The moose likes Spring and the fly likes Security Role Mapping in Spring Security. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Security Role Mapping in Spring Security." Watch "Security Role Mapping in Spring Security." New topic

Security Role Mapping in Spring Security.

Eshwar Prasad
Ranch Hand

Joined: Mar 21, 2008
Posts: 202
I am new to springs security and trying to configure spring security in my application. My application server is WAS. Initially the application security was set up as below in deployment descriptor.

Now I have configured the application using spring security as below.

When I deploy my application in WAS earlier, USER role would map to security role mappings. All users configured in AD base will be thus validated.

Now -

How can I set up the USER Role in Spring Security?

Can I mention the security role as done in web.xml explicitly so that there are no username/password listed in security file as above.
Eshwar Prasad
Ranch Hand

Joined: Mar 21, 2008
Posts: 202
Any help on this?
bala nannaka
Ranch Hand

Joined: Apr 02, 2007
Posts: 49
You can use
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="preauthAuthProvider" />

<bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService">
<bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="userDetailsService" />

Where userDetailService is the service which will return all the user related inforamtion and you can map roles using below code

<bean id="userDetailsService" class="Your Service Class">
<property name="userRoles2GrantedAuthoritiesMapper">
<bean class="org.springframework.security.core.authority.mapping.SimpleAttributes2GrantedAuthoritiesMapper">
<property name="attributePrefix" value="ROLE_" />
I agree. Here's the link: http://aspose.com/file-tools
subject: Security Role Mapping in Spring Security.
Similar Threads
J2EE Security
A better way to display a login failure message
How to debug Spring Roo generated applicationContext-Security.xml file?
How to implement Spring Form Based Authenticationand Authorization without session scope ?
RichFaces + Spring Security -- Problem Load RichFaces