Spring Security Core : Redirect users to different screen based on role

It is a very common requirement to redirect users to different screens after login based on the user's role. In this post I'll show how to use AuthenticationSuccessHandler to do this.

Spring security core plugin configures a AjaxAwareAuthenticationSuccessHandler which is a subclass of SavedRequestAwareAuthenticationSuccessHandler. By default the authentication successhandle will redirect users to defaultTargetUrl configured in spring security config. We can override the authenticationSuccessHandler bean to take control of how and where users gets redirected after login.

Redirect users based on role

Lets see an example of how to redirect admin users to admin dashboard.

First create a custom authentication success handler which will redirect users to admin controller if user has admin role.

import grails.plugin.springsecurity.SpringSecurityUtils
import grails.web.mapping.LinkGenerator
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler

import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse


class CustomAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
	LinkGenerator linkGenerator
	private static final ADMIN_ROLE = 'ROLE_Admin'


	@Override
	protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
		if(SpringSecurityUtils.ifAllGranted(ADMIN_ROLE)) {
			return linkGenerator.link(controller: 'admin', action: "index")
		}

		return super.determineTargetUrl(request, response);
	}

}

Next register our custom authentication success handler as a spring bean with name authenticationSuccessHandler. So it will override the bean with same name which is registered by spring security core plugin.

File: grails-app/conf/spring/resources.groovy

 authenticationSuccessHandler(CustomAuthenticationSuccessHandler) {
        linkGenerator = ref('grailsLinkGenerator')
        redirectStrategy = ref('redirectStrategy')
        requestCache = ref('requestCache')

        defaultTargetUrl = application.config.grails.plugin.springsecurity.successHandler.defaultTargetUrl
        alwaysUseDefaultTargetUrl = application.config.grails.plugin.springsecurity.successHandler.alwaysUseDefault
        targetUrlParameter = application.config.grails.plugin.springsecurity.successHandler.targetUrlParameter
        useReferer = application.config.grails.plugin.springsecurity.successHandler.useReferer
    }

Thats all you need to do, now when user logins, our authentication success handler's determineTargetUrl method will be called which will return the url of admin controller if user has admin role, or else it will call the super method which redirects to defaultTargetUrl configured in application config.