This content has been marked as final. Show 1 reply
Does this restrict access to users with a "valid-user" role or does the unchecked with the wildcard allow anyone to access the secureMethod?
If i am not wrong, i remember reading a similar post where it was mentioned that in such cases the stricter restriction will be used for authorization. So in your case, only the users with a "valid-user" role will be allowed to access the secureMethod.
Getting this confirmed through a testcase would be great.