User must be authenticated with Spring Security before authorization can be completed