blocks|key|1458853|text|检查Spring安全标签：<sec:authentication+property="principal.username"+/>|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1458854|http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html|1458855|您可以检查是否已记录：|1458856|<sec:authorize+access="isAuthenticated()">+|code-block|syntax|javascript|1458857|不是c:if|1458858|entityMap|0|LINK|mutability|MUTABLE|url^0|D|1G|0|0|2D|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|X|8|@$9|Y|A|Z|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|10|8|@]|D|@$9|11|A|12|1|13]]|E|$]]|$1|H|3|I|5|6|7|14|8|@]|D|@]|E|$]]|$1|J|3|K|5|L|7|15|8|@]|D|@]|E|$M|N]]|$1|O|3|P|5|6|7|16|8|@]|D|@]|E|$]]|$1|Q|3|-4|5|6|7|17|8|@]|D|@]|E|$]]]|R|$S|$5|T|U|V|E|$W|G]]]]

Check Spring security tags : <code>&lt;sec:authentication property="principal.username" /&gt;</code> 

<a href="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html">http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html</a>

And you can check if logged : 

<pre><code>&lt;sec:authorize access="isAuthenticated()"&gt; 
</code></pre>

instead of c:if

blocks|key|1458865|text|据我所知，默认情况下会Spring+Security+3.0.x+installs一个SecurityContextHolderRquestAwareFilter，这样就可以通过调用HttpServletRequest.getUserPrincipal()来获取Authentication对象，也可以通过调用HttpServletRequest.isUserInRole()来查询角色。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1458866|entityMap|0|LINK|mutability|MUTABLE|url|http://static.springsource.org/spring-security/site/docs/3.0.x/reference/security-filter-chain.html#d0e2952|1|http://grepcode.com/file/repo1.maven.org/maven2/org.springframework.security/spring-security-web/3.0.5.RELEASE/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java?av=f^0|17|12|2J|11|3N|E|4B|X|B|U|0|17|12|1|0^^$0|@$1|2|3|4|5|6|7|P|8|@$9|Q|A|R|B|C]|$9|S|A|T|B|C]|$9|U|A|V|B|C]|$9|W|A|X|B|C]]|D|@$9|Y|A|Z|1|10]|$9|11|A|12|1|13]]|E|$]]|$1|F|3|-4|5|6|7|14|8|@]|D|@]|E|$]]]|G|$H|$5|I|J|K|E|$L|M]]|N|$5|I|J|K|E|$L|O]]]]

As far as I know by default <a href="http://static.springsource.org/spring-security/site/docs/3.0.x/reference/security-filter-chain.html#d0e2952" rel="nofollow">Spring Security 3.0.x installs</a> a <a href="http://grepcode.com/file/repo1.maven.org/maven2/org.springframework.security/spring-security-web/3.0.5.RELEASE/org/springframework/security/web/servletapi/SecurityContextHolderAwareRequestFilter.java?av=f" rel="nofollow"><code>SecurityContextHolderRquestAwareFilter</code></a>, so that you can get the <code>Authentication</code> object by calling <code>HttpServletRequest.getUserPrincipal()</code>, and you can also query roles by calling <code>HttpServletRequest.isUserInRole()</code>.

