@ModelAttribute @RequestMapping(method = RequestMethod.GET) protected User showForm(HttpServletRequest request, HttpServletResponse response) throws Exception { // If not an administrator, make sure user is not trying to add or edit another user if (!request.isUserInRole(Constants.ADMIN_ROLE) && !isFormSubmission(request)) { if (isAdd(request) || request.getParameter("id") != null) { response.sendError(HttpServletResponse.SC_FORBIDDEN); log.warn( "User '" + request.getRemoteUser() + "' is trying to edit user with id '" + request.getParameter("id") + "'"); throw new AccessDeniedException("You do not have permission to modify other users."); } } if (!isFormSubmission(request)) { String userId = request.getParameter("id"); // if user logged in with remember me, display a warning that they can't change passwords log.debug("checking for remember me login..."); AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx.getAuthentication() != null) { Authentication auth = ctx.getAuthentication(); if (resolver.isRememberMe(auth)) { request.getSession().setAttribute("cookieLogin", "true"); // add warning message saveMessage(request, getText("userProfile.cookieLogin", request.getLocale())); } } User user; if (userId == null && !isAdd(request)) { user = getUserManager().getUserByUsername(request.getRemoteUser()); } else if (!StringUtils.isBlank(userId) && !"".equals(request.getParameter("version"))) { user = getUserManager().getUser(userId); } else { user = new User(); user.addRole(new Role(Constants.USER_ROLE)); } user.setConfirmPassword(user.getPassword()); return user; } else { // populate user object from database, so all fields don't need to be hidden fields in form return getUserManager().getUser(request.getParameter("id")); } }
private boolean isAnonymous() { AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl(); SecurityContext ctx = SecurityContextHolder.getContext(); if (ctx != null) { Authentication auth = ctx.getAuthentication(); return resolver.isAnonymous(auth); } return true; }
@Test public void isAnonymousReturnsFalseIfTrustResolverReportsNonAnonymous() { when(trustResolver.isAnonymous(user)).thenReturn(false); assertThat(root.isAnonymous()).isFalse(); }