a user DIRECTLY goes to the login page and types correct username
and password. the page a user should go after a successful login
is a secured page, such as the following
this user does not have a role allowing him to visit this area. instead
of throwing denied access exceptions, acegi throws UsernameNotFoundException
and redirects the user back to the login page. this is a confusing logic.
(based on that exception, my app displays an wrong error message)
not quite sure whether other users have similar observations or i did
thanks for your feedback!