blocks|key|442235|text|我同意alephx的观点，我甚至投票支持他的答案。|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|442236|但是如果你需要另一种方法，你可以使用Spring+Roo使用的方法。|442237|如果有SecurityContextHolderAwareRequestFilter，它将使用访问SecurityContext的请求包装器提供标准的servlet+API安全方法。|442238|这个过滤器是用Spring+Security名称空间中的<http>标记注册的。您还可以在FilterChainProxy的安全过滤器链中注册它(只需在您的applicationContext-security.xml中添加对已声明bean的引用)|CODE|442239|然后，您可以像Roo一样访问security+servlet+API+(找到footer.jspx以查看条件注销链接是如何编写的)|442240|++<c:if+test="${pageContext['request'].userPrincipal+!=+null}">
<c:out+value="+%7C+"/>
...|code-block|syntax|javascript|442241|​|442242|entityMap^0|3|6|0|0|0|S|6|0|0|0|0^^$0|@$1|2|3|4|5|6|7|X|8|@$9|Y|A|Z|B|C]]|D|@]|E|$]]|$1|F|3|G|5|6|7|10|8|@]|D|@]|E|$]]|$1|H|3|I|5|6|7|11|8|@]|D|@]|E|$]]|$1|J|3|K|5|6|7|12|8|@$9|13|A|14|B|L]]|D|@]|E|$]]|$1|M|3|N|5|6|7|15|8|@]|D|@]|E|$]]|$1|O|3|P|5|Q|7|16|8|@]|D|@]|E|$R|S]]|$1|T|3|U|5|6|7|17|8|@]|D|@]|E|$]]|$1|V|3|-4|5|6|7|18|8|@]|D|@]|E|$]]]|W|$]]

I agree with alephx, I even voted his answer.

But if you need another approach, you could use the one that Spring Roo uses.

If you have the SecurityContextHolderAwareRequestFilter, it provides the standard servlet API security methods, using a request wrapper which accesses the SecurityContext.

This filter is registered with the <code>&lt;http&gt;</code> tag from the Spring Security namespace. You can also register it in the FilterChainProxy's security filter chain (just add the reference to a declared bean in your applicationContext-security.xml)

Then, you can access the security servlet API as Roo does (find the footer.jspx to see how a conditional logout link is written)

<pre><code> &lt;c:if test="${pageContext['request'].userPrincipal != null}"&gt;
&lt;c:out value=" | "/&gt;
...
</code></pre>

blocks|key|1462564|text|我使用的是Maven，所以我必须添加标记库，并将以下代码添加到pom.xml中|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1462565|<dependency>
++++<groupId>org.springframework.security</groupId>
++++<artifactId>spring-security-taglibs</artifactId>
++++<version>3.1.3.RELEASE</version>
</dependency>|code-block|syntax|javascript|1462566|然后在我的jsp中添加了：|1462567|<%25@+taglib+prefix="sec"+uri="http://www.springframework.org/security/tags"+%25>|1462568|和：|1462569|<sec:authentication+property="principal"+/>|1462570|principal.username总是给我错误(可能是我创建UsernamePasswordAuthenticationToken对象的方式，不确定)。|offset|length|style|CODE|1462571|entityMap^0|0|0|0|0|0|0|0|I|V|Z|0^^$0|@$1|2|3|4|5|6|7|W|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|X|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|Y|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|Z|8|@]|9|@]|A|$E|F]]|$1|K|3|L|5|6|7|10|8|@]|9|@]|A|$]]|$1|M|3|N|5|D|7|11|8|@]|9|@]|A|$E|F]]|$1|O|3|P|5|6|7|12|8|@$Q|13|R|14|S|T]|$Q|15|R|16|S|T]]|9|@]|A|$]]|$1|U|3|-4|5|6|7|17|8|@]|9|@]|A|$]]]|V|$]]

I was using Maven so I had to add the taglibs library adding this to the pom.xml

<pre><code>&lt;dependency&gt;
 &lt;groupId&gt;org.springframework.security&lt;/groupId&gt;
 &lt;artifactId&gt;spring-security-taglibs&lt;/artifactId&gt;
 &lt;version&gt;3.1.3.RELEASE&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>

Then in my jsp added:

<pre><code>&lt;%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %&gt;
</code></pre>

And:

<pre><code>&lt;sec:authentication property="principal" /&gt;
</code></pre>

<code>principal.username</code> kept giving me errors (maybe is the way I created the <code>UsernamePasswordAuthenticationToken</code> object, not sure).

blocks|key|4459045|text|您可以这样使用:+Spring+Security+Tag+Lib+-+3.1.3.RELEASE|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4459046|<sec:authentication+var="principal"+property="principal"+/>|code-block|syntax|javascript|4459047|然后：|4459048|${principal.username}|4459049|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|N|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|O|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|P|8|@]|9|@]|A|$E|F]]|$1|K|3|-4|5|6|7|Q|8|@]|9|@]|A|$]]]|L|$]]

