All geek questions in one place

Spring Security 3.1 - how to identify a user is already registered or not?

I am using spring security 3.1 for my web application.

I performed my own filter to filter the url.

As soon as the user logs in and then the user types in the login URL, the log URL should not be open at this time. I want to say how can I verify that a user has already registered or not?

If the user is already registered, the login page should not open. It should open the destination URL page.

Thanks.

+4
source share
4 answers

You can use the static method in the SecurityContextHolder class to get the Security Context from where you can get the Authentication object, and then you can find out if the user is currently logged in.

+4
source

I was looking for a solution to solve the same problem. I ended up doing the following:

@RequestMapping(method = RequestMethod.GET, value = "/admin/login") public ModelAndView login(HttpServletRequest request) { Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if(principal instanceof UserDetails && validLogin((UserDetails) principal)){ return new ModelAndView("redirect:/admin/home"); // Go to admin home if already // logged in } final String error = request.getParameter("login_error"); return loginPage.display(error); // Not logged in, so admin login page is displayed } private boolean validLogin(UserDetails userDetails) { // This function does a check to ascertain the validity of the logged in user // You may also consider evaluating userDetails.getAuthorities() return userDetails.isAccountNonExpired() && userDetails.isAccountNonLocked() && userDetails.isCredentialsNonExpired() && userDetails.isEnabled(); }

But I hope there is a more customizable way to achieve this.

+4
source

Try the following:

 Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication == null) { //not authorized } Object principalObject = authentication.getPrincipal(); if (principalObject == null) { //not authorized }

Or you can configure security, I think this is what you need in your context application:

 <security:http auto-config="true" authentication-manager-ref="authenticationManager"> <!-- Don't set any role restrictions on login.jsp and index.jsp --> <security:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <security:intercept-url pattern="/urlOfAView" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <!-- Restrict access to ALL other pages --> <security:intercept-url pattern="/**" access="ROLE_USER"/> <!-- Set the login page and what to do if login fails --> <security:form-login login-page="/login" authentication-failure-url="/login?login_error=1" default-target-url="/loginUser"/> <!-- Set the logout page and where to go after logout is successful --> <security:logout logout-success-url="/index"/> </security:http>

I am using Spring 3.1, so my namespaces are:

 <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation=" http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd ">

Good luck.

0
source

I am writing similar functionality right now. In my case, I just added this code to the spring security configuration:

 <http pattern="/**" auto-config="false" use-expressions="true" > <intercept-url pattern="/login" access="!isAuthenticated()" /> <access-denied-handler error-page="/"/> <!-- More configuration here --> </http>

Of course, this configuration redirects all "denied access" requests to your home page. If you need another redirect only for your login page, you must provide your own disclaimer implementation.

0
source

Source: https://habr.com/ru/post/1400530/

More articles:


All Articles