Get Spring Security Principal in JSP EL expression

java spring jsp spring-mvc spring-security
73,068

Solution 1

Check Spring security tags : <sec:authentication property="principal.username" />

http://static.springsource.org/spring-security/site/docs/3.0.x/reference/taglibs.html

And you can check if logged : 

<sec:authorize access="isAuthenticated()">

instead of c:if

Solution 2

I know there are other answers in the thread, but none have answered how you can check if user is authenticated. So I'm sharing what my code look likes.

Include the tag lib in your project:

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

Then create a user object in current scope by adding:

<sec:authentication var="user" property="principal" />

Then you can easily show the username by adding. Remember the 'principal' object is generally of type string unless you have implemented the spring security in a way to change it to another Class in your project:

<sec:authorize access="hasRole('ROLE_USER') and isAuthenticated()">
${user}
</sec:authorize>

I hope this helps somebody looking to check user roles.

If you are using Maven, then add the dependency tag as mentioned by Christian Vielma in this thread.

Thanks!

Solution 3

You can use like this: Spring Security Tag Lib - 3.1.3.RELEASE

<sec:authentication var="principal" property="principal" />

and Then:

${principal.username}

Solution 4

I was using Maven so I had to add the taglibs library adding this to the pom.xml

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-taglibs</artifactId>
    <version>3.1.3.RELEASE</version>
</dependency>

Then in my jsp added:

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>

And:

<sec:authentication property="principal" />

principal.username kept giving me errors (maybe is the way I created the UsernamePasswordAuthenticationToken object, not sure).

Solution 5

I think <sec:authentication property="principal.username" /> will not always work because type returned by Authentication.getPrincipal() is Object, ie: it could be a UserDetail (for which the above will work), a String or anything else.

For purpose of displaying username in JSP page what I find more reliable is using ${pageContext.request.userPrincipal.name}.

This uses java.security.Principal.getName() which returns String.

Share:
73,068

Related videos on Youtube

Jeremiah Orr
Author by

Jeremiah Orr

Updated on August 11, 2020

Comments

  • Jeremiah Orr
    Jeremiah Orr over 3 years

    I am using Spring MVC and Spring Security version 3.0.6.RELEASE. What is the easiest way to get the user name in my JSP? Or even just whether or not the user is logged in? I can think of a couple ways:

    1. Using a scriptlet

    Using a scriptlet like this to determine if the user is logged in: 

    <%=org.springframework.security.core.context.SecurityContextHolder.getContext()
    .getAuthentication().getPrincipal().equals("anonymousUser")
    ? "false":"true"%>

    I'm not a fan of using scriptlets, though, and I want to use this in some <c:if> tags, which requires putting it back as a page attribute.

    2. Using SecurityContextHolder

    I could again use SecurityContextHolder from my @Controller and put it on the model. I need this on every page, though, so I'd rather not have to add this logic in every one of my Controllers.

    I suspect there's a cleaner way to do this...

  • Jeremiah Orr
    Jeremiah Orr over 12 years
    I tried that, at least using the expression ${request.userPrincipal}, but it comes back null. Maybe I did something to break it... thanks, though!
  • Jeremiah Orr
    Jeremiah Orr over 12 years
    Perfect! For anyone else who might see this, I had to add <bean class="org.springframework.security.web.access.expression.De‌​faultWebSecurityExpr‌​essionHandler" /> to spring-security.xml to get it to work.
  • gpeche
    gpeche over 12 years
    @Jeremiah Orr that is strange, I have several applications relying on that integration between Spring Security and the Servlet API. Maybe you have specified a custom Spring Security stack instead of using the default one?
  • user64141
    user64141 over 10 years
    Great, much better! If anyone else has this problem, my spring security tags were being ignored until I added a spring-security-taglibs dependency in my pom.xml.
  • Neil McGuigan
    Neil McGuigan about 9 years
    This doesn't seem to work when using Anonymous Authentication
  • Debadatta
    Debadatta about 5 years
    Thanks !! correct answer fornew versions of spring boot

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

WARN o.s.web.servlet.PageNotFound - No mapping found for HTTP request with URI
Spring Security login returns 404
Java Spring Security - User.withDefaultPasswordEncoder() is deprecated?
Spring security 401 Unauthorized even with permitAll
500 error handling in Spring MVC
spring security get user id from DB
Integrating Spring Security with SiteMinder
spring app not finding property on object
Unable to read TLD "META-INF/c.tld" from JAR file
net::ERR_INCOMPLETE_CHUNKED_ENCODING SPRING MVC application using JSP