You can use like this:
Spring Security Tag Lib - 3.1.3.RELEASE

<pre><code>&lt;sec:authentication var="principal" property="principal" /&gt;
</code></pre>

and Then:

<pre><code>${principal.username}
</code></pre>

blocks|key|1458911|text|我知道在这个帖子里还有其他答案，但没有一个回答你如何检查用户是否通过了身份验证。所以我分享了我的代码是什么样子的。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1458912|在您的项目中包含标记库：|1458913|<%25@+taglib+prefix="sec"+uri="http://www.springframework.org/security/tags"+%25>|code-block|syntax|javascript|1458914|然后在当前作用域中创建一个用户对象，方法是添加：|1458915|<sec:authentication+var="user"+property="principal"+/>|1458916|然后，您可以轻松地通过添加来显示用户名。请记住，“主体”对象通常是string类型的，除非您以某种方式实现了spring安全性，以便将其更改为项目中的另一个类：|1458917|<sec:authorize+access="hasRole('ROLE_USER')+and+isAuthenticated()">
${user}
</sec:authorize>|1458918|我希望这对想要检查用户角色的人有所帮助。|1458919|如果您使用的是Maven，则添加Christian+Vielma在此线程中提到的依赖标记。|1458920|谢谢!|1458921|entityMap^0|0|0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Y|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Z|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|10|8|@]|9|@]|A|$G|H]]|$1|I|3|J|5|6|7|11|8|@]|9|@]|A|$]]|$1|K|3|L|5|F|7|12|8|@]|9|@]|A|$G|H]]|$1|M|3|N|5|6|7|13|8|@]|9|@]|A|$]]|$1|O|3|P|5|F|7|14|8|@]|9|@]|A|$G|H]]|$1|Q|3|R|5|6|7|15|8|@]|9|@]|A|$]]|$1|S|3|T|5|6|7|16|8|@]|9|@]|A|$]]|$1|U|3|V|5|6|7|17|8|@]|9|@]|A|$]]|$1|W|3|-4|5|6|7|18|8|@]|9|@]|A|$]]]|X|$]]

I know there are other answers in the thread, but none have answered how you can check if user is authenticated. So I'm sharing what my code look likes. 

Include the tag lib in your project:

<pre><code>&lt;%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %&gt;
</code></pre>

Then create a user object in current scope by adding:

<pre><code>&lt;sec:authentication var="user" property="principal" /&gt;
</code></pre>

Then you can easily show the username by adding. Remember the 'principal' object is generally of type string unless you have implemented the spring security in a way to change it to another Class in your project:

<pre><code>&lt;sec:authorize access="hasRole('ROLE_USER') and isAuthenticated()"&gt;
${user}
&lt;/sec:authorize&gt;
</code></pre>

I hope this helps somebody looking to check user roles.

If you are using Maven, then add the dependency tag as mentioned by Christian Vielma in this thread.

Thanks!

blocks|key|1458940|text|我认为<sec:authentication+property="principal.username"+/>并不总是有效的，因为Authentication.getPrincipal()返回的类型是Object，也就是:它可以是一个UserDetail+(上面的方法也适用)，一个字符串或者其他任何东西。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|1458941|为了在JSP页面中显示用户名，我发现更可靠的方法是使用${pageContext.request.userPrincipal.name}。|1458942|它使用返回字符串的java.security.Principal.getName()。|1458943|entityMap|0|LINK|mutability|MUTABLE|url|http://docs.spring.io/spring-security/site/docs/3.2.2.RELEASE/apidocs/org/springframework/security/core/Authentication.html#getPrincipal%2528%2529|1|http://docs.spring.io/spring-security/site/docs/3.2.2.RELEASE/apidocs/org/springframework/security/core/userdetails/UserDetails.html|2|http://docs.oracle.com/javase/7/docs/api/java/security/Principal.html#getName%2528%2529^0|3|1G|1T|T|1T|T|0|39|A|1|0|R|15|0|9|X|9|X|2|0^^$0|@$1|2|3|4|5|6|7|V|8|@$9|W|A|X|B|C]|$9|Y|A|Z|B|C]]|D|@$9|10|A|11|1|12]|$9|13|A|14|1|15]]|E|$]]|$1|F|3|G|5|6|7|16|8|@$9|17|A|18|B|C]]|D|@]|E|$]]|$1|H|3|I|5|6|7|19|8|@$9|1A|A|1B|B|C]]|D|@$9|1C|A|1D|1|1E]]|E|$]]|$1|J|3|-4|5|6|7|1F|8|@]|D|@]|E|$]]]|K|$L|$5|M|N|O|E|$P|Q]]|R|$5|M|N|O|E|$P|S]]|T|$5|M|N|O|E|$P|U]]]]

