Spring security tags : <sec:authentication property="principal.username" />

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html

And you can check if logged : 

<sec:authorize access="isAuthenticated()">

instead of c:if

like image 94
alephx Avatar answered Nov 17 '22 20:11

alephx

I know there are other answers in the thread, but none have answered how you can check if user is authenticated. So I'm sharing what my code look likes.

Include the tag lib in your project:

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

Then create a user object in current scope by adding:

<sec:authentication var="user" property="principal" />

Then you can easily show the username by adding. Remember the 'principal' object is generally of type string unless you have implemented the spring security in a way to change it to another Class in your project:

<sec:authorize access="hasRole('ROLE_USER') and isAuthenticated()">
${user}
</sec:authorize>

I hope this helps somebody looking to check user roles.

If you are using Maven, then add the dependency tag as mentioned by Christian Vielma in this thread.

Thanks!

like image 20
S Gupta Avatar answered Nov 17 '22 20:11

S Gupta

You can use like this: Spring Security Tag Lib - 3.1.3.RELEASE

<sec:authentication var="principal" property="principal" />

and Then:

${principal.username}
like image 11
Raphael Villas Boas Avatar answered Nov 17 '22 20:11

Raphael Villas Boas
Sign in to Comment

Related questions

Applying MVC With JavaFx
Is there a way to get the value of a HashMap randomly in Java?
Eclipse Error: "Failed to connect to remote VM"
Gson serialize a list of polymorphic objects
When should streams be preferred over traditional loops for best performance? Do streams take advantage of branch-prediction?
bitwise not operator
Convert ByteBuffer to byte array java [duplicate]
Is this the best way to rewrite the content of a file in Java?
JPA - @Column (unique=true) - What is really point of having 'unique' attribute?
Java try/catch/finally best practices while acquiring/closing resources
ClassCastException, casting Integer to Double
Slicing byte arrays in Java
Spring Boot @Async method in controller is executing synchronously
difference in seconds between two dates using joda time?
Are Locks AutoCloseable?
Why doesn't Sun do a C# to Java byte code compiler?
Why are there wrapper classes in Java? [duplicate]
Can I call Java from Node.js via JNI and how?
Java JDBC connection status
Android Resource - Array of Arrays

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!