SPRING Duvidas

Front-end
#1

Galera estou fazendo um sistema onde o usuario precisa ser cadastrado para acessar, fiz com spring a validacao no banco de dados esta pronta, agora eu queria fazer assim:
Na tabela usuario tenho a coluna autorizacao com as sequintes opçoes: normal e adm. se o usuario for adm ele pode acessar tudo se ele for normal podera acessar so algumas coisas.
Esta validacao eu nao consegui fazer.

no meu web.xml esta assim

  <!-- Spring security -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

<!-- Fim spring security -->

fim o aplicationContext assim:

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <http auto-config="true" access-denied-page="/negado.jsf">
        <form-login login-page="/login.xhtml" authentication-failure-url="/falha.xhtml"/>
        <intercept-url pattern="/web/**" access="ROLE_ADMIN" />
        <logout invalidate-session="true" logout-success-url="/index.xhtml" logout-url="/logout"/>
    </http>

    <beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" >
        <beans:property name="url" value="jdbc:mysql://localhost:3306/producao" />
        <beans:property name="driverClassName" value="com.mysql.jdbc.Driver" />
        <beans:property name="username" value="root" />
        <beans:property name="password" value="vertrigo" />
    </beans:bean>

    <authentication-manager>
        <authentication-provider>
            <jdbc-user-service data-source-ref="dataSource"
                users-by-username-query="SELECT nome, senha, 'true' as enable FROM usuario WHERE nome=?"
                authorities-by-username-query="SELECT nome, autorizacao FROM usuario WHERE nome=?"
            />
        </authentication-provider>
    </authentication-manager>

</beans:beans>

como eu faço agora para fazer este controle alguem pode me ajudar?
Grato

#2