***************
*** 29,35 ****
  import org.opendaylight.controller.switchmanager.SwitchConfig;
  import org.opendaylight.controller.usermanager.IUserManager;
  import org.opendaylight.controller.web.IOneWeb;
- import org.springframework.security.core.context.SecurityContextHolder;
  import org.springframework.stereotype.Controller;
  import org.springframework.web.bind.annotation.PathVariable;
  import org.springframework.web.bind.annotation.RequestMapping;
--- 31,36 ----
  import org.opendaylight.controller.switchmanager.SwitchConfig;
  import org.opendaylight.controller.usermanager.IUserManager;
  import org.opendaylight.controller.web.IOneWeb;
  import org.springframework.stereotype.Controller;
  import org.springframework.web.bind.annotation.PathVariable;
  import org.springframework.web.bind.annotation.RequestMapping;
***************
*** 182,189 ****
      @RequestMapping(value = "/flow", method = RequestMethod.POST)
      @ResponseBody
      public String actionFlow(@RequestParam(required = true) String action,
-             @RequestParam(required = false) String body, @RequestParam(required = true) String nodeId) {
-     	if (!authorize(UserLevel.NETWORKADMIN)) {
      		return "Operation not authorized";
      	}
      	
--- 183,190 ----
      @RequestMapping(value = "/flow", method = RequestMethod.POST)
      @ResponseBody
      public String actionFlow(@RequestParam(required = true) String action,
+             @RequestParam(required = false) String body, @RequestParam(required = true) String nodeId, HttpServletRequest request) {
+     	if (!authorize(UserLevel.NETWORKADMIN, request)) {
      		return "Operation not authorized";
      	}
      	
***************
*** 206,213 ****
      @RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST)
      @ResponseBody
      public String removeFlow(@PathVariable("nodeId") String nodeId, @PathVariable("name") String name,
-     		@RequestParam(required = true) String action) {
-     	if (!authorize(UserLevel.NETWORKADMIN)) { return "Operation not authorized"; }
      	
      	IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
                  .getInstance(IForwardingRulesManager.class, "default", this);
--- 207,214 ----
      @RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST)
      @ResponseBody
      public String removeFlow(@PathVariable("nodeId") String nodeId, @PathVariable("name") String name,
+     		@RequestParam(required = true) String action, HttpServletRequest request) {
+     	if (!authorize(UserLevel.NETWORKADMIN, request)) { return "Operation not authorized"; }
      	
      	IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
                  .getInstance(IForwardingRulesManager.class, "default", this);
***************
*** 235,248 ****
       * 
       * @param level
       */
-     private boolean authorize(UserLevel level) {
      	IUserManager userManager = (IUserManager) ServiceHelper
                  .getGlobalInstance(IUserManager.class, this);
          if (userManager == null) {
          	return false;
          }
          
-         String username = SecurityContextHolder.getContext().getAuthentication().getName();
          UserLevel userLevel = userManager.getUserLevel(username);
          if (userLevel.toNumber() <= level.toNumber()) {
          	return true;
--- 236,249 ----
       * 
       * @param level
       */
+     private boolean authorize(UserLevel level, HttpServletRequest request) {
      	IUserManager userManager = (IUserManager) ServiceHelper
                  .getGlobalInstance(IUserManager.class, this);
          if (userManager == null) {
          	return false;
          }
          
+         String username = request.getUserPrincipal().getName();
          UserLevel userLevel = userManager.getUserLevel(username);
          if (userLevel.toNumber() <= level.toNumber()) {
          	return true;