I know that servlet forwards (as opposed to redirects) arent supposed to be secured by ACEGI as per the post below:
However when using a 2.4 servlet container a filter can be used to intercept forwards (as the last post on the above thread points out). But checking the FilterSecurityInterceptor code I noticed that it does not apply the filter for requests that were already verified, so when the filter is invoked for forwards the access is not secured anymore. I tried simply removing this check and security works just fine for both requests and forwards. Is there a reason why this repeated security check is avoided, or it can be safely removed?