Hi,

For some reason anonymouse users are able to get through to some pages even though they are restricted.

We are using kerberos authentication + LDAP user details. Here's what our security section looks like:

Code:
	<sec:http entry-point-ref="spnegoEntryPoint">

<!-- These pages arent restricted, so its ok for anon users to come here -->
		<sec:intercept-url pattern="/sitescope.jsp" filters="none"/>
		<sec:intercept-url pattern="/js/**" filters="none"/>
		<sec:intercept-url pattern="/global/**" filters="none"/>
		<sec:intercept-url pattern="/images/**" filters="none"/>
		<sec:intercept-url pattern="/css/**" filters="none"/>

		<sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
		<sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_PROCESSING_FILTER" />
	</sec:http>

Does IS_AUTHENTICATED_FULLY allow anonymouseUsers ?

Any suggestions to block them?