Announcement Announcement Module
No announcement yet.
Views based on roles Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Views based on roles


    What would be the best way to change views in spring based on the role of the authenticated user? I can't find any way to do this atm.


  • #2
    Which MVC framework?

    If using JSP you can use the Acegi Security taglib and standard redirection. Otherwise you'll need to do it at the next layer up (eg view resolver) by obtaining the ((SecureContext) ContextHolder.getContext()).getAuthentication().


    • #3
      I'm using Velocity, so I'd extend ResourceBundleViewResolver, which I'm currently using as my view resolver, to change the basename?


      • #4
        In your subclass you'd simply obtain the Authentication from the ContextHolder as mentioned. It should be populated properly at the time your subclass is called thanks to the Acegi Security filters. From Authentication you'd obtain the GrantedAuthority[]s and write some logic that handles redirection in your subclass. There is no current Acegi Security code which handles this.

        You could also do the same in the controller. Simply return the view name that should apply based on the GrantedAuthority[]s obtained via the ContextHolder.

        Can I ask why you're redirecting based on the view? Wouldn't a success view or a failure view for an MVC operation typically be the same, irrespective of the roles held?