I think <code>&lt;sec:authentication property="principal.username" /&gt;</code> will not always work because type returned by <a href="http://docs.spring.io/spring-security/site/docs/3.2.2.RELEASE/apidocs/org/springframework/security/core/Authentication.html#getPrincipal%28%29" rel="noreferrer"><code>Authentication.getPrincipal()</code></a> is Object, ie: it could be a <a href="http://docs.spring.io/spring-security/site/docs/3.2.2.RELEASE/apidocs/org/springframework/security/core/userdetails/UserDetails.html" rel="noreferrer">UserDetail</a> (for which the above will work), a String or anything else.

For purpose of displaying username in JSP page what I find more reliable is using <code>${pageContext.request.userPrincipal.name}</code>.

This uses <a href="http://docs.oracle.com/javase/7/docs/api/java/security/Principal.html#getName%28%29" rel="noreferrer"><code>java.security.Principal.getName()</code></a> which returns String.

blocks|key|421058|text|无论用户是否登录，此方法都有效，并且在使用匿名身份验证时也有效：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|421059|<sec:authorize+access="isAuthenticated()">
++++<sec:authentication+property="principal.username"+var="username"+/>
</sec:authorize>
<sec:authorize+access="!isAuthenticated()">
++++<sec:authentication+property="principal"+var="username"+/>
</sec:authorize>|code-block|syntax|javascript|421060|稍后..。|421061|Hello+${username}|421062|entityMap^0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|N|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|O|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|P|8|@]|9|@]|A|$E|F]]|$1|K|3|-4|5|6|7|Q|8|@]|9|@]|A|$]]]|L|$]]

This works whether user is logged in or not, and works when using Anonymous Authentication:

<pre><code>&lt;sec:authorize access="isAuthenticated()"&gt;
 &lt;sec:authentication property="principal.username" var="username" /&gt;
&lt;/sec:authorize&gt;
&lt;sec:authorize access="!isAuthenticated()"&gt;
 &lt;sec:authentication property="principal" var="username" /&gt;
&lt;/sec:authorize&gt;
</code></pre>

Later...

<pre><code>Hello ${username}
</code></pre>

blocks|key|4459222|text|Mobile1)我的自定义用户类，带有额外的字段：|type|unstyled|depth|inlineStyleRanges|offset|length|style|BOLD|entityRanges|data|4459223|+public+class+SiteUser+extends+User+{

++++public+SiteUser(String+username,+String+password,+Collection<?+extends+GrantedAuthority>+authorities,
++++++++++++String+mobile)+{
++++++++super(username,+password,+true,+true,+true,+true,+authorities);
++++++++this.mobile+=+mobile;
++++}

++++private+String+mobile;

++++public+String+getMobile()+{
++++++++return+mobile;
++++}

++++public+void+setMobile(String+mobile)+{
++++++++this.mobile+=+mobile;
++++}

}|code-block|syntax|javascript|4459224|2)在我的UserDetailsServiceImpl.java中，我填充了这个自定义SiteUser对象。|4459225|public+SiteUser+loadUserByUsername(String+username)++{
++++++++UserInfoVO+userInfoVO+=+userDAO.getUserInfo(username);
++++++++GrantedAuthority+authority+=+new+SimpleGrantedAuthority(userInfoVO.getRole());

