Spring security: is the user logged in or anonymous?

Question

I need a public restful endpoint that can tell me if the current user is logged in or not. Since the user may be authenticated as anonymousUser, I can't just do this:

if (SecurityContextHolder.getContext().getAuthentication().isAuthenticated())
...

From looking at some other posts, it looks like I might need to do something clumsy like actually look for the anonymous role in granted authorities. Is there an easier way?

score 2 · Accepted Answer · answered Apr 16 '15 at 12:37

2

Here's what I believe is the simplest solution:

// permitAll
@RequestMapping(method = RequestMethod.GET, value = "/isAuthorized")
public String isAuthorized(Principal user) {                
    return user != null ? "Y" : "N";
}

answered Apr 16 '15 at 12:37

gyoder

4,530
5
29
37

score 0 · Answer 2 · answered May 30 '18 at 20:35

You can also use (not nice, but works):

SecurityContextHolder.getContext().getAuthentication() != null &&
SecurityContextHolder.getContext().getAuthentication().isAuthenticated() &&
//when Anonymous Authentication
!(SecurityContextHolder.getContext().getAuthentication() 
          instanceof AnonymousAuthenticationToken)

Spring security: is the user logged in or anonymous?

2 Answers2