How to unsecure /** URL pattern in spring-security

Question

I'm trying to unsecure the /** pattern, but all my tries are in vain so far.

This is what I'm doing:

<security:intercept-url pattern="/**" filters="none" />

My configuration doesn't contain any more intercept-url definitions.

However after accessing any URL I still get redirected to the default entry point...

I debugged the spring security source and I can actually see the the filters being loaded for the URL I'm trying to access. (FilterChainProxy line: 154, the filters list is full)

Any insight into why this happens and how to unsecure /** would be very appreciated.

I'm using 3.0.5.RELEASE

---

EDIT:

Security configuration:

 <security:http auto-config="false" use-expressions="true" entry-point-ref="loginUrlAuthenticationEntryPoint">
    <!-- dev --><security:intercept-url pattern="/**" filters="none" />

    <security:custom-filter position="FORM_LOGIN_FILTER" ref="absoluteUrlSsoFilter" />
</security:http>

<security:authentication-manager>
    <security:authentication-provider user-service-ref="ssoDetailsService" />
</security:authentication-manager>

This is the relevant part, I could also give you the bean definitions, but I doubt the problem is there.

Answer 1

at least in grails, you could set the security setting to IS_AUTHENTICATED_ANONYMOUSLY. Since the grails spring security plugin is based on spring security, I bet this would work.

no need to play with filters or anything.