Where to define user roles in a spring protlet application?

Question

In my Spring portlet controller, I have a method annotated like this:

@PreAuthorize("hasRole('ROLE_BankUser') 

Now when a user logs in to the portal and tries to access the portlet, where from will this method know if the user has a role of 'ROLE_BankUser'? Is it going to be defined in the LDAP where the user has all other credentials(like login and password)?

Answer 1

Check your SpringSecurity configuration. Which AuthenticationProvider implementation do you use? In a case of LDAP it may be LdapAuthenticationProvider. If it's true then you can check how LdapAuthenticationProvider.authenticate(Authentication authentication) method is implemented. It will load roles from LDAP via some LdapAuthoritiesPopulator implementation (depends on your configuration)