Ive been reading through the spring security docs (halfway so far) as I intend to introduce spring security into an existing application that is using rest services and oauth. The current application was using jersey and had an authentication filter on each controller.
I am confused reading the section on 8.2 FilterChainProxy and using the example:
As my application is using rest it would make sense that I use securityContextPersistenceFilterWithASCFalse (example above) so I dont create a wasteful HttpSessions.
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain pattern="/restful/**" filters="
<sec:filter-chain pattern="/**" filters="
Is it then ok to pick and choose what filters I need providing they are in the correct order? And using the approach above I have to explicitly define the bean declarations of the filters in the xml config.
So what im getting at is that do I have to declare the bean "exceptionTranslationFilter" for example in the xml, even though I dont intend on changing the way it works?
Thanks in advance