Gentlepeople,

Using a PreAuthorize tag on a bean, e.g.


@PreAuthorize("hasAnyRole('Administrator','Supervi sor')")


I get "An Authentication object was not found in the SecurityContext" exception when not authenticated.

Would it not make more sense to get a "Access is denied" exception which I get when invoking that method after authentication with a user with none of the required roles

Am I missing something (obvious)?

Thanks

Peter