Hi @ll !!

I have a problem with my following configuration:

<security:http entry-point-ref="loginUrlAuthenticationEntryPoint" auto-config="true" use-expressions="true" disable-url-rewriting="true">
...
<security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')" />
<security:intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
<security:form-login login-page="/index.htm" default-target-url="/start.htm" always-use-default-target="true" authentication-failure-url="/index.htm" />
<security:logout />
<session-management session-authentication-strategy-ref="sas" />
</security:http>

<security:authentication-manager alias="authenticationManager">
<authentication-provider ref='authenticationProvider' />
</security:authentication-manager>

<beans:bean id="authenticationProvider"
class="de.oyb.fangoetter.web.security.Authenticati onProvider">
<beansroperty name="accountDao" ref="accountDao" />
</beans:bean>

<beans:bean id="sas"
class="org.springframework.security.web.authentica tion.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg ref="sessionRegistry" />
<beansroperty name="maximumSessions" value="1" />
</beans:bean>

<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.S essionRegistryImpl" />

<beans:bean id="loginUrlAuthenticationEntryPoint"
class="org.springframework.security.web.authentica tion.LoginUrlAuthenticationEntryPoint">
<beansroperty name="loginFormUrl" value="/index.htm" />
<beansroperty name="useForward" value="true" />
</beans:bean>


When I am now typing /user/home.htm for the URL without login, I am NOT redirecting to the LoginUrlAuthenticationEntryPoint, but I see /user/home.htm with no session data at all.

What might be wrong here?