I don’t know any spring-security out-of-the-box solution that will answer your requirement, but I can suggest you a way for implementing it.

1. Declare a url for the “view the site as” action with a query param to get the user name, for example: /myApp/viewTheSiteAs?user=marley

2. Write your own custom filter that will do the following:
   
   2.1 Validate that the authenticated user is “admin” user
   2.2 Extract the user from the action (“marley” :-))
   2.3 Validate that it exists (using the UserDetailsService).
   2.4 Construct new Authentication object with the granted authorities that fits the user you have extracted, and replace the current Authentication object with your own object: SecurityContextHolder.getContext().setAuthentication(myNewAuthObject)

3. Add a filter chain in spring security config file for /ViewTheSiteAs that will act as regular filter chain (should authenticate the “real” user as regular), and locate your custom filter at the end of the chain.

Doing the following will cause spring security to think that the user from viewTheSiteAs action is the authenticated one, and by that check the permissions according this user.

p.s. – this is not a security break since it downgrades the authenticated user permissions, which means “less powerful” user.

Good luck.