Please give me a clarification for the below Spring Security 3.0 configuration.
My understanding is that the action of checking if the user has the 'SPECIFIED_ROLE' happens only after the CAS Authentication is done. Please let me know if that is right.
The requirement is that the user is given access to the web resource only when the user is successfully authenticated and has the 'SPECIFIED_ROLE' .
<security:http auto-config='true' entry-point-ref="casAuthEntryPoint">
<security:intercept-url pattern="/*" access="SPECIFIED_ROLE" />
<security:custom-filter ref="casAuthenticationFilter" position="CAS_FILTER" />