This text is directly from my console registrar when used locally. The second line immediately follows the first. I'm not sure what is going on behind the scenes that provide an access-denied exception.
2014-01-30 07:48:14.854 INFO 5452 --- [nio-8085-exec-3] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Jan 30 07:48:14 CST 2014, principal=r2n, type=AUTHENTICATION_SUCCESS, data={details=org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: 2C7EC273522BB6880EE3410201F8A41F}]
2014-01-30 07:48:14.859 INFO 5452 --- [nio-8085-exec-4] o.s.b.a.audit.listener.AuditListener : AuditEvent [timestamp=Thu Jan 30 07:48:14 CST 2014, principal=r2n, type=AUTHORIZATION_FAILURE, data={message=Access is denied, type=org.springframework.security.access.AccessDeniedException}]
My code is compiled using Spring Boot version 1.0.0.RC1, Spring Security 3.1.0.Release and thymeleaf for Spring 2.1.1.Release. I know that there are some conflicts with the underlying Spring dependencies and the thimeleaf for Spring 3 as Spring boot uses Spring 4.
I do not think that my problems are at their core.
Here, the WebSecurityConfiguration code extends the WebSecurityConfigurerAdapter. My authentication uses ldap.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/error").anonymous()
.antMatchers("/navigation").anonymous()
.antMatchers("/**").hasRole("ADMIN")
.and()
.formLogin()
.permitAll()
.defaultSuccessUrl("/")
.and()
.csrf().disable();
}