I've been struggling configuring spring security for too many hours. What I'm trying to accomplish is that authentication process could be toggled on/off at runtime. My idea was that I could extend FilterSecurityInterceptor and override it's doFilter-method to check whether authentication is "enabled"..(yes I know security shouldn't probably be toggled on/off at runtime..)
However, I'm in trouble figuring out how security namespace and "traditional" bean configurations mix..Or do they mix at all?
I've tried to provide bean with id 'filterSecurityInterceptor'. As far as I'm concerned this is the way it should be, right? I mean that those security namespace auto-created beans should/could be overriden in spring.xml with specific id, sort of callback...Or are I'm lost here? Anyhow if that's not the case, I can give custom-filter in position 'FilterSecurityInterceptor' to http-element. But that doesn't seem to work either...filterSecurityInterceptor requires something called 'securityMetadataSource' which in turns seems to be related to sec:http-element / intercept-url -mapping..However, If I don't use security namespace config, do I really need to make all bean definitions by hand? That doesn't sound right either..