I am using Spring Security 3.1.2 This version allows multiple "http" tags.
I have an application that has two separate login pages, one for user and another for admin. Both of them will use the same authentication manager.
I have build my spring-security.xml in the following manner
<sec:http pattern="/loginForm.jsp" security="none"/>
<sec:http pattern="/loginForm2.jsp" security="none"/>
<sec:http auto-config="true">
<sec:intercept-url pattern="/login1*" access="ROLE_USER" />
<sec:form-login login-page="/loginForm.jsp" default-target-url="/login1"
authentication-failure-url="/loginForm.jsp?login_error=1" />
<sec:logout logout-success-url="/loginForm.jsp" />
</sec:http>
<sec:http auto-config="true">
<sec:intercept-url pattern="/login2*" access="ROLE_ADMIN" />
<sec:form-login login-page="/loginForm2.jsp" default-target-url="/login2"
authentication-failure-url="/loginForm2.jsp?login_error=1" />
<sec:logout logout-success-url="/loginForm2.jsp" />
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider>
<sec:user-service>
<sec:user name="qwertyui" password="123456" authorities="ROLE_USER" />
<sec:user name="asdfghjk" password="123456" authorities="ROLE_USER" />
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>
But I am getting this error "A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your namespace or FilterChainProxy bean configuration"
If I omit any one of the tag, it works fine.
