Defining Spring Security user roles

I am going to design an application which authenticates user from another application . Basically my application is going to get only if the user is authenticated (true or false) and the user role .

Can I use spring security to make use of this role and give fine grained control ?

Basically , I do not want to use sp开发者_开发技巧ring security for authentication , but for authorization.

If this is possible , can you point me to any example or documentation ?

Thank you.

if I understand you right you want to look if a user is already authenticated in another application and if so you want to authorize the user in your new application?

I think what you can do is apply a custom authentication filter in the spring security filter chain (http://goo.gl/uQpq9) which checks for the authentication in your other application. At this point you would have the possibility to set the user's roles (GrantedAutority) the user gets in your new application.

A short tutorial can be found here: http://teja.tejakantamneni.com/2008/08/spring-security-using-custom.html

I hope this is what you are looking for,

Jens