The configuration above will not prevent exceptions, specially in my case where i am using Siteminder as a pre-Auth mechanism with Spring security 2.0.5Code:<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
I went through Spring security code and found the following:
Class: FilterChainProxyPostProcessor
Method: postProcessBeforeInitialization
In the code above the getMatcher() will return AntUrlPathMatcher and getUniversalMatchPattern() will return "/**" and filters will be the default list of filters (HttpSessionContextIntegrationFilter, RequestHeaderPreAuthenticatedProcessingFilter, SecurityContextHolderAwareRequestFilter, ExceptionTranslationFilter, SessionFixationProtectionFilter, FilterSecurityInterceptor)Code:Map filterMap = filterChainProxy.getFilterChainMap(); filterMap.put(filterChainProxy.getMatcher().getUniversalMatchPattern(), filters);
So this code overrides what you provide in security application context
