Announcement Announcement Module
Collapse
No announcement yet.
How to have multiple target-url based on ROLES? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to have multiple target-url based on ROLES?

    Hi,

    I've implemented a ROLE based login mechinism using Spring Security.
    It has 2 roles viz.
    ROLE_USER --> Common user
    ROLE_ADMIN --> Admin user

    My spring-security.xml file says:
    Code:
    <security:http auto-config="true" use-expressions="true" access-denied-page="/denied" >
    	
    		<security:intercept-url pattern="/login" access="permitAll"/>
    		<security:intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')"/>
    		<security:intercept-url pattern="/common" access="hasRole('ROLE_USER')"/>
    		
    		<security:form-login
    				login-page="/login" 
    				authentication-failure-url="/login?error=true" 
    				default-target-url="/common"/>
    			
    		<security:logout 
    				invalidate-session="true" 
    				logout-success-url="/login" 
    				logout-url="/logout"/>
    	
    	</security:http>
    I've a common login page. It's working fine. The default-target-url is set to /common.
    But I want to redirect users to different pages based on their roles.

    If he's a
    ROLE_USER --> /showuser --> show user jsp
    ROLE_ADMIN --> /showadmin --> show admin jsp

    How can I do that? Please help!!
    Please guide. Any help would be really appreciated.

    Thanks a lot.

  • #2
    The easiest way is to set the default target url as the same value and then based upon the role send them to their role specific url. For example, if you use the default-target-url of /common as you did in your example you would create some code that looked at the role and then redirected to the specific roles. The code might look something like this:

    Code:
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
      String url;
      if(req.isUserInRole("ROLE_USER")) {
        url = "/user";
      }else if(req.isUserInRole("ROLE_ADMIN")) {
        url = "/admin";
      }
      ...
      redirect or forward to the url
    }

    Comment


    • #3
      Thanks a lot, I shall surely try this tonight & get back to you.

      Comment


      • #4
        Originally posted by rwinch View Post
        The easiest way is to set the default target url as the same value and then based upon the role send them to their role specific url. For example, if you use the default-target-url of /common as you did in your example you would create some code that looked at the role and then redirected to the specific roles. The code might look something like this:

        Code:
        protected void doGet(HttpServletRequest req, HttpServletResponse resp) {
          String url;
          if(req.isUserInRole("ROLE_USER")) {
            url = "/user";
          }else if(req.isUserInRole("ROLE_ADMIN")) {
            url = "/admin";
          }
          ...
          redirect or forward to the url
        }
        Hey rwinch, that worked like a charm. Tried it & customized your code a bit to successfully redirect to different jsps. Thanks a lot again, man.
        I really appreciate your quick help. You saved a lot of my time.

        Comment


        • #5
          I am facing same problem

          Hi,

          I am facing same problem. Where did you add the mentioned code?
          I am also struggling to getting it resolved since yesterday.

          Thanks

          Comment


          • #6
            You add that code to whatever handles the default-target-url. For the above Spring Security configuration, it is added to whatever handles /common.

            Comment


            • #7
              I found 2 ways to do it. One method is to write a AuthenticationSuccessHandler and in the other method I use UrlRewriteFilter.
              Both methods are described in more detail here.

              Comment

              Working...
              X