determine target url based on roles for struts2


Staff member
I am new to struts and spring security.
Can anyone help me to figure out how to redirect to different urls different users with different roles ? In other words, how to provide determine target url based on user role in struts2 using action controller?

I found the following question <a href="">determine target url based on roles in spring security 3.1</a> , but I cannot figure out how to configure the action.

I tried the following setup, but it does not work:


 &lt;form-login login-page="/login" authentication-failure-url="/login?error=true" login-processing-url="/j_security_check" default-target-url="/default"/&gt;


&lt;action name="default" class="com.moblab.webapp.action.RoleRedirectAction" method="defaultAfterLogin"/&gt;


package com.moblab.webapp.action;
import javax.servlet.http.HttpServletRequest;
public class RoleRedirectAction extends BaseAction{

public String defaultAfterLogin(HttpServletRequest request) {
    if (request.isUserInRole("ROLE_ADMIN")) {
        return "redirect:/&lt;url&gt;";
    return "redirect:/&lt;url&gt;";

Thanks a lot.

<strong>EDIT 1</strong>
I also tried the following annotation


<strong>EDIT 2</strong>
My final solution looks like the following. I am not sure if it is the best approach, but it works:

public class StartPageRouter extends SimpleUrlAuthenticationSuccessHandler {

private UserService userService;

protected final Logger logger = Logger.getLogger(this.getClass());
private RequestCache requestCache = new HttpSessionRequestCache();

public void onAuthenticationSuccess(HttpServletRequest request,
                                    HttpServletResponse response,
                                    Authentication authentication) throws IOException, ServletException {

    Collection&lt;? extends GrantedAuthority&gt; authorities = authentication.getAuthorities();

    //default path for ROLE_USER
    String redirectPath = &lt;url&gt;;

    if (authorities != null &amp;&amp; !authorities.isEmpty()) {

        Set&lt;String&gt; roles = getUserRoles(authorities);

        if (roles.contains("ROLE_ADMIN"))
            redirectPath = &lt;url&gt;;
        else if (roles.contains("ROLE_INSTRUCTOR"))
            redirectPath = &lt;url&gt;;

    getRedirectStrategy().sendRedirect(request, response, redirectPath);

public void setRequestCache(RequestCache requestCache) {
    this.requestCache = requestCache;

private Set&lt;String&gt; getUserRoles(Collection&lt;? extends GrantedAuthority&gt; authorities) {

    Set&lt;String&gt; userRoles = new HashSet&lt;String&gt;();

    for (GrantedAuthority authority : authorities) {
    return userRoles;

<strong>EDIT 3</strong>
There are even better solutions here:

<a href="" rel="nofollow noreferrer"></a>