Acegi Security allows you to specify a role prefix in its configuration. Where the role prefix is used in the configuration varies according to your security back-end. There are modifications that will need to be completed regardless of security back-end. Those are covered first. The remaining sections cover specific security back-ends and should be used where applicable. In the examples that follow, MY_ROLE_PREFIX_ is the prefix that will be used.
For All Security Back-ends
In order for RoleVoter to determine if it "supports" a particular type of decision, it references its rolePrefix property. Be sure to set this to your prefix or use value="" if no prefix is used.
applicationContext-common-authorization.xml
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"> <property name="rolePrefix" value="MY_ROLE_PREFIX_" /> </bean>
pentaho.xml
applicationContext-acegi-security.xml
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="foobar" />
<property name="userAttribute" value="anonymousUser,MY_ROLE_PREFIX_ANONYMOUS" />
</bean>
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<!-- omitted -->
<property name="objectDefinitionSource">
<value>
<![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/login*=MY_ROLE_PREFIX_ANONYMOUS,MY_ROLE_PREFIX_AUTHENTICATED
...omitted...
/**=MY_ROLE_PREFIX_AUTHENTICATED
]]>
</value>
</property>
</bean>