Since am working on GeoXACML integration into geoserver it would be an easy job to do an URL based security mapping (relying on roles, using wildcards or regular expressions).
I am unsure where and how to configure such a filter. What I need is the Authorization object (SecurityContextHolder.getContext().getAuthority ?) and the URL string starting from the WebApplicationContext (the part after http://localhost:8080/geoserver).
Some hints ?