From e73b38bc42091643618ff3e4749c03bb0fc6b190 Mon Sep 17 00:00:00 2001 From: Nyholm Date: Sun, 3 May 2020 17:44:13 +0200 Subject: [PATCH] Added note about anonymous users and access denied handlers --- security/access_denied_handler.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/security/access_denied_handler.rst b/security/access_denied_handler.rst index bb55d4f6c83..ea8a88d656f 100644 --- a/security/access_denied_handler.rst +++ b/security/access_denied_handler.rst @@ -70,3 +70,8 @@ configure it under your firewall: That's it! Any ``AccessDeniedException`` thrown by code under the ``main`` firewall will now be handled by your service. + +.. note:: + + The ``AccessDeniedHandler`` will not be invoked if an anonymous user is trying to + access a protected resource. That will be an ``InsufficientAuthenticationException``.