CODEWITHSUNDEEP
javaxmlspring
DarkVision
DarkVision

Reputation: 1423

spring security redirect based on role not working

well i try to redirect user base on role but my custom class do nothing i do some system out but nothing happen.

i follow this small tutorial http://oajamfibia.wordpress.com/2011/07/07/role-based-login-redirect/#comment-12

but i change my extention class for SavedRequestAwareAuthenticationSuccessHandler i also try the one in the tutorial nothing happen don't know what i missing. Any help will be appreciate.

this is my class

@Component
public class RoleBaseAuthentification extends SavedRequestAwareAuthenticationSuccessHandler{

    private Map<String, String> roleMap;

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request,
            HttpServletResponse response, Authentication authentication)
            throws ServletException, IOException {
        System.out.println(request.getUserPrincipal());
        if(authentication.getPrincipal() instanceof UserDetails){
            UserDetails userDetails = (UserDetails) authentication.getPrincipal();
            System.out.println(userDetails);
            String role = userDetails.getAuthorities().isEmpty() ? null : userDetails.getAuthorities().toArray()[0].toString();
            System.out.println(role);
            response.sendRedirect(request.getContextPath() + roleMap.get(role));
        }
        super.onAuthenticationSuccess(request, response, authentication);
    }

    public Map<String, String> getRoleMap() {
        return roleMap;
    }

    public void setRoleMap(Map<String, String> roleMap) {
        this.roleMap = roleMap;
    }


}

and here is my security-context.xml

<security:authentication-manager alias="authenticationManager"> 
    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="select username,password,enabled from users where username = ?"
            authorities-by-username-query="select u.username, ur.authority from users u, user_roles ur where u.user_id =  ur.user_id and u.username = ?" />
    </security:authentication-provider>
</security:authentication-manager>
<security:http use-expressions="true">
    <security:intercept-url pattern="/management" access="hasRole('ROLE_ADMIN')"/>
    <security:form-login login-page="/login" authentication-success-handler-ref="redirectByRole"/>
</security:http>

<bean id="redirectByRole" class="com.freelogic.spring.web.service.RoleBaseAuthentification">
<property name="roleMap">
    <map>
        <entry key="ROLE_ADMIN" value="/management.jsp" />
        <entry key="ROLE_USER" value="/home.jsp" />
    </map>
</property>
</bean>

Upvotes: 1

Views: 1125

Answers (1)

Bart
Bart

Reputation: 17361

The problem

Your success handler extends SavedRequestAwareAuthenticationSuccessHandler so calling

super.onAuthenticationSuccess(request, response, authentication)

causes SavedRequestAwareAuthenticationSuccessHandler or one of it's super classes to use their redirect strategies and override yours.

The (ergghh) solution

You can prevent the redirect by calling super.onAuthenticationSuccess() before your reponse.sendRedirect(). It will override the redirecting attempts previously made. While not a good solution it will work. See below why I think it's not a good solution.

On a side note

I'm not sure why you are extending SavedRequestAwareAuthenticationSuccessHandler and not simply implementing AuthenticationSuccessHandler. The former allows a authenticated user to redirect to it's previous visited page. Your RoleBaseAuthentification only redirects by role with no condition to return to a previous url. So your choice to extend SavedRequestAwareAuthenticationSuccessHandler does not make sense to me.

Upvotes: 1

Related Questions