Showing User Information on JSP using Spring Security JSP Taglibs

Some times, we need to show user information like username or role of the logged in user on jsp page. Spring Security JSP taglibs provided tags for showing logged in user information in JSP pages. Off-course we can use Spring MVC Controller code to store these values in model and then show them on JSP page but using Spring Security JSP Taglibs is the easiest way to do it.

The Tutorial is assuming that you have read following tutorials before reading this:

  1. Configuring Spring Security in Spring Web MVC Application.
  2. Role based User Interface creation using Spring JSP Taglibs.

Please read those tutorial or if you have prior knowledge of setting up Spring Security JSP Taglibs to use in jsp then you can continue with the tutorial.

Tools Used:

  • Spring MVC 3.0.3
  • Spring Security 3.0.5
  • Eclipse Indigo 3.7
  • Tomcat 6
  • Jdk 1.6

Lets do it with an example

We have modified Configuring Spring Security in Spring Web MVC Application example to show logged in user’s information in jsp. In our example, we will configure two users in Spring Security Configuration file, one is “admin” and another is “customer”. We will see how to show username of the logged in user in welcome page that is displayed after successful login of the user.

Modifying Spring Security Configuration file


<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    <http realm="Project Realm" auto-config="true" use-expressions="true">
        <intercept-url pattern="/auth/**" filters="none"/>
        <intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')"/>
        <form-login login-page="/auth/login.jsp" authentication-failure-url="/auth/login.jsp?login_error=1"/>
        <logout logout-success-url="/auth/login.jsp"/>
        <remember-me />
    </http>

    <authentication-manager>
       <authentication-provider>
            <user-service>
                <user name="admin" password="admin" authorities="ROLE_ADMIN"/>
                <user name="customer" password="customer" authorities="ROLE_USER"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>

</b:beans>

As stated above, we have configured two users in configuration file and have given permission of viewing welcome page to both the user.

Modifying welcome page to show user information


<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <%@ page session="true" %>
 <%@ taglib uri="http://java.sun.com/jstl/core" prefix="c"%>
 <%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec"%>
 <html xmlns="http://www.w3.org/1999/xhtml">
     <head>
         <title>Spring Security 3 JSP Taglibs- This is a secure page</title>
         <meta http-equiv="Content-Type" content="text/html; charset=windows-1251">
     </head>
     <body>
         <h1>Welcome! <sec:authentication property="principal.username"/></h1><br />
          ${HelloMessage}<br />
         <a href="<c:url value="/j_spring_security_logout"/>">Logout</a>
     </body>
 </html>

<sec:authentication/> tag is used to access current Authentication object stored in the security context. This tag shows values in properties of logged in users principal object. “property” attribute of this tag is used to specify the property whose values we want to show in jsp page output.

Deploy the war file in Tomcat 6 and hit the url in browser, you will get following screen for login:

Custom Login Form in Spring Security

Custom Login Form in Spring Security

Now, login with the username and password as “admin”, you will be forwarded to welcome page and following screen will show:

Showing User Info Using Spring Security - Admin

Showing User Info Using Spring Security - Admin

You can see the username of the logged in user “admin” has been shown to the output of welcome page.

Now, logout and login again with the username and password as “customer”, you will get following output:

Showing User Info Using Spring Security - Customer

Showing User Info Using Spring Security - Customer

Now, you can see username “customer” is showing in output of welcome page.

You can download source of this example from following link:

Source: Download

Related Posts:

Leave a Comment Cancel reply

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>