2

我有一个控制器,我想在其中检查用户是否经过完全身份验证,类似于 Spring SecurityisFullyAuthenticated()表达式提供的内容。我怎么做?

我使用的解决方案基于 Tomasz Nurkiewicz 下面的回答,只是从 org.springframework.security.access.expression.SecurityExpressionRoot 窃取实现

 public class SpringSecurityUtils {
    private static final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();

    public static boolean isFullyAuthenticated()
    {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return !trustResolver.isAnonymous(authentication) && !trustResolver.isRememberMe(authentication);
    }
}
4

2 回答 2

2

查看源代码,SecurityExpressionRoot看起来AuthenticationTrustResolverImpl您可以使用以下条件:

public boolean isFullyAuthenticated(Authentication auth) {
    return !(auth instanceof AnonymousAuthenticationToken || 
             auth instanceof RememberMeAuthenticationToken);
}

您在哪里获得身份验证,例如使用:

SecurityContextHolder.getContext().getAuthentication()
于 2012-05-16T19:25:07.293 回答
1

您可以调用isUserInRole()方法SecurityContextHolderAwareRequestWrapperHttpServletRequest使用字符串IS_AUTHENTICATED_FULLY

request.isUserInRole("IS_AUTHENTICATED_FULLY");
于 2012-05-16T20:36:10.123 回答