Home/ Questions/Q 9181271
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T18:14:55+00:00

I have the following use case and need recommendations on the proper implementation. To

  • 0

I have the following use case and need recommendations on the proper implementation. To be clear can this be done through configuration or do I need to implement new code?

Business Use Case

The business wants to allow a user to login via social media sites and access some of their pages. But in order to access pages that deal with $$ the user must login via the applications local account.

Technical Use Case

Allow users to login via Facebook or other provider and provide role USER_PARTIAL_RIGHTS

If user accesses a page with role USER_FULL_RIGHTS prompt the user to login to an account that is a local JDBC stored account.

This authentication must also ensure that the page is protected by USER_FULL_RIGHTS role and not other roles.

I am using grail spring security plugin, but I am expecting to have to customize the plugin.

So what are recommendations for doing this? A couple of ideas that I have are:

Technical Ideas

  • custom spring access denied handler
  • custom access denied controller instead of the stock jsp page
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What we ended up implementing is a controller that looks at the role and redirects the user to the correct landing page. Kinda messy, but it works.

    Collection<GrantedAuthority> inferred = SpringSecurityUtils.findInferredAuthorities(SpringSecurityUtils.getPrincipalAuthorities());

if(ifAnyGranted('ROLE_FOO', inferred)) {
  redirect(controller: 'foo',action: 'home')
  return
}
    • 0