diff --git a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
index 2eda425d44..7884343123 100644
--- a/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
+++ b/web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java
@@ -40,6 +40,7 @@ public class AuthorizationWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return ReactiveSecurityContextHolder.getContext()
+			.filter(c -> c.getAuthentication() != null)
 			.map(SecurityContext::getAuthentication)
 			.as(authentication -> this.accessDecisionManager.verify(authentication, exchange))
 			.switchIfEmpty(chain.filter(exchange));
diff --git a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
index dd5566baa9..6f49d4a3fc 100644
--- a/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
+++ b/web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java
@@ -63,7 +63,7 @@ public class AuthorizationWebFilterTests {
 	@Test
 	public void filterWhenNoAuthenticationThenThrowsAccessDenied() {
 		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
-		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> Mono.error(new AccessDeniedException("Denied")));
+		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a.flatMap(auth -> Mono.error(new AccessDeniedException("Denied"))));
 
 		Mono<Void> result = filter
 			.filter(this.exchange, this.chain)