Method Level security with permissions not roles

Question

• I want to make method level security for my spring application.
• The security design is as follows: User > Roles > Permissions
• Well when i use @PreAuthorize with hasRole it works fine.
• But when i try to use it with hasPermission, it doesn't work.
• I found that i should use Spring ACL for such approach, but it seems to be over-killing for the requirement.
• So is there's any way to define role permissions in xml file, or any other workarounds or other ways to get method level security works with permissions instead of roles, and withour using ACL.
• If there's no way but to use ACL, then please suggest me a good example

Answer 1

Please read the article on the following site: http://springinpractice.com/2010/10/27/quick-tip-spring-security-role-based-authorization-and-permissions/

The main thing is you will need to implement the UserDetails interface. It says "the UserDetails interface simply exposes the permissions (not the roles) via the getAuthorities() method"