Using Spring Security in order to display different content for the same URL based upon whether or not the user is authenticated

Question

I use Spring MVC, Spring Security and Apache Tiles and I have the following issue:

I want unauthenticated users to land on the home URL of my website (i.e. www.mywebsite.com/) where a login form will be diplayed to them so that they can authenticate from there.

Then, once a user is authenticated, I would like for completely different page content to be displayed to them on the home URL of the website (still www.mywebsite.com/) possibly using another template/jsp.

What I am seeking to achieve is basically to be able to display different content for the same URL based upon whether or not the user is authenticated - all this using Spring security and Spring MVC.

I have researched Spring Security but was not able to find a solution to the problem described above. Others have run into similar issues (see: Spring security - same page to deliver different content based on user role)

Can anyone please provide pointers or advice as to how to implement this?

Answer 1

One solution I can think of is to check in your MVC controller the user principal from the request and if authenticated/has role to return one ModelAndView, otherwise return another:

@Controller
public class MyController{

    public ModelAndView doSomething(HttpServletRequest request, HttpServletResponse response){
        if(request.getUserPrincipal() != null && request.isUserInRole("someRole"){
            return new ModelAndView("view1");
        } 
        else {
            return new ModelAndView("view2");
        }
    }

}