Spring security, how to restrict user access certain resources based on dynamic roles?

Question

given a scenario , there is a HTML contents OR some method in a controller, which only allow to be access by \"a\" role.

from above, we achieve by using

Answer 1

I don't know what you mean under resources, but I found that the best way to work with it in spring, is to grant users permissions (authorities) instead of roles, you still have roles, but they are there just to bundle up the permissions. After this is set up, you assign actual permissions for your views and methods. I found a data model here:

http://springinpractice.com/2010/10/27/quick-tip-spring-security-role-based-authorization-and-permissions/