I am currently migrating from Struts1/EJB3 to Spring MVC 4.0.4/EJB3. Application server is JBoss 4.2.3 (JBoss 7.x in the works).
My current security roles are stored in the database (for instance: administrator, validator and officer). For each role, admins can check or uncheck features (use cases) they want members to have access to (add a new file, update a file, delete a file, etc.). I also have a "method" table in which all my "secured" features are stored (add a new file, update a file, delete a file, etc.).
My application must have a user management and a role management, so application owners (admins) can add user and roles, and also make changes to existing roles if necessary.
There is no login form. Login sequence goes like this:
I would like to get the benefits from Spring Security and at the same time offer the flexibility my clients are used to have with their applications.
Any hints would be much appreciated.