Announcement Announcement Module
Collapse
No announcement yet.
AuthenticationCredentialsNotFoundException with PreAuthorize hasAnyRole annotation Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • AuthenticationCredentialsNotFoundException with PreAuthorize hasAnyRole annotation

    Gentlepeople,

    Using a PreAuthorize tag on a bean, e.g.


    @PreAuthorize("hasAnyRole('Administrator','Supervi sor')")


    I get "An Authentication object was not found in the SecurityContext" exception when not authenticated.

    Would it not make more sense to get a "Access is denied" exception which I get when invoking that method after authentication with a user with none of the required roles

    Am I missing something (obvious)?

    Thanks

    Peter

  • #2
    Originally posted by pgp.coppens View Post

    I get "An Authentication object was not found in the SecurityContext" exception when not authenticated.
    No. The AuthenticationCredentialsNotFoundException is what drives the authentication process. You get an AccessDeniedException if you are authenticated but don't have sufficient rights.

    Note that there is a bug with the use of hasAnyRole(), which will be fixed in 3.0.1 (check Jira), but that isn't what is happening here.

    Comment


    • #3
      Appreciate your quick reply. So if my manage to setup such that at least anonymous authentication is available the access denied would show up?

      (I am actually struggling configuring anonymous authentication in my env. The app is running outside a webapp. any pointers to example would be appreciated)

      Thanks

      Peter

      Comment

      Working...
      X