Java, Groovy, Grails, Spring, Vue, Ionic + Fun blog

Spring Security Core : Redirect users to different screen based on role


It is a very common requirement to redirect users to different screens after login based on the user’s role. In this post I’ll show how to use AuthenticationSuccessHandler to do this.

Spring security core plugin configures a AjaxAwareAuthenticationSuccessHandler which is a subclass of SavedRequestAwareAuthenticationSuccessHandler. By default the authentication successhandle will redirect users to defaultTargetUrl configured in spring security config. We can override the authenticationSuccessHandler bean to take control of how and where users gets redirected after login.

Redirect users based on role

Lets see an example of how to redirect admin users to admin dashboard.

First create a custom authentication success handler which will redirect users to admin controller if user has admin role.

    import grails.plugin.springsecurity.SpringSecurityUtils
    import grails.web.mapping.LinkGenerator
    import javax.servlet.http.HttpServletRequest
    import javax.servlet.http.HttpServletResponse
    class CustomAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
    	LinkGenerator linkGenerator
    	private static final ADMIN_ROLE = 'ROLE_Admin'
    	protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
    		if(SpringSecurityUtils.ifAllGranted(ADMIN_ROLE)) {
    			return 'admin', action: "index")
    		return super.determineTargetUrl(request, response);

Next register our custom authentication success handler as a spring bean with name authenticationSuccessHandler. So it will override the bean with same name which is registered by spring security core plugin.

File: grails-app/conf/spring/resources.groovy

     authenticationSuccessHandler(CustomAuthenticationSuccessHandler) {
            linkGenerator = ref('grailsLinkGenerator')
            redirectStrategy = ref('redirectStrategy')
            requestCache = ref('requestCache')
            defaultTargetUrl = application.config.grails.plugin.springsecurity.successHandler.defaultTargetUrl
            alwaysUseDefaultTargetUrl = application.config.grails.plugin.springsecurity.successHandler.alwaysUseDefault
            targetUrlParameter = application.config.grails.plugin.springsecurity.successHandler.targetUrlParameter
            useReferer = application.config.grails.plugin.springsecurity.successHandler.useReferer

Thats all you need to do, now when user logins, our authentication success handler’s determineTargetUrl method will be called which will return the url of admin controller if user has admin role, or else it will call the super method which redirects to defaultTargetUrl configured in application config.