anonymous wrote : Does this restrict access to users with a "valid-user" role or does the unchecked with the wildcard allow anyone to access the secureMethod?
If i am not wrong, i remember reading a similar post where it was mentioned that in such cases the stricter restriction will be used for authorization. So in your case, only the users with a "valid-user" role will be allowed to access the secureMethod. Getting this confirmed through a testcase would be great. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4024264#4024264 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4024264 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user