Hi guys, new to spring and spring security also.
I've set up my security.xml like this.
It seems like it is working as only ROLE_ADMINS can access the viewUsers.html.Code:
namespace omitted..
<http auto-config="true" use-expressions="true">
<form-login login-page="/login.html" />
<logout invalidate-session="true" logout-url="/logout.html" logout-success-url="/login.html?loggedout=true" />
<intercept-url pattern="/viewUsers.html" access="hasRole('ROLE_ADMIN')" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource" />
</authentication-provider>
</authentication-manager>
Two questions..
1) I believe that a UserDetails object or something gets stored internally when the login is successful. How can I access this object through the jsp and how can I get the current user through the jsp?
2) If i want to get the object through the controller, is it..
It's wierd cause the name is principal.Code:return (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
