By default, most Spring Security implementations use an AnonymousAuthenticationProvider.

However, if you have this enabled, the SocialAuthenticationFilter will not work because it only tests to see if the current Authentication is null or has not already been authenticated.

    Authentication auth = getAuthentication();
    if (auth == null || !auth.isAuthenticated()) {
        return doAuthentication(authService, request, token);
    } else {
        addConnection(authService, request, token, auth);
        return auth;
    }

The AnonymousAuthenticationProvider will create an Authentication object that is authenticated, so the code to attempt authentication will never be executed. Instead, the filter will attempt to add a non-existent connection and throw an exception.

The fix is to add an additional test to see if the Authentication object is an anonymous user and continue executing as if the user has not been authenticated.