After given a
demo to the customer, they wished to modify the specification so that
after login, the page always shows the name of the user logged in. Also
they would prefer if the navigation was customized to the type of user
that has logged in. e.g. standard users with ROLE_USER should not see
the link to the admin page on the common navigation.

The specification has been updated as follows:

User Story 7: Create common navigation that all secure pages will contain.
Note: There will be links to home, admin pages and a logout link.
Note: only admin users should see the admin link on the common navigation.

User Story 10: A common information bar should exist on all secure pages that displays whether the user is logged in or not.

The solution

To customize the common navigation per user role type and display
the logged in username, we are going to use spring security’s tag libs,
specifically the authorize and authentication tags.

Add spring security taglibs as dependency

Add spring-security-taglibs-2.0.4.jar to our WAR projects lib folder.

The implementation

The first step is to update our acceptance tests that verify behavior on the common navigation:

Next step is to create a userinfobar.jsp file that will be included in each secure page:

Things to note:

  1. we are using the authentication tag from spring security’s tag libs
    (which will be included at top of each jsp that includes this file)

Next this should be included in the home.jsp and admin.jsp pages. Here is home.jsp:

Things to note:

  1. The spring security tablib is included at top of page
  2. The userinfobar.jsp file is included so will display username of logged in users.

Build, deploy and run all acceptance tests.

Getting the code

The code for this part is tagged and available for viewing online at: http://code.google.com/p/spring-security-series/source/browse/#svn/tags/SpringSecuritySeriesWAR-Part8

SVN Url: https://spring-security-series.googlecode.com/svn/tags/SpringSecuritySeriesWAR-Part8

Leave a Reply

电子邮件地址不会被公开。 必填项已用*标注