I have a website that users can login through web pages. The user roles are defined as ROLE_ADMIN, ROLE_USER etc. Now I wanna enable the 3rd party developers to make iPhone applications that connects to our site through oAuth. Now we have 2 actors: mobile user and mobile application developer/vendor. For the mobile users, they are still attached to their original roles (ROLE_ADMIN, ROLE_USER). For mobile application developer, how do I assign their roles? for example, I may wanna make 2 new roles just for app developers: ROLE_DEVELOPER_BASIC, ROLE_DEVELOPER_ADVANCED.
here are their permissions
How do I do that with Spring Security OAuth?
ROLE_DEVELOPER_BASIC can access url "/api/basic/*"
ROLE_DEVELOPER_ADVANCED can access url "/api/advanced/*"