Hi
Please give me a clarification for the below Spring Security 3.0 configuration.
My understanding is that the action of checking if the user has the 'SPECIFIED_ROLE' happens only after the CAS Authentication is done. Please let me know if that is right.
Code:
<security:http auto-config='true' entry-point-ref="casAuthEntryPoint">
<security:intercept-url pattern="/*" access="SPECIFIED_ROLE" />
<security:custom-filter ref="casAuthenticationFilter" position="CAS_FILTER" />
</security:http>
The requirement is that the user is given access to the web resource only when the user is successfully authenticated and has the 'SPECIFIED_ROLE' .

Thanks.
CLingan