I have a web app managed by spring and I need to implement two ways to get to the same resource /foo. One way is via SAML and the spring-security-saml2 extension (which I have working alone) and the other is a custom authentication filter that I have already written.

The question is how to wire them up. I currently have both SAML and the custom filters defined:

Code:
  <bean id="myAuthenticationFilter" class="com.myco.MyAuthenticationProcessingFilter" >
    <property name="myService" ref="myService"/>
    <property name="defaultTargetUrl" value="/foo"/>
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="filterProcessesUrl" value="/foo/kind1"/>
    <security:custom-filter before="AUTHENTICATION_PROCESSING_FILTER"/>
  </bean>
and

Code:
  <bean id="samlProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter" depends-on="bootstrap">
    <property name="authenticationManager" ref="authenticationManager"/>
    <property name="defaultTargetUrl" value="/foo"/>
    <property name="filterProcessesUrl" value="/foo/kind2"/>
    <property name="webSSOprofile" ref="webSSOprofile" />
    <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER"/>
  </bean>
and my http config like:

Code:
  <security:http auto-config="false" entry-point-ref="defaultEntryPoint">
    <security:intercept-url pattern="/**" filters="none"/>
    <security:intercept-url pattern="/foo/**" access="IS_AUTHENTICATED_FULLY"/>
   </security:http>
On kind2 I have a form login page and I need the parameters from the form to be passed to the filter. In both cases if I go to the kind1 or kind2 pages, I get the filter called with no preprocessing, i.e. no Form displayed with a submit and no initial SAML stuff.

I think what I need is EntryPoints (there is one for SAML but not sure how to write a custom one) but I'm very confused as to how to wire this up. Any help would be much appreciated.

r