User Name and Password required validation with Sitemesh

My login controller is:
public class LoginLogoutController {
// Authentication has occurred previously by UserNamePasswordAuthenticationFilter.
// This simply validates the Form
@RequestMapping(value = "/login.html", method = RequestMethod.POST)
public String login(@Valid @ModelAttribute("loginForm") LoginForm loginForm,
BindingResult result, Map<String, String> model) {
return "/login";
}
@RequestMapping(value = "/login.html", method = RequestMethod.GET)
public String loginForm() {
return "login";
}
}

I have Sitemesh Filter declared after SpringSecurity Filter as recommended. I have configured Spring Security to "forward" on authentication failure rather than re-direct.

My problem is that on Authentication failure, although the POST method of the controller is called, Sitemesh filter is not invoked and the returned login page is not decorated. I think this is because the SimpleUrlAuthenticationFailureHandler does a request.getRequestDispatcher(defaultFailureUrl).fo rward(request, response) and does not invoke the rest of the filter chain.

Am I missing something? I want to keep the authentication code out of my controller and abstracted away.

Thanks in advance for any help

Did you ever solve this problem. I'm trying to do a sitemesh implementation with some secured pages. I'm "logged" in, but site mesh calls are getting redirected to login url. Any advice?

http://forum.springsource.org/showth...emesh+remember

If you add
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
to your web.xml. your request will be invoke the sitemeshfilter!