Spring security - same page to deliver different content based on user role

Question

i tried to search for any previous post related to my issue but couldnt find any. I have a scenario where in page handles 3 different scenarios and one of them not working. This page returns different content depending on if the user is authenticated or anonymous.

localhost:8080/myApp/muUrl?test=authenticatedContent - > used for Scenario 1 & 2 localhost:8080/myApp/muUrl?test=anonymousContent -> used for Scenario 3 Scenario:

1) Authenticated user accesing the page url - the user gets displayed correct information. Works fine

2) Anonymous user accesing page URL with parameters that requires authentication - If anonymous, there is second level of check on the content they are accessing. for example, based on the GET parameters, there is custom logic to determine if the user has to be authenticated. In which case the page gets redirected to login page (WORKS fine).

3) Anonymous user accessing page URL with parameters that doesnt need authentication - in this case i get the SAvedRequest and redirect to the URL which is taking me to an infinite loop.

Am i missing something very obvious or is there a way in AuthenticationProcessFilterEntryPoint to say "DON'T redirect to LOGIN page but process it" ?

thanks.

Answer 1

I found a solution at last (someone suggested it to me on the Spring forums). The idea is to use the @PreAuthorize annotation in the controllers as described here: see here

See code sample below:

@RequestMapping("/")
@PreAuthorize("isAuthenticated()")
public String authenticatedHomePage() {
    return "authenticatedHomePage";
}

@RequestMapping("/")
public String homePage() {
    return "homePage";
}