Hi,

after searching a quite long time i'm really stuck...

PROBLEM #1:
i'm using spring security core 1.2.7.3 and spring security ui 0.2 plugins in a project and have configured a requestmap in my db.

if a user tries to access a "secured" url, he/she should be redirected to the login page. right?
ok. works.

but what's weird: the login page renders without my layout... e.g. main.gsp in my layouts folder. just the plain login gsp. because i have a custom login page, i really do need this, e.g. buttons won't work without linking some javascript...

if i call login page "normally", means i click on a login-link, everything's ok.

PROBLEM #2:
sorry for posting a second question in the same thread, but i'm not sure if this has something to do with the first problem or not.

if a user is logged in and has opened a user-specific page, e.g. "my profile", and does no action until a session-timeout: session is gone, but doing a page-refresh i get an error 500... in my opinion the user should be redirected to the login page too?! am i completely wrong?!?

THX for any hints?!