Hi all, (be kind i'm really new to Spring).
I was able to configure security JDBC-based and also CAS-Based in two different projects.
Now .. i need both on the same project.

i have done something like this...

a login form like project one (jdbc security)and a link to cas like project two in main page menu:


1) https://mydom:9443/myapp/security/login
---> login.jsp: action="myapp/j_spring_security_check"

2) https://cas.it:9443/cas-server-webapp/login?service=https%3A%2F%2Fmydom%3A7443%2Fmyapp%2 Fj_spring_cas_security_check


users can autenticate in both way and all works fine. (if they use my links)
but if thery are anonymousUser and they go on a reserved resource cas filter start first and they cant choose:

i understand this is because CAS_FILTER come first of FORM_LOGIN_FILTER.
in the cas login page if they cant autenticate they are stuck.


<security:http
authentication-manager-ref="authenticationmanager"
entry-point-ref="casEntryPoint"
use-expressions="true"
>
<security:port-mappings ><security:port-mapping http="#{env.application_http}" https="#{env.application_https}"/>
</security:port-mappings>

<form-login login-page="/security/login" authentication-failure-url="/security/loginfailed" />
<intercept-url pattern="/**/j_spring_security_check" requires-channel="https" />
<intercept-url pattern="/**" requires-channel="https" />
<access-denied-handler error-page="/security/denied" />
<security:custom-filter position="CAS_FILTER" ref="casFilter" />
<logout logout-success-url="/security/logout" invalidate-session="false" />
<custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/>
<custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/>
</security:http>



i dont like the idea of processing cas password by my application, its against the cas filosofy.

i'd like something like a popup on a reserved resource: "where do you want to autenticate ?" choose ..cas/ local.

So ...what should i do ? i'm stuck like my users ... (some custom popup filter ? )

-----------------------------------------



<authentication-manager id="authenticationmanager">
<authentication-provider user-service-ref="userService">
<security:password-encoder hash="md5"></security:password-encoder>
</authentication-provider>
</authentication-manager>



<beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutF ilter"/>


<beans:bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentica tion.logout.LogoutFilter">
<beans:constructor-arg value="#{env.cas_service_logout}"/>
<beans:constructor-arg>
<beans:bean class=
"org.springframework.security.web.authentication.l ogout.SecurityContextLogoutHandler"/>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/>
</beans:bean>




<beans:bean id="serviceProperties"
class="org.springframework.security.cas.ServicePro perties">
<beans:property name="service"
value="#{'https://' + env.application_domain + ':' + env.application_https + '/' + env.application_name + '/j_spring_cas_security_check' }"/>
<beans:property name="sendRenew" value="false"/>
</beans:bean>



<beans:bean id="casFilter"
class="org.springframework.security.cas.web.CasAut henticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>



<beans:bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAut henticationEntryPoint">
<beans:property name="loginUrl" value="#{env.cas_service_login}"/>
<beans:property name="serviceProperties" ref="serviceProperties"/>
</beans:bean>



<beans:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentica tion.CasAuthenticationProvider">
<beans:property name="userDetailsService" ref="userService"/>
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean class="org.jasig.cas.client.validation.Cas20Servic eTicketValidator">
<beans:constructor-arg index="0" value="#{env.cas_service}" />
</beans:bean>
</beans:property>
<beans:property name="key" value="#{env.application_name+'casid'}"/>
</beans:bean>



<jdbc-user-service
id="userService"
data-source-ref="dataSource"
users-by-username-query="select USERID, lower(PASSWD), 1 from ute where USERID=?"
authorities-by-username-query="select USERID, RUOLO from UTE where USERID=?" />




<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider" />
</security:authentication-manager>