Home/ Questions/Q 8500149
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T00:51:56+00:00

Can anybody help me with spring security? I have two folder under views 1:

  • 0

Can anybody help me with spring security?
I have two folder under views 1: allusers 2: superusers
all users have hasRole(“ROLE_USER”) and superusers have: haseRole(“ROLE_ADMIN”,”ROLE_USER”)
I want when a user how has the ROLE_ADMIN after log in be redirect to the right folder i.e supersusers’s folder and that one with only ROLE_USER to the allusers’s folder.
Don’t know how can I do it.

spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org  /2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<http auto-config="true" use-expressions="true">

    <!-- interceptor pages -->
    <intercept-url pattern="/**" access="permitAll" />
    <intercept-url pattern="/index" access="permitAll" />
    <intercept-url pattern="/allusers/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/superusers/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
    <intercept-url pattern="/logout" access="permitAll" />
    <intercept-url pattern="/denied" access="permitAll" />
    <intercept-url pattern="/getAllUsers"  access="hasRole('ROLE_ADMIN')" />
    <access-denied-handler error-page="/403" />


    <form-login login-page="/index" default-target-url="/welcome"
        authentication-failure-url="/loginfailed" />

    <logout logout-success-url="/logout" />

</http>
<authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="dataSource"
            users-by-username-query="
                            select username,password,'true' AS isEnabled from USER where USERNAME=?"  
            authorities-by-username-query="
            select u.username ,r.`ROLE_NAME`,u.`PASSWORD` from USER u, USER_ROLE ur,ROLE r where (u.user_id = ur.user_id) 
            and (r.role_id=ur.role_id)  and u.username =? " />
    </authentication-provider>
</authentication-manager>

Here is my mvc-dispatcher.xml

    <beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
    http://www.springframework.org/schema/beans     
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/mvc
    http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
    http://www.springframework.org/schema/context 
    http://www.springframework.org/schema/context/spring-context-3.0.xsd">

<context:component-scan base-package="com.secure.weblayer" />
<mvc:annotation-driven />
<context:annotation-config />
<mvc:resources mapping="/resources/**" location="/resources/" />
<bean
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix" value="/WEB-INF/views/" />
     <!--   <property name="prefix" value="/WEB-INF/views/allusers/" />-->
     <!--   <property name="prefix" value="/WEB-INF/views/superusers" />-->
    <property name="suffix" value=".jsp" />
</bean>
<bean id="messageSource"
    class="org.springframework.context.support.ResourceBundleMessageSource">
    <property name="basenames" value="mymessages"></property>
</bean>
<bean
   class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" />
<bean
class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping" />
   </beans>

As you can see I use sql-query in my spring-security.xml for log in.
I can log in but can not be redirect to any desired pages. But when I in the xml file changethe property to : property name=”prefix” value=”/WEB-INF/views/allusers”
or : property name=”prefix” value=”/WEB-INF/views/superusers”
I can get access to all pages in those folders but not at the same time.

Please any help?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You dont wanna touch the InternalResourceViewResolver, as that affects all views.

    You dont have your access rights correct, should be like this.

    all users is normal users and admin users:

    <intercept-url pattern="/allusers/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />

    superusers is just admin users

    <intercept-url pattern="/superusers/**" access="hasRole('ROLE_ADMIN')" />

    Also, remove:

    <intercept-url pattern="/**" access="permitAll" />

    And then you just want to redirect to right page after login.
    So use this for your login controller:

    @Controller
public class LoginController {
    @RequestMapping(value="/welcome", method = RequestMethod.GET)
    public String printWelcome(ModelMap model, SecurityContextHolderAwareRequestWrapper request) {
        if(request.isUserInRole("ROLE_ADMIN")) {
            return "redirect:/superusers";
        } else {
            return "redirect:/allusers";
        }
    } 
}
    • 0