Jan 13th, 2010, 02:28 AM
AuthenticationCredentialsNotFoundException with PreAuthorize hasAnyRole annotation
Using a PreAuthorize tag on a bean, e.g.
I get "An Authentication object was not found in the SecurityContext" exception when not authenticated.
Would it not make more sense to get a "Access is denied" exception which I get when invoking that method after authentication with a user with none of the required roles
Am I missing something (obvious)?
Jan 13th, 2010, 12:37 PM
No. The AuthenticationCredentialsNotFoundException is what drives the authentication process. You get an AccessDeniedException if you are authenticated but don't have sufficient rights.
Originally Posted by pgp.coppens
Note that there is a bug with the use of hasAnyRole(), which will be fixed in 3.0.1 (check Jira), but that isn't what is happening here.
Jan 13th, 2010, 04:05 PM
Appreciate your quick reply. So if my manage to setup such that at least anonymous authentication is available the access denied would show up?
(I am actually struggling configuring anonymous authentication in my env. The app is running outside a webapp. any pointers to example would be appreciated)