Hi,
I created a custom DefinitionSource and a custom authentication provider.
In my authentication provider I set the user details object as

Code:
GrantedAuthority[] g = getRolesFromDB(userID);
MyDetails nu = getMyDetails(userID);
UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), g);
result.setDetails(nu);
My Object Definition Source implements AuthenticationProvider. When I return a ConfigurationDefinition with a single role like ROLE_USER or ROLE_ADMIN, things work fine and I get the same object of type MyDetail from authentication.getDetails()

When I try any other option like

Code:
String sb = "ROLE_USER, ROLE_SUPER, ROLE_ADMIN";
ConfigAttributeEditor editor = new ConfigAttributeEditor();
editor.setAsText(sb);
return (ConfigAttributeDefinition)editor.getValue();
A authentication.getDetails() call returns a org.springframework.security.ui.WebAuthenticationD etails and not MyUserDetails

I do not see a connection here, can someone please advice and help me figure out what is going on.

The Spring Security XML is
Code:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.5.xsd
           	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">  
    
    <security:http auto-config="true" lowercase-comparisons="false" session-fixation-protection="none">
    	<security:intercept-url pattern="/css/**" filters="none"/>
    	<security:intercept-url pattern="/images/**" filters="none"/>
    	<security:intercept-url pattern="/js/**" filters="none"/>
		<security:intercept-url pattern="/logout.html" filters="none"/> 
		<security:intercept-url pattern="/login.action" filters="none"/> 
        <security:form-login/>
        <security:remember-me user-service-ref="myUS"/>
    </security:http>
    
    <bean id="myUS" class="com.itrino.admin.ui.auth.myorgService">	
    </bean>
       
	<bean id="authenticationManager"
	class="org.springframework.security.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref local="myorgAuthenticationProvider"/>
			</list>
		</property>
	</bean>

	<bean id="myorgAuthenticationProvider" class="com.itrino.admin.ui.auth.myorgAuthenticationProvider">
		<property name="eds" ref="eDS"></property>
		<security:custom-authentication-provider/>
	</bean>
	
    
    <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions" value="false" />
		<property name="decisionVoters">
			<list>
				<bean class="org.springframework.security.vote.RoleVoter" >
				</bean>
				<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
			</list>
		</property>
	</bean>
	   
    <bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
    	<security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
		<property name="authenticationManager" ref="authenticationManager" />
		<property name="accessDecisionManager" ref="accessDecisionManager" />
		<property name="objectDefinitionSource" ref="databaseObjectDefinitionSource" />
	</bean>
	
	<bean id="databaseObjectDefinitionSource" class="com.itrino.admin.ui.auth.DatabaseObjectDefinitionSource" >		
		<property name="eds" ref="eDS"></property>
	</bean>
	
</beans>
Thanks,
~Vikas