This is probably a newbie question, but I can't seem to figure out how to define my own names for granted authorities. In the following bean definition, where does the role name ROLE_USER come from? Is there a predefined list of possible roles somewhere? I tried replacing it with just 'user', but my webapp wouldn't even deploy.
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /secure/**=ROLE_USER </value> </property> </bean>