@ModelAttribute
  @RequestMapping(method = RequestMethod.GET)
  protected User showForm(HttpServletRequest request, HttpServletResponse response)
      throws Exception {
    // If not an administrator, make sure user is not trying to add or edit another user
    if (!request.isUserInRole(Constants.ADMIN_ROLE) && !isFormSubmission(request)) {
      if (isAdd(request) || request.getParameter("id") != null) {
        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        log.warn(
            "User '"
                + request.getRemoteUser()
                + "' is trying to edit user with id '"
                + request.getParameter("id")
                + "'");

        throw new AccessDeniedException("You do not have permission to modify other users.");
      }
    }

    if (!isFormSubmission(request)) {
      String userId = request.getParameter("id");

      // if user logged in with remember me, display a warning that they can't change passwords
      log.debug("checking for remember me login...");

      AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
      SecurityContext ctx = SecurityContextHolder.getContext();

      if (ctx.getAuthentication() != null) {
        Authentication auth = ctx.getAuthentication();

        if (resolver.isRememberMe(auth)) {
          request.getSession().setAttribute("cookieLogin", "true");

          // add warning message
          saveMessage(request, getText("userProfile.cookieLogin", request.getLocale()));
        }
      }

      User user;
      if (userId == null && !isAdd(request)) {
        user = getUserManager().getUserByUsername(request.getRemoteUser());
      } else if (!StringUtils.isBlank(userId) && !"".equals(request.getParameter("version"))) {
        user = getUserManager().getUser(userId);
      } else {
        user = new User();
        user.addRole(new Role(Constants.USER_ROLE));
      }

      user.setConfirmPassword(user.getPassword());

      return user;
    } else {
      // populate user object from database, so all fields don't need to be hidden fields in form
      return getUserManager().getUser(request.getParameter("id"));
    }
  }
 private boolean isAnonymous() {
   AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
   SecurityContext ctx = SecurityContextHolder.getContext();
   if (ctx != null) {
     Authentication auth = ctx.getAuthentication();
     return resolver.isAnonymous(auth);
   }
   return true;
 }
 @Test
 public void isAnonymousReturnsFalseIfTrustResolverReportsNonAnonymous() {
   when(trustResolver.isAnonymous(user)).thenReturn(false);
   assertThat(root.isAnonymous()).isFalse();
 }