Announcement Announcement Module
No announcement yet.
Can spring security do this? Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can spring security do this?

    Morning all,

    Right I have been using Spring Security for a number of years, but never come across a solution to implementing a subscription / membership based authentication.

    I have a site which users have to pay for membership, if they are not members then they are not aloud access - simple. However how should I:

    A) control the access rights - via roles? (FULL / TRIAL) if so, how do I update these roles when the subscription period expires?

    B) Once the subscription period has expired I need to either lock their account maybe? or redirect them to the billing page so they can pay again?

    I haven't a clue on the best solution to this, I have a stanard User / subscription mapping which I think is maybe the correct way? However i'm sure someone has solved these issue in the past, just not sure what to search for?

    Any info would be VERY greatful

    Cheers Sion

  • #2
    Implement UserDetails on your User object and implement the methods. This logic for checking if an account is enabled or not could go very well in the well how about the 'isEnabled' method...


    • #3
      I usderstand what you are saying which is a cool idea - however if the isEnabled method returns false, how do I send them back to the billing page - i.e. to pay again - if you get me?

      Cheers again


      • #4
        Extend the ExceptionTranslationFilter to check for that specific situation and redirect to your billing page. You could also configure an additional filter which does this.

        I've implemented a situation which cover a whole list of combinations of enabled/password expired/first login/reset password that way. We let our user implement the UserDetails and did some checking in our additional filter, next to some extended ExceptionTranslationFilter. Worked like a charm.

        Even better with Spring 3.0 this is already supported out of the box, you can configure different pages to show for different exceptions (like the SimpleMappingExceptionResolver). So you could for the DisabledException redirect/forward to the page you want.
        Last edited by Marten Deinum; Sep 23rd, 2009, 10:03 AM. Reason: Added spring security 3.0 note.