It is possible to add user one privilege after successful login, and just allow him to access terms and conditions page (ex. TERMS_AND_CONDITIONS_PRIVILEGE). After success post with accepted terms you can get permissions for user from database and grant it to his security context. Here is nice post how to do it
http://forum.spring.io/forum/spring-projects/security/60663-change-user-logged-authorities-on-the-fly
First you have to get SecurityContextHolder
by calling SecurityContextHolder.getContext()
Next you have to get Authentication
from it by callingcontext.getAuthentication()
. From Authentication
you can get Principal
and cast it to User object.
Remember to check if SecurityContextHolder.getContext()
does not return null value and also if Authentication a = context.getAuthentication()
is not null.
I also recomend to check if a.getPrincipal()
is instance of User class
I hope it helps