Announcement Announcement Module
Collapse
No announcement yet.
Determine whether user logged in or not? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Determine whether user logged in or not?

    Hi everybody, I want to check if user logged successfuly or not? I just try to use a method like this:

    Code:
             try {
                      boolean isAuthenticated = SecurityContextHolder.getContext().getAuthentication().isAuthenticated();
                      return isAuthenticated; 
             } catch (Exception e) {
                      return false;
             }
    But SecurityContextHolder.getContext().getAuthenticati on().isAuthenticated() always returns true. Any solution for this problem?

    Thanks in advance.

  • #2
    Hi,

    The code checks whether user has authenticated with any possible method (including the 'anonymous' or 'remember me' authentication when enabled). In case you want to check whether SAML SSO (and no other authentication) took place, something like this might work instead:

    Code:
    public boolean isLoggedInWithSAML() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return false;
        } else if (authentication.isAuthenticated() && (authentication.getCredentials() != null && authentication.getCredentials().equals(SAMLCredential.class))) {
            return true;
        } else {
            return false;
        }        
    }
    Vladi

    Comment


    • #3
      Hi Vladi,
      What happens when webapp's session is expired? I see that your function returns false while user haven't logged out yet. I think it should return true, because when I try to login again, it automatically redirect to my homepage and I don't need to input username and password again.

      Comment


      • #4
        The method will be returning false after user's session expiration. In case you re-initialize single sign-on after the expiration, chances are that IDP will still not ask you for credentials (because the IDP's session may still be active).

        Vladi

        Comment


        • #5
          Thank you, let me try to do it.

          Comment

          Working...
          X