Reputation: 4754
jsf spring security user info
I'm new at Spring Security. I'm using jsf2 with spring security 3. Three questions:
How can I access, from a session managed bean, the user info (name,password,roles) of the user currently logged in?
In order to use it in a view, for example for rendering elements depending on the roles of the user.
How can I know if a user is logged in? In order to show in a view a "login link" if the user is not logged in, or a "logout link" if the user is logged in. Which property of Spring Security do I have to use in my managed bean to store this info and use it in the view?
The "login link" is just a GET request to the URL of the login page. But how can I show "logout link"? Do it have to be a POST request and use "h:commandLink" like this?:
<h:commandLink value="Logout" action="#{request.contextPath}/j_spring_security_logout" />Or can it be a GET request?:
<h:link value="Logout" outcome="#{request.contextPath}/j_spring_security_logout" />
Thank you very much in advanced.
Upvotes: 0
Views: 2010
Answers (1)
Reputation: 731
The object authentication is who save this properties, you can obtain with next line in your managedBean:
Authentication auth = SecurityContextHolder.getContext().getAuthentication();A user is logged if his Authentication is not a instace of
AnonymousAuthenticationToken, in yourspring-security-context.xmlyou must define the urls intercepted by Spring.The first interceptor is not analyzed by Spring. In this case the Authentication object is an instance of
AnonymousAuthenticationToken.The second interceptor is analyzed by Spring and the user is redirected to login page declared in
spring-security-context.xml/* This is a example for to obtain the rol name for example for generate automatic menu */ Authentication auth = SecurityContextHolder.getContext().getAuthentication(); String namePrincipalRol = null; if (auth instanceof AnonymousAuthenticationToken) { namePrincipalRol = "ROLE_ANONYMOUS"; } else { namePrincipalRol = auth.getAuthorities().iterator().next().getAuthority(); }Good question, I am not sure but I think I remember having read that it must be POST, would be interesting to try. I use h:outputLink
Kind regards.
Upvotes: 1
Related Questions
- Spring Security 5 and JSF 2.2 Bean authentication
- how Get current logged in username in Spring Security with jsf?
- Spring Security User Information
- Integrating Spring security with JSF 2
- Spring Security with JSF
- JSF - Spring Security Integration issue
- user authentication jsf
- JSF 2.0 and Spring Security User authentication to login webapp
- spring-security and jsf
- Spring Security Current User Session Bean