使用 j_security_check 成功进行身份验证后,如何在我的 index.jsp 上获取 j_username?
我在 login.jsp 上使用 j_security_check。服务器是 GlassFish Server 3。一切正常,当用户通过身份验证后,它会打开 index.jsp。我的问题是我需要在我的index.jsp 中获取j_username,但我找不到执行此操作的方法。我找到的所有解决方案都是用 Java 编写的,我需要一些可以与我的 jsp 一起使用的东西。
有什么想法吗?预先非常感谢您!
I'm using j_security_check on a login.jsp. The server is GlassFish Server 3. It all works, when the user is authenticated it then opens index.jsp. My problem is I need to get j_username in my index.jsp, but I couldn't find a way of doing it. All solutions I found are in Java and I need something that works with my jsp.
Any ideas? Thank you very much in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
所涉及的请求位于 JSP EL 中,可通过
PageContext#getRequest()。登录用户可通过HttpServletRequest#getUserPrincipal()。用户名又可通过 获得Principal#getName()。所以,
应该做。
顺便说一句,使用
<、>、"等等(这是 XSS 攻击的来源)。The involved request is in JSP EL available by
PageContext#getRequest(). The logged-in user is available byHttpServletRequest#getUserPrincipal(). The username is in turn available byPrincipal#getName().So,
should do.
Using
<c:out>is by the way not necessary, but useful for the case that the username could contain special HTML characters which could malform the HTML output like<,>,"and so on (which is a source for XSS attacks). The<c:out>just escapes them so that they get displayed literally instead of being interpreted as part of HTML markup.