如何確定登錄頁面上是否有某個用戶已經登錄？

Question

有沒有什麼辦法，如何確定，如果有人在使用時已經登錄了Spring 3 MVC + Spring security？這是我的安全上下文：

<beans xmlns:security="http://www.springframework.org/schema/security" 
    xmlns="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
      http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
      http://www.springframework.org/schema/security 
      http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

<security:http pattern="/resources/**" security="none"/> 
<security:http pattern="/login*" security="none" auto-config="true"/> 
<security:http pattern="/denied" security="none"/> 

<security:http auto-config="true" access-denied-page="/denied" servlet-api-provision="false"> 
    <security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
    <security:intercept-url pattern="/edit/**" access="ROLE_EDIT"/> 
    <security:intercept-url pattern="/admin/**" access="ROLE_ADMIN"/> 
    <security:intercept-url pattern="/**" access="ROLE_USER"/> 
    <security:form-login login-page="/login" authentication-failure-url="/denied" 
         default-target-url="/"/> 
    <security:logout/> 
</security:http> 

<security:authentication-manager> 
    <security:authentication-provider> 
     <security:user-service> 
      <security:user name="adam" password="adampassword" authorities="ROLE_USER"/> 
      <security:user name="jane" password="janepassword" authorities="ROLE_USER, ROLE_ADMIN"/> 
      <security:user name="sue" password="suepassword" authorities="ROLE_USER, ROLE_EDIT"/> 
     </security:user-service> 
    </security:authentication-provider> 
</security:authentication-manager> 

</beans> 

我可以通過

<% 
    User user = (User) SecurityContextHolder.getContext() 
      .getAuthentication().getPrincipal(); 
    String username = user.getUsername(); 
%> 

然而在登錄頁面，它會產生空指針異常即確定其主頁上..： -/

當有有人已經登錄，有人試圖再次登錄，然後瀏覽器去myurl.com/home頁，我得到404錯誤，因爲正確的地址應該只是myurl.com/。當沒有人登錄時，瀏覽器重定向到正確的地址。任何想法可能是一個錯誤？

我的jsp頁面：

<%@ page import="org.springframework.security.core.userdetails.User"%> 
<%@ page import="org.springframework.security.core.context.SecurityContextHolder"%> 
<%@ page import="java.util.Collection"%> 
<%@ page import="javax.swing.text.AbstractDocument"%> 
<%@ page import="org.springframework.security.core.GrantedAuthority"%> 

<!DOCTYPE html> 
<html lang="en"> 
<head> 
<meta charset="utf-8" /> 
</head> 
<body> 
<div class="form"> 
    <form name="f" action="j_spring_security_check" method="post"> 
     <input type="text" id="username" class="input-block-level" 
      name="j_username" placeholder="Username"> <input 
      type="password" id="password" name="j_password" 
      class="input-block-level" placeholder="Password"> 
     <button class="btn btn-large btn-primary" type="submit">Sign 
      in</button> 
    </form> 
</div> 
</body> 
</html> 

Answer 1

春季安全包含一個JSP標籤庫，可以通過下一個代碼導入：

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> 

憑藉原裝進口，您可以使用JSP標籤「SEC」（安全），

<sec:authorize access="isAuthenticated()"> 
    ... <!-- Code or message to show when user is authenticated --> 
</sec:authorize> 

內的標籤，您可以運行特定的代碼，顯示標籤或HTML。

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html

Answer 2

在jsp中可以使用

第一個問題：

<sec:authorize access="isAuthenticated()"> 
    the user has logged in 
</sec:authorize> 

第二個問題：

你獲得404錯誤，當一些身體已直接登錄請求登錄頁面，因爲您限制了對此頁面的訪問：

<security:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 

一種解決方案是使用permitAll訪問限制，而不是和把一些通知，在jsp的用戶在登錄媒體鏈接：

<security:intercept-url pattern="/login*" access="permitAll"/> 

的login.jsp

<sec:authorize access="isAuthenticated()"> 
    you already logged in. 
</sec:authorize>