I have a UserManager class that I'm trying to enforce method invocation security on. So far it is working beautifully with only one exception... I can't have users create a new account any more [which limits the functionality somewhat ].
The problem is two fold. The first issue I discovered was that if a user tried to run the signup action before the first user logged in, the SecureContext is not created, so the signup action throws an Exception with the error message "A valid SecureContext was not found in the RequestContext". This makes sense to me, and may be something that I just have to deal with.
The second part of the problem is after the SecureContext has been created, when a user tries to singup, they get an Exception with this message:
"Authentication credentials were not found in the SecureContext"
I tried making an "AuthenticationVoter" that would grant access based on (authentication == null ^ isAuthenticationRequired()), but it seems to be returning the exception prior to my AccessDecisionVoter.
Any suggestions about how I should approach this?