Stack trace when using Spring Security

Question

I'm using Spring Security for user authentication in my web app and I noticed this in my stack trace:

[DEBUG] [http-bio-8080-exec-3 10:48:02] (ExceptionTranslationFilter.java:handleSpringSecurityException:165) Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
etc...

Is this normal behavior? I now it's not an error, but it looks similar :)

Answer 1

It is a debug message that tell you spring is redirecting to login page because of an anonymous access to a restricted area.

You can change the log level for org.springframework.security packege if you want, but this is a normal behaviour

Answer 2

Yes, this is normal; note that this is not an error, only a debug.

This is how Spring's filter-chain works - when one filter fails, it returns to the next chain. In this case it is the ExceptionTranslationFilter that fails, and now the authentication filter (UsernamePasswordFilter?) attempts to authenticate the user.