The following URLs are treated as virtual URLs by Spring Security, and watched (and processed) as part of servlet filter processing, independently of your code. Remember that these URLs are relative to your web application's context root.
UsernamePasswordAuthenticationFilterfor username/password form authentication.
OpenIDAuthenticationFilterfor OpenID returning authentication (from the OpenID provider).
/j_spring_cas_security_check—used by CAS authentication upon return from CAS SSO login.
/spring_security_login—the URL used by the
DefaultLoginPageGeneratingFilterwhen configured to auto-generate a login page.