I have 4 group: admin, service, user, guest, admin is created in database, the first time admin login required change password, I want to redirect to form change password and only admin need that, I set redirect in onAuthFailure, but service, user, guest that not authentication in some action and redirect change password form, have a good idea, please tell me, what should I do for every role redirect an other link? , I just read document about deadbolt in 2 day, can I don't understand more, sorry for my English.
Thanks.
Within a DeadboltHandler implementation, the onAuthFailure method can use the getSubject to get the current user, and through that, the roles held by the user.
public class MyDeadboltHandler implements DeadboltHandler {
private final DeadboltExecutionContextProvider executionContextProvider;
private final DeadboltAnalyzer analyzer;
@Inject
public MyDeadboltHandler(final ExecutionContextProvider ecProvider,
final DeadboltAnalyzer analyzer) {
this.executionContextProvider = ecProvider.get();
this.analyzer =analyzer;
}
public CompletionStage<Result> onAuthFailure(Http.Context context,
Optional<String> content) {
final ExecutionContext executionContext = executionContextProvider.get();
final ExecutionContextExecutor executor = HttpExecution.fromThread(executionContext);
return getSubject(context).thenApplyAsync(maybeSubject ->
maybeSubject.map(subject -> analyzer.hasRole(maybeSubject, "admin") ? /*go to admin section*/
: /*go to non-admin section*/)
.orElseGet(() -> /*no user present*/),
executor);
}
// other methods
}
Anywhere there's a comment in that example, e.g. /*go to admin section*/ you need to replace it with a Result.
There are other methods available in DeadboltAnalyzer, so you can have more complex checks than just analyzer.hasRole(maybeSubject, "admin") if necessary.