有没有办法转换格式为
的jsp代码<security:authorize access="hasRole('ROLE_USER')">You're an user</security:authorize>
<security:authorize access="hasRole('ROLE_ADMIN')">You're an admin</security:authorize>
<security:authorize access="hasRole('ROLE_SADMIN')">You're a superadmin</security:authorize>
到另一种形式,类似于以下(不起作用)?
<c:choose>
<c:when test="hasRole('ROLE_USER')">
You're an user
</c:when>
<c:when test="hasRole('ROLE_ADMIN')">
You're an admin
</c:when>
<c:when test="hasRole('ROLE_SADMIN')">
You're a superadmin
</c:when>
<c:otherwise>
You have no relevant role
</c:otherwise>
</c:choose>
更准确地说,有没有办法用JSTL标签替换这个Spring Security taglib功能?
答案 0 :(得分:9)
您可以使用var标记的<security:authorize/>属性创建:
页面范围变量,标记的布尔结果 将编写评估,允许重复使用相同的条件 随后在页面中没有重新评估。
<security:authorize access="hasRole('ROLE_USER')" var="isUser" />
<security:authorize access="hasRole('ROLE_ADMIN')" var="isAdmin" />
<security:authorize access="hasRole('ROLE_SADMIN')" var="isSuperUser" />
<c:choose>
<c:when test="${isSuperUser}">
You're a superadmin
</c:when>
<c:when test="${isAdmin}">
You're an admin
</c:when>
<c:when test="${isUser}">
You're an user
</c:when>
<c:otherwise>
You have no relevant role
</c:otherwise>
</c:choose>
答案 1 :(得分:1)
Workarround:如果只有这个简单的hasRole(XXX)表达式,那么你可以拥有一个包含当前用户角色的变量。这个变量可以由控制器填充,或者在几乎所有jsps中需要时,由Spring HandlerInterceptor或Servlet过滤器(在Spring安全过滤器之后注册)填充。