Hi, I am new to spring security. All the examples that I have gone through use DelegatingFilterProxy, so that spring security sits between user and application. Is it possible to let the application decide with what all parameters call spring security. For ex, the controller decides what all actions are associated with the URL and calls security layer to authenticate/authorize and then passes them to business layer.