Accepted answer

The security logic is executed after the routing logic (prior to 2.1, it was execute before). This means that a 404 error thrown by the router cannot use security, as there is no information about the security yet.

Nut you can also throw 404 errors in a controller, where security information is available. To make it available in any case, check if the security context is available and set up and if not, just render the not logged in templated

Related Query

More Query from same tag