++++++++SiteUser+siteUser+=+new+SiteUser(userInfoVO.getUsername(),+userInfoVO.getPassword(),
++++++++++++++++Arrays.asList(authority),+userInfoVO.getMobile());

++++++++return+siteUser;
}|4459226|3)在视图中，我访问它的方式是：|4459227|4459228|entityMap^0|O|1|0|0|0|1I|0|0|0|G|0|0^^$0|@$1|2|3|4|5|6|7|T|8|@$9|U|A|V|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|W|8|@]|D|@]|E|$I|J]]|$1|K|3|L|5|6|7|X|8|@$9|Y|A|Z|B|C]]|D|@]|E|$]]|$1|M|3|N|5|H|7|10|8|@]|D|@]|E|$I|J]]|$1|O|3|P|5|6|7|11|8|@$9|12|A|13|B|C]]|D|@]|E|$]]|$1|Q|3|-4|5|6|7|14|8|@]|D|@]|E|$]]|$1|R|3|-4|5|6|7|15|8|@]|D|@]|E|$]]]|S|$]]

1) MY CUSTOM USER CLASS with extra field mobile:

<pre><code> public class SiteUser extends User {

 public SiteUser(String username, String password, Collection&lt;? extends GrantedAuthority&gt; authorities,
 String mobile) {
 super(username, password, true, true, true, true, authorities);
 this.mobile = mobile;
 }

 private String mobile;

 public String getMobile() {
 return mobile;
 }

 public void setMobile(String mobile) {
 this.mobile = mobile;
 }

}
</code></pre>

2) IN MY UserDetailsServiceImpl.java
I POPULATED THIS CUSTOM SiteUser object.

<pre><code>public SiteUser loadUserByUsername(String username) {
 UserInfoVO userInfoVO = userDAO.getUserInfo(username);
 GrantedAuthority authority = new SimpleGrantedAuthority(userInfoVO.getRole());

 SiteUser siteUser = new SiteUser(userInfoVO.getUsername(), userInfoVO.getPassword(),
 Arrays.asList(authority), userInfoVO.getMobile());

 return siteUser;
}
</code></pre>

3) AND IN VIEW I AM ACCESSING IT AS:

&lt; a href="#" th:text="${#httpServletRequest.userPrincipal.principal.mobile}">

blocks|key|1462705|text|J标签是：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1462706|<%25@taglib+prefix="j"+uri="http://java.sun.com/jsp/jstl/core"+%25>|code-block|syntax|javascript|1462707|sec标签为：|1462708|<%25@taglib+prefix="sec"+uri="http://www.springframework.org/security/tags"+%25>|1462709|添加到pom.xml：|1462710|<dependency>
++++<groupId>org.springframework.security</groupId>
++++<artifactId>spring-security-taglibs</artifactId>
++++<version>3.1.3.RELEASE</version>
</dependency>|1462711|添加到页面：|1462712|<sec:authentication+var="principal"+property="principal"/>
<j:choose>
++++<j:when+test="${principal+eq+'anonymousUser'}">
++++++++++NOT+AUTHENTICATED
++++</j:when>
++++<j:otherwise>
++++++++++AUTHENTICATED
++++</j:otherwise>
</j:choose>|1462713|entityMap^0|0|0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|U|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|V|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|W|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|X|8|@]|9|@]|A|$E|F]]|$1|K|3|L|5|6|7|Y|8|@]|9|@]|A|$]]|$1|M|3|N|5|D|7|Z|8|@]|9|@]|A|$E|F]]|$1|O|3|P|5|6|7|10|8|@]|9|@]|A|$]]|$1|Q|3|R|5|D|7|11|8|@]|9|@]|A|$E|F]]|$1|S|3|-4|5|6|7|12|8|@]|9|@]|A|$]]]|T|$]]

j tag is: 

<pre><code>&lt;%@taglib prefix="j" uri="http://java.sun.com/jsp/jstl/core" %&gt;
</code></pre>

sec tag is: 

<pre><code>&lt;%@taglib prefix="sec" uri="http://www.springframework.org/security/tags" %&gt;
</code></pre>

