Alvin Chee (Migrated from SEC-1345) said:
For minimal required configuration. For example, the intercept-url "access" attribute must be prefixed with "ROLE_" or exception thrown during startup.
<sec:intercept-url pattern="/**" access="ROLE_SUPER_USER" />
Luke Taylor said:
This would break existing configurations where the prefix is already present in the stored attribute values.