Hi,

Ive been reading through the spring security docs (halfway so far) as I intend to introduce spring security into an existing application that is using rest services and oauth. The current application was using jersey and had an authentication filter on each controller.

I am confused reading the section on 8.2 FilterChainProxy and using the example:

Code:
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
  <constructor-arg>
    <list>
      <sec:filter-chain pattern="/restful/**" filters="
           securityContextPersistenceFilterWithASCFalse,
           basicAuthenticationFilter,
           exceptionTranslationFilter,
           filterSecurityInterceptor" />
      <sec:filter-chain pattern="/**" filters="
           securityContextPersistenceFilterWithASCTrue,
           formLoginFilter,
           exceptionTranslationFilter,
           filterSecurityInterceptor" />
    </list>
  </constructor-arg>
</bean>
As my application is using rest it would make sense that I use securityContextPersistenceFilterWithASCFalse (example above) so I dont create a wasteful HttpSessions.

Is it then ok to pick and choose what filters I need providing they are in the correct order? And using the approach above I have to explicitly define the bean declarations of the filters in the xml config.

So what im getting at is that do I have to declare the bean "exceptionTranslationFilter" for example in the xml, even though I dont intend on changing the way it works?

Thanks in advance