我使用标记<sec:authorize access="!hasAnyRole('ROLE_ADMIN', 'ROLE_USER')">
也许是其他解决方案?
答案 0 :(得分:3)
此代码适用于用户是否登录,并在使用匿名身份验证时起作用:
<sec:authorize access="isAuthenticated()">
<!-- if user is authenticated-->
</sec:authorize>
<sec:authorize access="!isAuthenticated()">
<!-- if user is not authenticated-->
</sec:authorize>
答案 1 :(得分:1)
您总是可以这样:
<sec:authorize access="isAnonymous()">
答案 2 :(得分:0)
您可以使用匿名过滤器。像这样:
<bean id="anonymousAuthFilter"
class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
<property name="key" value="foobar"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>
<bean id="anonymousAuthenticationProvider"
class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
<property name="key" value="foobar"/>
</bean>
然后像这样检查:
<sec:authorize access="hasAnyRole('ROLE_ANONYMOUS')">
在这里您可以找到更多信息: https://docs.spring.io/spring-security/site/docs/3.0.x/reference/anonymous.html