It is a very common requirement to redirect users to different screens after login based on the user’s role. In this post I’ll show how to use AuthenticationSuccessHandler to do this.
Spring security core plugin configures a AjaxAwareAuthenticationSuccessHandler which is a subclass of SavedRequestAwareAuthenticationSuccessHandler. By default the authentication successhandle will redirect users to defaultTargetUrl configured in spring security config. We can override the authenticationSuccessHandler bean to take control of how and where users gets redirected after login.
Redirect users based on role
Lets see an example of how to redirect admin users to admin dashboard.
First create a custom authentication success handler which will redirect users to admin controller if user has admin role.
import grails.plugin.springsecurity.SpringSecurityUtils
import grails.web.mapping.LinkGenerator
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler
import javax.servlet.http.HttpServletRequest
import javax.servlet.http.HttpServletResponse
class CustomAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
LinkGenerator linkGenerator
private static final ADMIN_ROLE = 'ROLE_Admin'
@Override
protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
if(SpringSecurityUtils.ifAllGranted(ADMIN_ROLE)) {
return linkGenerator.link(controller: 'admin', action: "index")
}
return super.determineTargetUrl(request, response);
}
}
Next register our custom authentication success handler as a spring bean with name authenticationSuccessHandler. So it will override the bean with same name which is registered by spring security core plugin.
File: grails-app/conf/spring/resources.groovy
authenticationSuccessHandler(CustomAuthenticationSuccessHandler) {
linkGenerator = ref('grailsLinkGenerator')
redirectStrategy = ref('redirectStrategy')
requestCache = ref('requestCache')
defaultTargetUrl = application.config.grails.plugin.springsecurity.successHandler.defaultTargetUrl
alwaysUseDefaultTargetUrl = application.config.grails.plugin.springsecurity.successHandler.alwaysUseDefault
targetUrlParameter = application.config.grails.plugin.springsecurity.successHandler.targetUrlParameter
useReferer = application.config.grails.plugin.springsecurity.successHandler.useReferer
}
Thats all you need to do, now when user logins, our authentication success handler’s determineTargetUrl method will be called which will return the url of admin controller if user has admin role, or else it will call the super method which redirects to defaultTargetUrl configured in application config.