Displaying different content for the same URL based upon user role?

[balteo]

Hello,

I use Spring MVC, Spring Security and Apache Tiles and I have the following issue:

I want unauthenticated users to land on the home URL of my website (i.e. www.mywebsite.com/) where a login form will be diplayed to them so that they can authenticate from there.

Then, once a user is authenticated, I would like for completely different page content to be displayed to them on the home URL of the website (still www.mywebsite.com/) possibly using another template/jsp.

What I am seeking to achieve is basically to be able to display different content for the same URL based upon whether or not the user is authenticated - all this using Spring security and Spring MVC.

I have researched Spring Security but was not able to find a solution to the problem described above.

Can anyone please provide pointers or advice as to how to implement this?

Regards,

Julien.

[achang]

I have just the solution for you:

(blog post) (github)

For example:

Code:

	@RequestMapping("/")
	public String generalHomePage() {
		...
	}

	@RequestMapping("/")
	@PreAuthorize("isAuthenticated()")
	public String secureHomePage() {
		...
	}

Thanks,
Andy

[balteo]

Hi Achang,
Thanks a lot for this reply! I think it is just what I need.
Regards,
Julien.

[balteo]

Hi again Andy,

After looking at the blog post you kindly suggested, I realized that using the two request mappings above (here) is not possible using Spring Security out of the box...

I'd rather avoid using third-party classes. Can you or someone else please suggest another solution?

Regards,

Julien.

[achang]

Hi Julien,

I'm sorry the suggested solution didn't work out for you - the project mainly serves as a working example of what you need to add-on to Spring MVC to achieve the behavior you want. It uses custom request conditions (which is a feature of Spring MVC) and copies functionality from Spring Security's <authorize> jsp tag, making it pretty standard.

Anyway, I re-read your question and it seems that you only mentioned showing a login page to unauthenticated users. If this is all you need, you can add an intercept-url to block the "/" path and redirect users to the login page if they don't have sufficient privileges:

Code:

<http use-expressions="true">
    <intercept-url pattern="/" access="isAuthenticated()" />
    <form-login />
    ...
</http>

If you meant showing just content within a section of a page, and are using JSPs, you can use Spring Security's <authorize> tag:

Code:

<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<sec:authorize access="isAnonymous()">
Login!
</sec:authorize>
<sec:authorize access="isAuthenticated()">
Hello!
</sec:authorize>

Unfortunately, if you want to return different page templates, there's no sleek out-of-the-box functionality. The most obvious way to do this is:

Code:

@RequestMapping("/")
public String homePage(Principal principal) {
    if (principal is authenticated) {
        return "dashboardPage";
    }
    return "promotionalPage";
}

Alternatively, you can implement your own filters/interceptors to check the authentication and forward the request to the appropriate request handler.

Thanks,
Andy

[balteo]

Hi Andy!

I appreciate your help. I am going to use one of the solutions your provided in your last post i.e.

Code:

@RequestMapping("/")
public String homePage(Principal principal) {
    if (principal is authenticated) {
        return "dashboardPage";
    }
    return "promotionalPage";
}

or filter/interceptors.

Thanks a lot,
Julien.