Menu
I'm trying to learn spring security, and I have question: what is the difference between isAuthenticated and isFullyAuthenticated in spring security
851
From the spring-security documentation:
isAuthenticated() Returns true if the user is not anonymous isFullyAuthenticated() Returns true if the user is not an anonymous or a remember-me user Actually, I think they explain better in the AuthenticatedVoter documentation:
The current
Authenticationwill be inspected to determine if the principal has a particular level of authentication.The "FULLY" authenticated option means the user is authenticated fully (ie AuthenticationTrustResolver.isAnonymous(Authentication) is false and AuthenticationTrustResolver.isRememberMe(Authentication) is false.
The "REMEMBERED" will grant access if the principal was either authenticated via remember-me Or is fully authenticated. The "ANONYMOUSLY" will grant access if the principal was authenticated via remember-me, OR anonymously, OR via full authentication.
And in this table of their docs they mention:
isAuthenticated()- Returns true if the user is not anonymous
isFullyAuthenticated()- Returns true if the user is not an anonymous or a remember-me user
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
