1. Dependency import
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>version</version>
</dependency>
2. Page import
<%@taglib uri="http://www.springframework.org/security/tags" prefix="security"%>
authentication
Replace the user name with the following paragraph, you can display the current user on the page
<security:authentication property="principal.username"></security:authentication>
property: Only the attributes owned by Authentication are allowed to be specified, and the cascade of attributes can be obtained, such as "principle.username", and
direct method calls are not allowed
authorize
authorize is used to judge ordinary permissions, and control the display of the content it contains by judging whether the user has the corresponding permissions. The
following code indicates that the ADMIN role can see the user management, if not, it can’t
<security:authorize access="hasRole('ADMIN')">
All below
<%--表示当前用户的ADMIN角色就能看到用户管理,如果不是就不能--%>
<li id="system-setting">
<security:authorize access="hasRole('ADMIN')">
<a
href="${pageContext.request.contextPath}/user/findAll.do"> <i
class="fa fa-circle-o"></i> 用户管理
</a>
</security:authorize>
</li>
Also note that adding this expression requires adding an extra bean in the spring-security.xml configuration file
<!--多配置一个bean,实现用jsp页面可以用表达式-->
<bean id="webexpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
As shown below, James cannot see the user management function, because james is not an ADMIN role
