Hi,

What would be the best way to change views in spring based on the role of the authenticated user? I can't find any way to do this atm.

Cheers

Which MVC framework?

If using JSP you can use the Acegi Security taglib and standard redirection. Otherwise you'll need to do it at the next layer up (eg view resolver) by obtaining the ((SecureContext) ContextHolder.getContext()).getAuthentication().

I'm using Velocity, so I'd extend ResourceBundleViewResolver, which I'm currently using as my view resolver, to change the basename?

In your subclass you'd simply obtain the Authentication from the ContextHolder as mentioned. It should be populated properly at the time your subclass is called thanks to the Acegi Security filters. From Authentication you'd obtain the GrantedAuthority[]s and write some logic that handles redirection in your subclass. There is no current Acegi Security code which handles this.

You could also do the same in the controller. Simply return the view name that should apply based on the GrantedAuthority[]s obtained via the ContextHolder.

Can I ask why you're redirecting based on the view? Wouldn't a success view or a failure view for an MVC operation typically be the same, irrespective of the roles held?