Application authentication config with jsf and spring-security

I thinking about solution like this:

• different menus for users depend on role which will be included template
• proper sec:intercept-url's to access only those pages which are dedicated to role, so user with one role won't be able to access pages for another role

What are You thinking about this solution?

masterLayout look like:

<h:body>
    <f:subview id="menuUser" rendered="#{sessionBean.user}">
        <ui:include src="/WEB-INF/templates/menuBarUser.xhtml" />
    </f:subview>
    <f:subview id="menuAdmin" rendered="#{sessionBean.admin}">
        <ui:include src="/WEB-INF/templates/menuBarAdmin.xhtml" />
    </f:subview>
  开发者_StackOverflow社区  <ui:insert name="content" />
</h:body>

security-context.xml:

... 
<sec:intercept-url pattern="/user/**" access="ROLE_USER" />
<sec:intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
... 

---

I don't know if I catch up your question right, but sounds like you can use Spring Security Facelets Tag Library.