Mapping an exception to 404 page while using Spring Security taglibs

Question

When mapping an Exception to 404 page, the Spring Security tags can\'t find the authentication information from the security context. With a \"real\" 404 the authentication is f

Answer 1

The most probable case is that some component in your code is calling HttpSession.invalidate() while exception handling. You can easily find this out by a simple debugging.

But actually it is not necessary to check for isAnonymous() - it is enough to check for user not having ROLE_USER authority:

• In Spring Security 2: you can use areNotGranted attribute of tag (see Spring Security 2 documentation
• In Spring Security 3: you can use Spring EL for evaluation of negative condition: access="!hasRole('ROLE_USER')"