Junior Member
AuthenticationCredentialsNotFoundException with PreAuthorize hasAnyRole annotation
Gentlepeople,
Using a PreAuthorize tag on a bean, e.g.
@PreAuthorize("hasAnyRole('Administrator','Supervi sor')")
I get "An Authentication object was not found in the SecurityContext" exception when not authenticated.
Would it not make more sense to get a "Access is denied" exception which I get when invoking that method after authentication with a user with none of the required roles
Am I missing something (obvious)?
Thanks
Peter
Senior Member
Acegi Security System TeamSpring Team
No. The AuthenticationCredentialsNotFoundException is what drives the authentication process. You get an AccessDeniedException if you are authenticated but don't have sufficient rights.Originally Posted by pgp.coppens
Note that there is a bug with the use of hasAnyRole(), which will be fixed in 3.0.1 (check Jira), but that isn't what is happening here.
Junior Member
Appreciate your quick reply. So if my manage to setup such that at least anonymous authentication is available the access denied would show up?
(I am actually struggling configuring anonymous authentication in my env. The app is running outside a webapp. any pointers to example would be appreciated)
Thanks
Peter
Posting Permissions
