determine target url based on roles for struts2

admin

Administrator
Staff member
I am new to struts and spring security.
Can anyone help me to figure out how to redirect to different urls different users with different roles ? In other words, how to provide determine target url based on user role in struts2 using action controller?

I found the following question <a href="https://stackoverflow.com/questions...get-url-based-on-roles-in-spring-security-3-1">determine target url based on roles in spring security 3.1</a> , but I cannot figure out how to configure the action.

I tried the following setup, but it does not work:

<strong>security.xml</strong>

Code:
 &lt;form-login login-page="/login" authentication-failure-url="/login?error=true" login-processing-url="/j_security_check" default-target-url="/default"/&gt;

<strong>struts.xml</strong>

Code:
&lt;action name="default" class="com.moblab.webapp.action.RoleRedirectAction" method="defaultAfterLogin"/&gt;

<strong>RoleRedirectAction.java</strong>

Code:
package com.moblab.webapp.action;
import javax.servlet.http.HttpServletRequest;
public class RoleRedirectAction extends BaseAction{

public String defaultAfterLogin(HttpServletRequest request) {
    if (request.isUserInRole("ROLE_ADMIN")) {
        return "redirect:/&lt;url&gt;";
    }
    return "redirect:/&lt;url&gt;";
}
}

Thanks a lot.

<strong>EDIT 1</strong>
I also tried the following annotation

Code:
 @Action(value="/default",results={@Result(name="success",location="/querySessions")})

<strong>EDIT 2</strong>
My final solution looks like the following. I am not sure if it is the best approach, but it works:

Code:
public class StartPageRouter extends SimpleUrlAuthenticationSuccessHandler {


@Autowired
private UserService userService;

protected final Logger logger = Logger.getLogger(this.getClass());
private RequestCache requestCache = new HttpSessionRequestCache();

@Override
public void onAuthenticationSuccess(HttpServletRequest request,
                                    HttpServletResponse response,
                                    Authentication authentication) throws IOException, ServletException {


    Collection&lt;? extends GrantedAuthority&gt; authorities = authentication.getAuthorities();

    //default path for ROLE_USER
    String redirectPath = &lt;url&gt;;

    if (authorities != null &amp;&amp; !authorities.isEmpty()) {

        Set&lt;String&gt; roles = getUserRoles(authorities);

        if (roles.contains("ROLE_ADMIN"))
            redirectPath = &lt;url&gt;;
        else if (roles.contains("ROLE_INSTRUCTOR"))
            redirectPath = &lt;url&gt;;
    }

    getRedirectStrategy().sendRedirect(request, response, redirectPath);
}

public void setRequestCache(RequestCache requestCache) {
    this.requestCache = requestCache;
}

private Set&lt;String&gt; getUserRoles(Collection&lt;? extends GrantedAuthority&gt; authorities) {

    Set&lt;String&gt; userRoles = new HashSet&lt;String&gt;();

    for (GrantedAuthority authority : authorities) {
        userRoles.add(authority.getAuthority());
    }
    return userRoles;
}
}

<strong>EDIT 3</strong>
There are even better solutions here:

<a href="http://oajamfibia.wordpress.com/2011/07/07/role-based-login-redirect/#comment-12" rel="nofollow noreferrer">http://oajamfibia.wordpress.com/2011/07/07/role-based-login-redirect/#comment-12</a>