Announcement Announcement Module
Collapse
No announcement yet.
SessionScope Security Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • SessionScope Security

    Hi guys, new to spring and spring security also.

    I've set up my security.xml like this.


    Code:
    namespace omitted..
    
        <http auto-config="true" use-expressions="true">
            <form-login login-page="/login.html" />
            <logout invalidate-session="true" logout-url="/logout.html" logout-success-url="/login.html?loggedout=true" />
        
            <intercept-url pattern="/viewUsers.html" access="hasRole('ROLE_ADMIN')" />
        </http>
    
        <authentication-manager>
            <authentication-provider>
    			<jdbc-user-service data-source-ref="dataSource" />
            </authentication-provider>
        </authentication-manager>
    It seems like it is working as only ROLE_ADMINS can access the viewUsers.html.

    Two questions..

    1) I believe that a UserDetails object or something gets stored internally when the login is successful. How can I access this object through the jsp and how can I get the current user through the jsp?

    2) If i want to get the object through the controller, is it..
    Code:
    return (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    It's wierd cause the name is principal.

  • #2
    1) I believe that a UserDetails object or something gets stored internally when the login is successful. How can I access this object through the jsp and how can I get the current user through the jsp?
    http://static.springsource.org/sprin...e/taglibs.html

    2) If i want to get the object through the controller, is it..
    Yes

    Comment

    Working...
    X