I noticed today, during a timeout, that acegi security is not applied to URLs with query parameters.
My objectDefinitionSource is defined as follows:
The reason why I'm not using /** as role definition, is that I don't want my css/images/js/.. to be secured. Those should be both available to all types of users.
How should I fix this problem in my application, in a secure way??