I initially tried implementing acegi to get url level authorization and also control the access levels for the controls in the jsp
Our requirement is that the user to roles mapping will be available in teh Database and also the roles that are authorized to access the various urls will also be stored in DB
So to do this, I used daoAuthenticationProvider and wrote my custom UserDetailsService where I looked up the roles for the user and set it in GrantedAuthority
Then I created a UsernamePasswordAuthenticationToken obj and set it in the SecurityContextHolder.
Now for the authrized roles for a url - written a custom implementation of the objectDefinitionSource of the filterInvocationInterceptor bean - where in teh implementation of lookupAttributes, I look up the roles for the passed in url from the Database
With this I was able to get the user based page access working fine.
For the jsp controls access control - I used authorize tags
Now when I was working on this, I just used a sample jsp where I enter the user name and password and just retrieve them and pass them on to my custom implementation of UserDetailsService
Now I have to use SSO - using SPNEGO
So I have configured that part separately - SPNEGO using Websphere and got that part working separately fine
Now I have to integrate these two together and be able to read the user also to go and look up the roles for that user
Can anybody give me some lead on that - am just a little stuck there!
Any help is appreciated