Creating New Roles and Permissions Dynamically in Spring Security 3

Question

I am using Spring Security 3 in Struts 2 + Spring IOC project.

I have used Custom Filter, Authentication Provider etc. in my Project.

You can see my securi

Answer 1

1. Create your model (user, role, permissions) and a way to retrieve permissions for a given user;
2. Define your own org.springframework.security.authentication.ProviderManager and configure is (set its providers) to a custom org.springframework.security.authentication.AuthenticationProvider; this last one should return on its authenticate method a Authentication, which should be setted with the GrantedAuthority, in your case, all the permissions for the given user.

The trick in that article is to have roles assigned to users, but, to set the permissions for those roles in the Authentication.authorities object.

For that I advise you to read the API, and see if you can extend some basic ProviderManager and AuthenticationProvider instead of implementing everything. I've done that with LdapAuthenticationProvider setting a custom LdapAuthoritiesPopulator, that would retrieve the correct roles for the user.