Ruud Senden (Migrated from SEC-1093) said:
AFAIK currently there is no namespace support for J2EE security. I think J2EE security integration can be configured much more easily if namespace support for this feature is added to Spring Security.
Basically, default configuration of J2EE security could then look like this:
Here, the tag should configure the PreAuthenticatedProcessingFilterEntryPoint, the J2eePreAuthenticatedProcessingFilter (defaulting to reading the mappable roles from web.xml and using the SimpleAttribute2GrantedAuthoritiesMapper), and the PreAuthenticatedAuthenticationProvider together with the PreAuthenticatedGrantedAuthoritiesUserDetailsService.
So, basically the configuration snippet listed above would be equivalent to the following verbose configuration:
Luke Taylor said:
This has been implemented, but in a simpler way, using the SimpleAttributes2GrantedAuthoritiesMapper as the default for obtaining the possible roles, rather than attempting to parse the web.xml.