diff --git a/src/Symfony/Component/Security/Http/Firewall/AccessListener.php b/src/Symfony/Component/Security/Http/Firewall/AccessListener.php
index e285a249f3713..28062c5581c9e 100644
--- a/src/Symfony/Component/Security/Http/Firewall/AccessListener.php
+++ b/src/Symfony/Component/Security/Http/Firewall/AccessListener.php
@@ -47,10 +47,6 @@ public function __construct(TokenStorageInterface $tokenStorage, AccessDecisionM
      */
     public function handle(GetResponseEvent $event)
     {
-        if (null === $token = $this->tokenStorage->getToken()) {
-            throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
-        }
-
         $request = $event->getRequest();
 
         list($attributes) = $this->map->getPatterns($request);
@@ -59,6 +55,10 @@ public function handle(GetResponseEvent $event)
             return;
         }
 
+        if (null === $token = $this->tokenStorage->getToken()) {
+            throw new AuthenticationCredentialsNotFoundException('A Token was not found in the TokenStorage.');
+        }
+
         if (!$token->isAuthenticated()) {
             $token = $this->authManager->authenticate($token);
             $this->tokenStorage->setToken($token);
diff --git a/src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php b/src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php
index c7f939e4c68e0..510f497f92b25 100644
--- a/src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php
+++ b/src/Symfony/Component/Security/Http/Tests/Firewall/AccessListenerTest.php
@@ -12,6 +12,14 @@
 namespace Symfony\Component\Security\Http\Tests\Firewall;
 
 use PHPUnit\Framework\TestCase;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RequestMatcher;
+use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\HttpKernel\KernelInterface;
+use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
+use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
+use Symfony\Component\Security\Http\AccessMap;
 use Symfony\Component\Security\Http\Firewall\AccessListener;
 
 class AccessListenerTest extends TestCase
@@ -181,25 +189,51 @@ public function testHandleWhenThereIsNoAccessMapEntryMatchingTheRequest()
         $listener->handle($event);
     }
 
-    public function testHandleWhenTheSecurityTokenStorageHasNoToken()
+    public function testHandleWhenTheSecurityTokenStorageHasNoTokenAndOnAnAccessControlledPathShouldThrowException()
     {
         $this->expectException('Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException');
-        $tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')->getMock();
-        $tokenStorage
-            ->expects($this->any())
-            ->method('getToken')
-            ->willReturn(null)
-        ;
+        $accessMap = new AccessMap();
+        $accessMap->add(new RequestMatcher('/private'), ['ROLE_USER']);
 
-        $listener = new AccessListener(
-            $tokenStorage,
-            $this->getMockBuilder('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface')->getMock(),
-            $this->getMockBuilder('Symfony\Component\Security\Http\AccessMapInterface')->getMock(),
-            $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock()
+        $accessListener = new AccessListener(
+            $tokenStorage = new TokenStorage(),
+            $this->createMock(AccessDecisionManagerInterface::class),
+            $accessMap,
+            $this->createMock(AuthenticationManagerInterface::class)
         );
 
-        $event = $this->getMockBuilder('Symfony\Component\HttpKernel\Event\GetResponseEvent')->disableOriginalConstructor()->getMock();
+        $request = Request::create('/private/profile');
+        $requestEvent = new GetResponseEvent(
+            $this->createMock(KernelInterface::class),
+            $request,
+            KernelInterface::MASTER_REQUEST
+        );
 
-        $listener->handle($event);
+        $accessListener->handle($requestEvent);
+    }
+
+    /**
+     * @doesNotPerformAssertions
+     */
+    public function testHandleWhenTheSecurityTokenStorageHasNoTokenButOutOfAnAccessControlledPathShouldNotThrowException()
+    {
+        $accessMap = new AccessMap();
+        $accessMap->add(new RequestMatcher('/private'), ['ROLE_USER']);
+
+        $accessListener = new AccessListener(
+            $tokenStorage = new TokenStorage(),
+            $this->createMock(AccessDecisionManagerInterface::class),
+            $accessMap,
+            $this->createMock(AuthenticationManagerInterface::class)
+        );
+
+        $request = Request::create('/login');
+        $requestEvent = new GetResponseEvent(
+            $this->createMock(KernelInterface::class),
+            $request,
+            KernelInterface::MASTER_REQUEST
+        );
+
+        $accessListener->handle($requestEvent);
     }
 }