In my Spring portlet controller, I have a method annotated like this:
@PreAuthorize("hasRole('ROLE_BankUser')
Now when a user logs in to the portal and tries to access the portlet, where from will this method know if the user has a role of 'ROLE_BankUser'? Is it going to be defined in the LDAP where the user has all other credentials(like login and password)?
Check your SpringSecurity configuration. Which AuthenticationProvider implementation do you use? In a case of LDAP it may be LdapAuthenticationProvider. If it's true then you can check how LdapAuthenticationProvider.authenticate(Authentication authentication) method is implemented. It will load roles from LDAP via some LdapAuthoritiesPopulator implementation (depends on your configuration)
