Check if the current user is registered using the "remember me" filter in Spring Security

Question

Check if the current user is registered using the "remember me" filter in Spring Security

How can I programmatically check if a user with a Remember Me filter is registered in Spring Security?

eg. how to do it in spring controller

@RequestMapping({"/sell-all-assets"})
public String sellAllAssets(Model model, HttpServletRequest request) {
    if (isRememberMeAuthenticated()) {
        return "redirect:/login";
    } else {
        accountService.sellAllAssets(getCurrentUser());
        return "pages/myaccount";
    }
}

public static boolean isRememberMeAuthenticated() {
    ???
}

+4

java spring spring-security remember-me

Andidev Mar 6 '14 at 13:44

source share

3 answers

Why do it yourself. Spring Security can do it for you.

<intercept-url pattern="/sell-all-assets" access="hasRole("user") and isFullyAutheticated()"/>

See http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#overview for more details .

+1

M. Deinum 06 . '14 14:31

Deinum,

isRememberMe () - returns true if the current main user is a remembering
user isAuthenticated () - returns true if the user is not anonymous
isFullyAuthenticated () . Returns true if the user is not anonymous or does not remember me.

0

Jay Mar 6 '14 at 14:33

source share

Andidev · Accepted Answer · 2014-03-06T21:05:07+0000

It looks like the AuthenticationTrustResolverImpl class contained code answering my question. Here

public static boolean isRememberMeAuthenticated() {
    // Check authentication exists
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        return false;
    }

    return RememberMeAuthenticationToken.class.isAssignableFrom(authentication.getClass());
}

Check if the current user is registered using the "remember me" filter in Spring Security

More articles: