Switch from 0.8.0 to 0.8.1 and anonymous authentication

[smileys]

I switched from version 0.8.0 to version 0.8.1. Before the switch, all pages which were defined as visible to "ROLE_ANONYMOUS" were visible before log in. After the switch, these pages are only visible after log in.
I switched back to 0.8.0 and saw the expected behaviour.

My applicationContext-security.xml has the following specified pertaining to anonymous users:

<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy" >
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,authenticat ionProcessingFilter,basicProcessingFilter,anonymou sProcessingFilter,securityEnforcementFilter
</value>
</property>
</bean>

<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderMana ger">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<ref local="anonymousAuthenticationProvider"/>
</list>
</property>
</bean>

<bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.An onymousProcessingFilter">
<property name="key"><value>foobar</value></property>
<property name="userAttribute"><value>anonymousUser,ROLE_ANO NYMOUS</value></property>
</bean>

<bean id="anonymousAuthenticationProvider" class="net.sf.acegisecurity.providers.anonymous.An onymousAuthenticationProvider">
<property name="key"><value>foobar</value></property>
</bean>

<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSe curityInterceptor">
<property name="authenticationManager"><ref bean="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/index.jsp=ROLE_ANONYMOUS,ROLE_USER
/logoff.jsp=ROLE_ANONYMOUS,ROLE_USER
/acegilogin.jsp*=ROLE_ANONYMOUS,ROLE_USER
/dataelementlist.html*=ROLE_ANONYMOUS,ROLE_USER
...
/*.html*=ROLE_USER,Administrator
</value>
</property>
</bean>

With this configuration, I am able to see pages as an anonymous user with version 0.8.0 just fine, but with 0.8.1, I get the following exception:
javax.servlet.ServletException at
net.sf.acegisecurity.intercept.web.SecurityEnforce mentFilter.doFilter(SecurityEnforcementFilter.java :214) at
net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:311) at
net.sf.acegisecurity.providers.anonymous.Anonymous ProcessingFilter.doFilter(AnonymousProcessingFilte r.java:153) at
net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:311) at
net.sf.acegisecurity.ui.basicauth.BasicProcessingF ilter.doFilter(BasicProcessingFilter.java:212) at
net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:311) at
net.sf.acegisecurity.ui.AbstractProcessingFilter.d oFilter(AbstractProcessingFilter.java:374) at
net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:311) at
net.sf.acegisecurity.context.HttpSessionContextInt egrationFilter.doFilter(HttpSessionContextIntegrat ionFilter.java:225) at
net.sf.acegisecurity.util.FilterChainProxy$Virtual FilterChain.doFilter(FilterChainProxy.java:311) at
net.sf.acegisecurity.util.FilterChainProxy.doFilte r(FilterChainProxy.java:179) at
net.sf.acegisecurity.util.FilterToBeanProxy.doFilt er(FilterToBeanProxy.java:125) at
org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(ApplicationFilterChain.java:166)


I haved reviewed the documentation with version 0.8.1 about anonymous user configuration, but it does not appear to be different than that for 0.8.0. Is there something that I have missed?

[Ben Alex]

Very strange. The SecurityEnforcementFilter:214 is just re-throwing a ServletException, which shouldn't ever be created by Acegi Security code. Could the URI being requested somehow be causing a ServletException independent of Acegi Security code? Maybe try to get more information on the exception, perhaps from your servlet container log or by editing a local copy of SecurityEnforcementFilter to add this to the application log.