Spring MVC-检查用户是否已经通过Spring Security登录？

至少有4种不同的方式：

spring security XML configuration

这是最简单的方法

<security:http auto-config="true" use-expressions="true" ...>   ...  <security:intercept-url pattern="/forAll     public boolean myCustomAuthenticatedexpression() {        return super.request.getSession().getValue("myFlag") != null;     }}

2.）你需要对进行扩展

DefaultWebSecurityexpressionRootHandler

 public class MyCustomWebSecurityexpressionHandler   extends DefaultWebSecurityexpressionHandler {      @Override   public evaluationContext createevaluationContext(Authentication a,     FilterInvocation f) {          StandardevaluationContext ctx =        (StandardevaluationContext) super.createevaluationContext(a, f);WebSecurityexpressionRoot myRoot =         new MyCustomWebSecurityexpressionRoot(a, f);ctx.setRootObject(myRoot);return ctx;      } }

3.）然后，你需要向选民注册你的经纪人

<security:http use-expressions="true" access-decision-manager-ref="httpAccessDecisionManager" ...>      ...    <security:intercept-url pattern="/restricted/**"   access="myCustomAuthenticatedexpression" />    ...</security:http><bean id="httpAccessDecisionManager"      >    <constructor-arg name="decisionVoters"> <list>     <ref bean="webexpressionVoter" /> </list>    </constructor-arg></bean><bean id="webexpressionVoter"      >    <property name="expressionHandler"   ref="myCustomWebSecurityexpressionHandler" /></bean><bean id="myCustomWebSecurityexpressionHandler"     />

Spring Security 3.1更新

从Spring Security 3.1开始，实现自定义表达式要容易一些。一个不再需要

sublcass WebSecurityexpressionHandler

override createevaluationContext

sublas AbstractSecurityexpressionHandler<FilterInvocation>

DefaultWebSecurityexpressionHandler

SecurityexpressionOperations createSecurityexpressionRoot(final Authentication a, final FilterInvocation f)

 public class MyCustomWebSecurityexpressionHandler   extends DefaultWebSecurityexpressionHandler {      @Override   public SecurityexpressionOperations createSecurityexpressionRoot(     Authentication a,     FilterInvocation f) {WebSecurityexpressionRoot myRoot =         new MyCustomWebSecurityexpressionRoot(a, f);myRoot.setPermissionevaluator(getPermissionevaluator());myRoot.setTrustResolver(this.trustResolver);myRoot.setRoleHierarchy(getRoleHierarchy());return myRoot;      } }