Last Updated on 08 May 2021   |   Print Email
In this Spring Security post, I’d like to share the steps and code examples on how to redirect authenticated users based on their roles in a Java Spring Boot web application. For example, when an Admin user logs in, he will see the Admin dashboard page. Likewise, a user with role Editor will see Editor dashboard page upon successful authentication. And so on for different users with different roles.Suppose that you’re developing a Java web application based on Spring Boot Web, Spring Data JPA, Hibernate, Spring Security, Thymeleaf and MySQL database – with user authentication and role-based authorization already implemented.
1. Implement hasRole method in User class
The application will need to check if the currently logged-in user has a specific role or not. So code the hasRole()method in the User entity class as follows:
package net.codejava;
import java.util.*;
import javax.persistence.*;
@Entity
@Table(name = "users")
public class User {
@ManyToMany(cascade = CascadeType.PERSIST, fetch = FetchType.EAGER)
@JoinTable(
name = "users_roles",
joinColumns = @JoinColumn(name = "user_id"),
inverseJoinColumns = @JoinColumn(name = "role_id")
)
private Set<Role> roles = new HashSet<>();
public boolean hasRole(String roleName) {
Iterator<Role> iterator = this.roles.iterator();
while (iterator.hasNext()) {
Role role = iterator.next();
if (role.getName().equals(roleName)) {
return true;
}
}
return false;
}
// other fields, getters and setters are not shown for brevity
}
The hasRole() method will return true if the user is assigned with the specified role, or false otherwise. And also update your custom UserDetails class – adding the hasRole() method as shown below:
package net.codejava;
public class CustomUserDetails implements UserDetails {
private User user;
public CustomUserDetails(User user) {
this.user = user;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
Set<Role> roles = user.getRoles();
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
for (Role role : roles) {
authorities.add(new SimpleGrantedAuthority(role.getName()));
}
return authorities;
}
public boolean hasRole(String roleName) {
return this.user.hasRole(roleName);
}
// other overriden methods are not shown
}
Spring Security will return a new instance of this UserDetails class upon successful authentication. This class wraps an instance of User so the hasRole() method here simply delegates the call to the User class.
2. Code Authentication Success Handler
Next, code a class that extends an implementation of AuthenticationSuccessHandler, such as SavedRequestAwareAuthenticationSuccessHander like the following code:
You know, the onAuthenticationSuccess() method will be invoked by Spring Security upon user’s successful login. So it’s very logically to put the redirection code in this method, for redirecting the authenticated users based on their roles. The code example is self-explanatory so I don’t have to explain further.
3. Configure Spring Security to Use Success Handler
And update the Spring Security configuration class to use the authentication success handler class as follows:
This part is optional. If the role-based view pages (editor home, admin dashboard, etc) do not have corresponding handler methods in controller layer, you can configure the view name resolution in a Spring MVC configuration as follows:
package net.codejava;
@Configuration
public class MvcConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("index");
registry.addViewController("/sales_home").setViewName("sales_home");
registry.addViewController("/editor_home").setViewName("editor_home");
registry.addViewController("/shipper_home").setViewName("shipper_home");
}
}
That’s all about how to redirect users based on roles in a Java web application based on Spring Boot and Spring Security. I hope you found this article helpful.To see the coding in action, I recommend you to watch the following video:
Nam Ha Minh is certified Java programmer (SCJP and SCWCD). He began programming with Java back in the days of Java 1.4 and has been passionate about it ever since. You can connect with him on Facebook and watch his Java videos on YouTube.
Dear Nam, Thanks a lot for your wonderful articles! You are a great help to many developers. Could you please make link for downloading tutorial "Spring Security Redirect Users After Login Based on Roles"? Thank you.
Comments
Do you mean downloading code? There's no downloadable code for this article.
Thanks a lot for your wonderful articles!
You are a great help to many developers.
Could you please make link for downloading tutorial "Spring Security Redirect Users After Login Based on Roles"?
Thank you.