Galera estou fazendo um sistema onde o usuario precisa ser cadastrado para acessar, fiz com spring a validacao no banco de dados esta pronta, agora eu queria fazer assim:
Na tabela usuario tenho a coluna autorizacao com as sequintes opçoes: normal e adm. se o usuario for adm ele pode acessar tudo se ele for normal podera acessar so algumas coisas.
Esta validacao eu nao consegui fazer.
no meu web.xml esta assim
<!-- Spring security -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Fim spring security -->
fim o aplicationContext assim:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true" access-denied-page="/negado.jsf">
<form-login login-page="/login.xhtml" authentication-failure-url="/falha.xhtml"/>
<intercept-url pattern="/web/**" access="ROLE_ADMIN" />
<logout invalidate-session="true" logout-success-url="/index.xhtml" logout-url="/logout"/>
</http>
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
<beans:property name="url" value="jdbc:mysql://localhost:3306/producao" />
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
<beans:property name="username" value="root" />
<beans:property name="password" value="vertrigo" />
</beans:bean>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT nome, senha, 'true' as enable FROM usuario WHERE nome=?"
authorities-by-username-query="SELECT nome, autorizacao FROM usuario WHERE nome=?"
/>
</authentication-provider>
</authentication-manager>
</beans:beans>
como eu faço agora para fazer este controle alguem pode me ajudar?
Grato