if i set intercept-url with filters='none' , everyone can access it but i cannot get SecurityContextHolder.getContext().getAuthentication().getPrincipal(), even though, user is logined in. (just exactly mentioned in http://static.springsource.org/spring-security/site/faq.html#faq-anon-access-denied )
On the other hand, if i set access='role_user', only authenticated user able to access it. I want to allow both "not authenticated" and "authenticated" use to access the url and use SecurityContextHolder.getContext().getAuthentication() to check user is already authenticated. How should i put as parameter in intercept-url ?
web.xmlfilter settings and the spring security configuration – Ralph