Spring Security：检查用户是否来自记住我的cookie

这个Spring Security示例向您展示了如何检查用户是否从“记住我” cookie登录。

private boolean isRememberMeAuthenticated() {

	Authentication authentication = 
		SecurityContextHolder.getContext().getAuthentication();
	if (authentication == null) {
		return false;
	}

    return RememberMeAuthenticationToken.class.isAssignableFrom(authentication.getClass());
  }
	
  @RequestMapping(value = "/admin/update**", method = RequestMethod.GET)
  public ModelAndView updatePage() {

	ModelAndView model = new ModelAndView();

	if (isRememberMeAuthenticated()) {	
		model.setViewName("/login");	
	} else {
		model.setViewName("update");
	}

	return model;

  }

在Spring Security标记中，您可以这样编码：

<%@taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
<%@page session="true"%>
<html>
<body>

	<sec:authorize access="isRememberMe()">
		<h2># This user is login by "Remember Me Cookies".</h2>
	</sec:authorize>

	<sec:authorize access="isFullyAuthenticated()">
		<h2># This user is login by username / password.</h2>
	</sec:authorize>

</body>
</html>

注意
isRememberMe（）–如果当前主体是“记住我”用户，则返回true
isFullyAuthenticated（）–如果用户不是匿名用户或记住我的用户，则返回true

参考文献

1. Spring Security，用于表达式概述的Spring EL
2. AuthenticationTrustResolverImpl JavaDoc
3. Spring Security记住我的例子

标签： Spring安全

翻译自: https://mkyong.com/spring-security/spring-security-check-if-user-is-from-remember-me-cookie/