To allow role based login and redirection we will user custom success handler in spring security.
STEP 1:- Open Eclipse and Create Dynamic Web Project named SpringSecurityRoleBasedLogin
STEP 2:- Make sure you use Target Runtime as Apache Tomcat 7.0.
STEP 3:- copy below jars to WEB-INF/lib folder.
http://localhost:8080/SpringSecurityRoleBasedLogin/
Keep visiting TutorialsDesk for more tutorials and practical programming examples on Spring MVC. Hope we are able to explain you Spring MVC role based login Example, if you have any questions or suggestions please write to us using contact us form.
Please share us on social media if you like the tutorial.
STEP 1:- Open Eclipse and Create Dynamic Web Project named SpringSecurityRoleBasedLogin
STEP 2:- Make sure you use Target Runtime as Apache Tomcat 7.0.
STEP 3:- copy below jars to WEB-INF/lib folder.
- antlr-2.7.6.jar
- aopalliance-1.0.jar
- commons-logging-1.2.jar
- dom4j-1.6.1.jar
- hibernate-commons-annotations-4.0.4.Final.jar
- hibernate-core-4.3.6.Final.jar
- hibernate-jpa-2.1-api-1.0.0.Final.jar
- hibernate-validator-4.3.2.Final.jar
- javassist-3.12.1.GA.jar
- jboss-logging-3.1.0.CR1.jar
- jta.jar
- jtds.jar
- persistence-api-1.0.2.jar
- spring-aop-4.1.4.RELEASE.jar
- spring-aspects-4.1.4.RELEASE.jar
- spring-beans-4.1.4.RELEASE.jar
- spring-context-4.1.4.RELEASE.jar
- spring-core-4.1.4.RELEASE.jar
- spring-expression-4.1.4.RELEASE.jar
- spring-jdbc-4.1.4.RELEASE.jar
- spring-orm-4.1.4.RELEASE.jar
- spring-security-config-4.0.2.RELEASE.jar
- spring-security-core-4.0.2.RELEASE.jar
- spring-security-taglibs-4.0.2.RELEASE.jar
- spring-security-web-4.0.2.RELEASE.jar
- spring-tx-4.1.4.RELEASE.jar
- spring-web-4.1.4.RELEASE.jar
- spring-webmvc-4.1.4.RELEASE.jar
- Package: com.tutorialsdesk.security.service
- Filename: CustomSuccessHandler.java
package com.tutorialsdesk.security.service;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
@Component
public class CustomSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
@Override
protected void handle(HttpServletRequest request,
HttpServletResponse response, Authentication authentication) throws IOException {
String targetUrl = determineTargetUrl(authentication);
if (response.isCommitted()) {
System.out.println("Can't redirect");
return;
}
redirectStrategy.sendRedirect(request, response, targetUrl);
}
protected String determineTargetUrl(Authentication authentication) {
String url="";
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
List<String> roles = new ArrayList<String>();
for (GrantedAuthority a : authorities) {
roles.add(a.getAuthority());
}
if (isDba(roles)) {
url = "/api";
} else if (isAdmin(roles)) {
url = "/admin";
} else if (isUser(roles)) {
url = "/home";
} else {
url="/Access_Denied";
}
return url;
}
public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
this.redirectStrategy = redirectStrategy;
}
protected RedirectStrategy getRedirectStrategy() {
return redirectStrategy;
}
private boolean isUser(List<String> roles) {
if (roles.contains("ROLE_USER")) {
return true;
}
return false;
}
private boolean isAdmin(List<String> roles) {
if (roles.contains("ROLE_ADMIN")) {
return true;
}
return false;
}
private boolean isDba(List<String> roles) {
if (roles.contains("ROLE_API")) {
return true;
}
return false;
}
}
STEP 5 :- Modify spring-security.xml to use customSuccessHandler.
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" >
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/home" access="permitAll" />
<intercept-url pattern="/admin**" access="hasRole('ADMIN')" />
<!-- <intercept-url pattern="/api**" access="hasRole('ADMIN') and hasRole('API')" /> -->
<intercept-url pattern="/api**" access="hasRole('ADMIN') or hasRole('API')" />
<!-- access denied page -->
<access-denied-handler error-page="/Access_Denied" />
<form-login
login-processing-url="/login"
login-page="/login"
username-parameter="username"
password-parameter="password"
authentication-success-handler-ref="customSuccessHandler"
authentication-failure-url="/login?error"/>
<!-- enable csrf protection -->
<csrf/>
</http>
<!-- Select users and user_roles from database -->
<authentication-manager >
<authentication-provider user-service-ref="customUserDetailsService"/>
</authentication-manager>
<beans:bean id="customUserDetailsService" class="com.tutorialsdesk.security.service.CustomUserDetailsService" />
<beans:bean id="customSuccessHandler" class="com.tutorialsdesk.security.service.CustomSuccessHandler" />
</beans:beans>
STEP 6 :- Run your project
enter below URL in your browserhttp://localhost:8080/SpringSecurityRoleBasedLogin/
Keep visiting TutorialsDesk for more tutorials and practical programming examples on Spring MVC. Hope we are able to explain you Spring MVC role based login Example, if you have any questions or suggestions please write to us using contact us form.
Please share us on social media if you like the tutorial.
Blogger Comment
Facebook Comment