Add to pom.xml:

<pre><code>&lt;dependency&gt;
 &lt;groupId&gt;org.springframework.security&lt;/groupId&gt;
 &lt;artifactId&gt;spring-security-taglibs&lt;/artifactId&gt;
 &lt;version&gt;3.1.3.RELEASE&lt;/version&gt;
&lt;/dependency&gt;
</code></pre>

Add to the page:

<pre><code>&lt;sec:authentication var="principal" property="principal"/&gt;
&lt;j:choose&gt;
 &lt;j:when test="${principal eq 'anonymousUser'}"&gt;
 NOT AUTHENTICATED
 &lt;/j:when&gt;
 &lt;j:otherwise&gt;
 AUTHENTICATED
 &lt;/j:otherwise&gt;
&lt;/j:choose&gt;
</code></pre>

blocks|key|443428|text|要访问主体属性use，首先要为属性创建一个变量：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|443429|<sec:authentication+property="principal.attributes"+var="principalAttr"/>|code-block|syntax|javascript|443430|然后，您可以使用此映射按属性键名称检索值：|443431|${principalAttr.get("given_name")}|443432|不要忘记在maven依赖项列表中添加spring+security+taglib：|443433|++++<dependency>
++++++++<groupId>org.springframework.security</groupId>
++++++++<artifactId>spring-security-taglibs</artifactId>
++++++++<version>5.3.4.RELEASE</version>
++++</dependency>|443434|entityMap^0|0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|Q|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|R|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|S|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|T|8|@]|9|@]|A|$E|F]]|$1|K|3|L|5|6|7|U|8|@]|9|@]|A|$]]|$1|M|3|N|5|D|7|V|8|@]|9|@]|A|$E|F]]|$1|O|3|-4|5|6|7|W|8|@]|9|@]|A|$]]]|P|$]]

For accessing a principal attribute use, first, create a variable for attributes:
<pre><code>&lt;sec:authentication property=&quot;principal.attributes&quot; var=&quot;principalAttr&quot;/&gt;
</code></pre>
Then, you can use this map for retrieving values by the attribute key name:
<pre><code>${principalAttr.get(&quot;given_name&quot;)}
</code></pre>
Do not forget to add spring security taglib in your maven dependencies list:
<pre><code> &lt;dependency&gt;
 &lt;groupId&gt;org.springframework.security&lt;/groupId&gt;
 &lt;artifactId&gt;spring-security-taglibs&lt;/artifactId&gt;
 &lt;version&gt;5.3.4.RELEASE&lt;/version&gt;
 &lt;/dependency&gt;
</code></pre>

I am using Spring MVC and Spring Security version 3.0.6.RELEASE. What is the easiest way to get the user name in my JSP? Or even just whether or not the user is logged in? I can think of a couple ways:

<h1>1. Using a scriptlet</h1>

Using a scriptlet like this to determine if the user is logged in: 

<pre><code>&lt;%=org.springframework.security.core.context.SecurityContextHolder.getContext()
 .getAuthentication().getPrincipal().equals("anonymousUser")
 ? "false":"true"%&gt;
</code></pre>

I'm not a fan of using scriptlets, though, and I want to use this in some <code>&lt;c:if&gt;</code> tags, which requires putting it back as a page attribute.

<h1>2. Using SecurityContextHolder</h1>

I could again use SecurityContextHolder from my <code>@Controller</code> and put it on the model. I need this on every page, though, so I'd rather not have to add this logic in every one of my Controllers.

I suspect there's a cleaner way to do this...

Get Spring Security Principal in JSP EL expression

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

我使用的是Spring MVC和Spring Security版本3.0.6.RELEASE。在我的JSP中获取用户名最简单的方法是什么？或者仅仅是用户是否已登录？我可以想出几种方法：1.使用scriptlet使用像这样的scriptlet来确定用户是否已登录：<%=org.springframework.securi...

问在JSP EL表达式中获取Spring安全主体
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问在JSP EL表达式中获取Spring安全主体EN