2

I want to return different pages when the user logs into the system based on their role.

I have this method for logging-in, but I don't know how return different URL's.

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
           .antMatchers("/css/**", "/js/**", "/images/**", "/data/**",  "/", "/home").permitAll()

        .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll()
            .and()
        .logout()
            .permitAll();
}

How I can do this? It is possible do if you don´t add a new controller where redirect after login and this redirect to different url in base him role?

Thank you very much!

herzo
  • 105
  • 4
  • 12
  • I do not understand what you mean by: "...by him role" - but maybe this helps. http://stackoverflow.com/a/14577220/280244 – Ralph Apr 25 '15 at 12:27
  • @Ralph that is login user with role user have a different page that if login admin with role admin. I need give a different url for when user login redirect a page or other – herzo Apr 25 '15 at 13:53

1 Answers1

0

You can use the defaultSuccessUrl and failureUrl on both the .formLogin() and .logout functions. Here is an example:

.formLogin()
    .loginPage("/login").loginProcessingUrl("/login/validate")
    .defaultSuccessUrl("/").failureUrl("/login?error=true")
    .usernameParameter("username").passwordParameter("password")
    .and()
.logout()
    .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
    .logoutSuccessUrl("/login?logout=true")

As far as a redirect for each user role, I would suggest the defaultSuccessUrl page have redirects based on the user's role:

<sec:authorize access="hasRole('ROLE_ADMIN')">"
    <c:redirect url="/admin.html"/>
</sec:authorize>
<sec:authorize access="hasRole('ROLE_USER')">"
    <c:redirect url="/user.html"/>
</sec:authorize>
Shaggy
  • 1,444
  • 1
  • 23
  • 34
  • This is what I need, great. But there is a problem, I use everything in java and annotations, as could make part of the url to a function of role? I override the method? I "copy" this http://stackoverflow.com/questions/7470405/authenticationsuccesshandler-example-for-spring-security-3/7470476#7470476 ; but I dont have xml, how make in java anottations? – herzo Apr 25 '15 at 19:21