Ruben, > We are using the CAS-enabled security configuration that's provided in the > source code.
what version are you running? > That being said, I don't think I follow. I thought all requests passed > through Spring security, and it let them go or not according to the rules > defined in that xml file you pointed out. Just in case, those are the (I > think) relevant lines: Only requests that are matched by the Spring Security configuration will have a vaild SecurityContext. No security context is assigned to those requests that match a rule with a filters="none" attribute. > <sec:intercept-url pattern='/info/me.json' method="GET" > access='ROLE_ANONYMOUS, ROLE_USER' /> > > <sec:intercept-url pattern='/search/**' method="GET" access='ROLE_ANONYMOUS, > ROLE_USER' /> That looks good, and indicates that there is something else that's going wrong. Yous should definitely be seeing the admin role that is assigned to the digest user. Tobias _______________________________________________ Matterhorn mailing list [email protected] http://lists.opencastproject.org/mailman/listinfo/matterhorn To unsubscribe please email [email protected] _______________________________________________
