Hi Brent,
Sure, I assume by "2-way SSL", you mean the combination of standard server SSL and client certificate authentication. We definitely cover this in the book, in fact there is an entire chapter on configuring Spring Security 3 to use this method of authentication (also called X.509 authentication).
Role-based authorization can be configured independently of the authentication method you use, so you can definitely combine these two.
You may want to see my prior responses on both these subjects yesterday:
*
Spring 3 and X.509 Authentication
*
Extension to ACL in Spring Security
*
Security RBAC
Hope this answers your question!
Best,
Peter
Author, Spring Security 3 (the Book), Packt Publishing, 2010
SCJP, OCP