Announcement Announcement Module
Collapse
No announcement yet.
Displaying different content for the same URL based upon user role? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Displaying different content for the same URL based upon user role?

    Hello,

    I use Spring MVC, Spring Security and Apache Tiles and I have the following issue:

    I want unauthenticated users to land on the home URL of my website (i.e. www.mywebsite.com/) where a login form will be diplayed to them so that they can authenticate from there.

    Then, once a user is authenticated, I would like for completely different page content to be displayed to them on the home URL of the website (still www.mywebsite.com/) possibly using another template/jsp.

    What I am seeking to achieve is basically to be able to display different content for the same URL based upon whether or not the user is authenticated - all this using Spring security and Spring MVC.

    I have researched Spring Security but was not able to find a solution to the problem described above.

    Can anyone please provide pointers or advice as to how to implement this?

    Regards,

    Julien.

  • #2
    I have just the solution for you:

    (blog post) (github)

    For example:
    Code:
    	@RequestMapping("/")
    	public String generalHomePage() {
    		...
    	}
    
    	@RequestMapping("/")
    	@PreAuthorize("isAuthenticated()")
    	public String secureHomePage() {
    		...
    	}
    Thanks,
    Andy

    Comment


    • #3
      Hi Achang,
      Thanks a lot for this reply! I think it is just what I need.
      Regards,
      Julien.

      Comment


      • #4
        Hi again Andy,

        After looking at the blog post you kindly suggested, I realized that using the two request mappings above (here) is not possible using Spring Security out of the box...

        I'd rather avoid using third-party classes. Can you or someone else please suggest another solution?

        Regards,

        Julien.

        Comment


        • #5
          Hi Julien,

          I'm sorry the suggested solution didn't work out for you - the project mainly serves as a working example of what you need to add-on to Spring MVC to achieve the behavior you want. It uses custom request conditions (which is a feature of Spring MVC) and copies functionality from Spring Security's <authorize> jsp tag, making it pretty standard.

          Anyway, I re-read your question and it seems that you only mentioned showing a login page to unauthenticated users. If this is all you need, you can add an intercept-url to block the "/" path and redirect users to the login page if they don't have sufficient privileges:

          Code:
          <http use-expressions="true">
              <intercept-url pattern="/" access="isAuthenticated()" />
              <form-login />
              ...
          </http>
          If you meant showing just content within a section of a page, and are using JSPs, you can use Spring Security's <authorize> tag:

          Code:
          <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
          <sec:authorize access="isAnonymous()">
          Login!
          </sec:authorize>
          <sec:authorize access="isAuthenticated()">
          Hello!
          </sec:authorize>
          Unfortunately, if you want to return different page templates, there's no sleek out-of-the-box functionality. The most obvious way to do this is:

          Code:
          @RequestMapping("/")
          public String homePage(Principal principal) {
              if (principal is authenticated) {
                  return "dashboardPage";
              }
              return "promotionalPage";
          }
          Alternatively, you can implement your own filters/interceptors to check the authentication and forward the request to the appropriate request handler.

          Thanks,
          Andy
          Last edited by achang; Sep 27th, 2012, 10:34 AM.

          Comment


          • #6
            Hi Andy!

            I appreciate your help. I am going to use one of the solutions your provided in your last post i.e.

            Code:
            @RequestMapping("/")
            public String homePage(Principal principal) {
                if (principal is authenticated) {
                    return "dashboardPage";
                }
                return "promotionalPage";
            }
            or filter/interceptors.

            Thanks a lot,
            Julien.

            Comment

            Working...
            X