SEC-309: Patch for Authentication tag to use property of authentication object, rather than invoking an operation on the principal. Allows use of nested properties.
This commit is contained in:
@@ -1,14 +1,18 @@
|
||||
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
|
||||
<html>
|
||||
<body>
|
||||
<h1>Home Page</h1>
|
||||
Anyone can view this page.<br><br>
|
||||
|
||||
If you're logged in, you can <a href="listAccounts.html">list accounts</a>.<br><br>
|
||||
|
||||
|
||||
Your principal object is....: <%= request.getUserPrincipal() %><br><br>
|
||||
<p>
|
||||
Anyone can view this page.
|
||||
</p>
|
||||
<p>
|
||||
If you're logged in, you can <a href="listAccounts.html">list accounts</a>.
|
||||
</p>
|
||||
<p>
|
||||
Your principal object is....: <%= request.getUserPrincipal() %>
|
||||
</p>
|
||||
|
||||
<p><a href="secure/index.jsp">Secure page</a>
|
||||
<p><a href="secure/extreme/index.jsp">Extremely secure page</a>
|
||||
<p><a href="secure/index.jsp">Secure page</a></p>
|
||||
<p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
|
||||
</body>
|
||||
</html>
|
||||
@@ -1,13 +1,34 @@
|
||||
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
|
||||
|
||||
<html>
|
||||
<body>
|
||||
<h1>Secure Page</h1>
|
||||
<p>
|
||||
This is a protected page. You can get to me if you've been remembered,
|
||||
or if you've authenticated this session.<br><br>
|
||||
|
||||
<%if (request.isUserInRole("ROLE_SUPERVISOR")) { %>
|
||||
You are a supervisor! You can therefore see the <a href="extreme/index.jsp">extremely secure page</a>.<br><br>
|
||||
<% } %>
|
||||
|
||||
or if you've authenticated this session.
|
||||
</p>
|
||||
|
||||
<sec:authorize ifAllGranted="ROLE_SUPERVISOR">
|
||||
You are a supervisor! You can therefore see the <a href="extreme/index.jsp">extremely secure page</a>.<br/><br/>
|
||||
</sec:authorize>
|
||||
|
||||
<h3>Properties obtained using <sec:authentication /> tag</h3>
|
||||
<table border="1">
|
||||
<tr><th>Tag</th><th>Value</th></tr>
|
||||
<tr>
|
||||
<td><sec:authentication property='name' /></td><td><sec:authentication property="name"/></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><sec:authentication property='principal.username' /></td><td><sec:authentication property="principal.username"/></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><sec:authentication property='principal.enabled' /></td><td><sec:authentication property="principal.enabled"/></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><sec:authentication property='principal.accountNonLocked' /></td><td><sec:authentication property="principal.accountNonLocked"/></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|
||||
<p><a href="../">Home</a>
|
||||
<p><a href="../j_spring_security_logout">Logout</a>
|
||||
|
||||
Reference in New Issue
Block a user