Thanks Ben. It works like a charm.
And I can also have my own AuthenticationTrustResolver
Implementation to send 403 response
to anonymous user who doesn't have PRIVATE_ANONYMOUS
role.
Hongbo
--- Ben Alex [EMAIL PROTECTED] wrote:
Hongbo HE wrote:
My config is like following:
Hongbo HE wrote:
My config is like following:
The configuration is incorrect. In your case you will require not one
but two AnonymousProcessingFilters. The first will be the standard
AnonymousProcessingFilter which will always setup the
SecurityContextHolder with ROLE_ANONYMOUS. The