Perhaps I'm confused, but it seems the issue (which was closed as part of Spring 1.0.4) isn't fully flushed out. Although the patch allows one to add multiple URLs as entry points by overriding the determineUrlToUseForThisRequest method. There is no such equivalent for the various exception handling pages. For example, the AuthenticationProcessingFilter.authenticationFailu reUrl method is a static mapping. Perhaps the design was that an Acegi user would set the authenticationFailureUrl everytime the onUnsuccessfulAuthentication method is called? Also, is there a workaround for the ConcurrentSessionFilter's expiredUrl? Otherwise, the user may be presented with a login page that is not appropriate for their role, etc...this can be confusing.