The problem:
I have to present an HTTP FORM built with Velocity

User has requested me that certain form fields enable or disable some values or ranges based on "who" is completing the form (a seller has a limit of 100u$, a supervisor 300u$ and a manager has no limit, for instance)



The solution:
...

The question:
Is Acegi Sec Sys adecuate to handle the problem? Some suggestion about how invoke it from Velocity?

The stock-standard Acegi Security approach is to have a ThreadLocal bound object (called ContextHolder) which allows access to the presently logged on user via ((SecureContext) ContextHolder.getContext()).getAuthentication(). The Authentication has a getAuthorities() method which provides the GrantedAuthority[]s.

So, all you need is a Velocity-friendly way of accessing this. If you subclass org.springframework.web.servlet.view.velocity.Velo cityView and implement exposeHelpers(Context velocityContext, HttpServletRequest request) you can inject a helper bean into the Velocity context. There might be another way of adding helpers, but that's the way we do it here anyway. The helper bean could be similar to the Acegi Security taglib.