From 244d75688ae8fb85242b1bebedfc0551b14ce00a Mon Sep 17 00:00:00 2001
From: Luis Cordova <cordoval@gmail.com>
Date: Sat, 4 Jan 2014 12:36:12 -0500
Subject: [PATCH] add note when forbidding access to anonymous users on custom
 authentication provider

---
 cookbook/security/custom_authentication_provider.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/cookbook/security/custom_authentication_provider.rst b/cookbook/security/custom_authentication_provider.rst
index 7bdf7f5e213..ba3a6638215 100644
--- a/cookbook/security/custom_authentication_provider.rst
+++ b/cookbook/security/custom_authentication_provider.rst
@@ -182,6 +182,13 @@ a 403 Response is returned.
     does not require maintaining authentication sessions or login forms, it
     won't be used for this example.
 
+.. note::
+
+    Returning prematurely from the listener is relevant only if you want to chain
+    authentication providers (for example to allow anonymous users). If you want
+    to forbid access to anonymous users and have a nice 403 error, you should set
+    the status code of the response before returning.
+
 The Authentication Provider
 ---------------------------