I am working on Spring security now. What it does is while the user logs in, at that time only it loads all the authorities which belong to that user. So my question is
How can we change(add/remove) the authorities of the user while in session. Dumb solution is add authority to the user and make him log out.
But I want a better solution without making a redirect to login page.