views:

25

answers:

1

Hi,

I have build a grails application, which on login redirects users to different URLs based on User's role (custom roles defined in roles domain). Now I am trying to integrate Spring Security Core Grails Plugin to the application, so plan to use the plugin's domain model.

I understand the auth action in LoginController does the user login validation and if the user is logged in the redirects to default target URI. My question is how can I know if the logging in user is of type ROLE_ADMIN or ROLE_USER or any other ROLE? How can I check the authority here and then redirect to different URIs?

I would also like to know how the user validation is done i.e. how & where the username and password are validated against the database in spring security?

Thank You. Jay Chandran.

+2  A: 

The redirect happens in org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler but the plugin extends this class in org.codehaus.groovy.grails.plugins.springsecurity.AjaxAwareAuthenticationSuccessHandler to support Ajax logins.

If you want to customize the redirect location based on roles, I'd subclass AjaxAwareAuthenticationSuccessHandler and override onAuthenticationSuccess(). You'll have access to the Authentication, so you can inspect the granted authorities and determine where to go based on those.

Then replace the plugin's bean with yours in resources.groovy:

import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils

beans = {
   authenticationSuccessHandler(MyAuthenticationSuccessHandler) {
      def conf = SpringSecurityUtils.securityConfig

      requestCache = ref('requestCache')
      redirectStrategy = ref('redirectStrategy')
      defaultTargetUrl = conf.successHandler.defaultTargetUrl
      alwaysUseDefaultTargetUrl = conf.successHandler.alwaysUseDefault
      targetUrlParameter = conf.successHandler.targetUrlParameter
      ajaxSuccessUrl = conf.successHandler.ajaxSuccessUrl
      useReferer = conf.successHandler.useReferer
   }
}
Burt Beckwith
Thank you very much. I am sure I will have more queries.
Jay Chandran