How can I programmatically check if a user is logged in with the remember me filter in Spring Security?

E.g. how to do this in a Spring Controller

public String sellAllAssets(Model model, HttpServletRequest request) {
    if (isRememberMeAuthenticated()) {
        return "redirect:/login";
    } else {
        return "pages/myaccount";

public static boolean isRememberMeAuthenticated() {


Looks like the AuthenticationTrustResolverImpl class contained the code that answered my question. Here it is

public static boolean isRememberMeAuthenticated() {
    // Check authentication exists
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null) {
        return false;

    return RememberMeAuthenticationToken.class.isAssignableFrom(authentication.getClass());


Why do it yourself. Spring Security can do that for you.

<intercept-url pattern="/sell-all-assets" access="hasRole("user") and isFullyAutheticated()"/>

See for more information.

To add a little more to Deinum answer,

isRememberMe() - Returns true if the current principal is a remember-me user
isAuthenticated() - Returns true if the user is not anonymous
isFullyAuthenticated()- Returns true if the user is not an anonymous or a remember-me user

许可以下: CC-BY-SA归因
不隶属于 StackOverflow
scroll top