wood burning stoves 2.0*
The moose likes Spring and the fly likes Security Role Mapping in Spring Security. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Security Role Mapping in Spring Security." Watch "Security Role Mapping in Spring Security." New topic

Security Role Mapping in Spring Security.

Eshwar Prasad
Ranch Hand

Joined: Mar 21, 2008
Posts: 202
I am new to springs security and trying to configure spring security in my application. My application server is WAS. Initially the application security was set up as below in deployment descriptor.

Now I have configured the application using spring security as below.

When I deploy my application in WAS earlier, USER role would map to security role mappings. All users configured in AD base will be thus validated.

Now -

How can I set up the USER Role in Spring Security?

Can I mention the security role as done in web.xml explicitly so that there are no username/password listed in security file as above.
Eshwar Prasad
Ranch Hand

Joined: Mar 21, 2008
Posts: 202
Any help on this?
bala nannaka
Ranch Hand

Joined: Apr 02, 2007
Posts: 49
You can use
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="preauthAuthProvider" />

<bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService">
<bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService" />

Where userDetailService is the service which will return all the user related inforamtion and you can map roles using below code

<bean id="userDetailsService" class="Your Service Class">
<property name="userRoles2GrantedAuthoritiesMapper">
<bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
<property name="attributePrefix" value="ROLE_" />
It is sorta covered in the JavaRanch Style Guide.
subject: Security Role Mapping in Spring Security.
Similar Threads
How to implement Spring Form Based Authenticationand Authorization without session scope ?
How to debug Spring Roo generated applicationContext-Security.xml file?
J2EE Security
A better way to display a login failure message
RichFaces + Spring Security -- Problem Load RichFaces