Added extra test to itest/context as POC of using extra interceptor with http ns.

config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java

@@ -558,10 +558,12 @@ public class HttpSecurityBeanDefinitionParserTests {
         // Decorated user-filters should be added to stack. The others should be ignored.
         String contextHolderFilterClass = SecurityContextHolderAwareRequestFilter.class.getName();
         String contextPersistenceFilterClass = SecurityContextPersistenceFilter.class.getName();
+        System.setProperty("customFilterRef", "userFilter1");
 
         setContext(
+                "<b:bean class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'/>" +
                 "<http auto-config='true'>" +
-                "    <custom-filter position='FIRST' ref='userFilter1' />" +
+                "    <custom-filter position='FIRST' ref='${customFilterRef}' />" +
                 "    <custom-filter after='LOGOUT_FILTER' ref='userFilter' />" +
                 "    <custom-filter before='SECURITY_CONTEXT_FILTER' ref='userFilter3'/>" +
                 "</http>" + AUTH_PROVIDER_XML +

itest/context/src/test/java/org/springframework/security/integration/HttpNamespaceWithMultipleInterceptorsTests.java

@@ -0,0 +1,57 @@
+package org.springframework.security.integration;
+
+import static org.junit.Assert.*;
+
+import javax.servlet.http.HttpSession;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockFilterChain;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.mock.web.MockHttpSession;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.FilterChainProxy;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+@ContextConfiguration(locations={"/http-extra-fsi-app-context.xml"})
+@RunWith(SpringJUnit4ClassRunner.class)
+public class HttpNamespaceWithMultipleInterceptorsTests {
+
+    @Autowired
+    private FilterChainProxy fcp;
+
+    @Test
+    public void requestThatIsMatchedByDefaultInterceptorIsAllowed() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/somefile.html");
+        request.setSession(createAuthenticatedSession("ROLE_0", "ROLE_1", "ROLE_2"));
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        fcp.doFilter(request, response, new MockFilterChain());
+        assertEquals(200, response.getStatus());
+    }
+
+    @Test
+    public void securedUrlAccessIsRejectedWithoutRequiredRole() throws Exception {
+        MockHttpServletRequest request = new MockHttpServletRequest();
+        request.setServletPath("/secure/somefile.html");
+        request.setSession(createAuthenticatedSession("ROLE_0"));
+        MockHttpServletResponse response = new MockHttpServletResponse();
+        fcp.doFilter(request, response, new MockFilterChain());
+        assertEquals(403, response.getStatus());
+    }
+
+    public HttpSession createAuthenticatedSession(String... roles) {
+        MockHttpSession session = new MockHttpSession();
+        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("bob", "bobspassword", roles));
+        session.setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY, SecurityContextHolder.getContext());
+        SecurityContextHolder.clearContext();
+        return session;
+    }
+
+
+}

itest/context/src/test/resources/http-extra-fsi-app-context.xml

@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  -
+  -->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:sec="http://www.springframework.org/schema/security"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
+                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
+
+    <sec:http use-expressions="true">
+        <sec:intercept-url pattern="/**" access="permitAll" />
+        <sec:form-login />
+        <sec:custom-filter ref="fsi" after="FILTER_SECURITY_INTERCEPTOR " />
+    </sec:http>
+
+    <bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
+        <property name="authenticationManager" ref="authenticationManager"/>
+        <property name="accessDecisionManager" ref="accessDecisionManager"/>
+        <property name="securityMetadataSource">
+            <sec:filter-security-metadata-source>
+                <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_2"/>
+                <sec:intercept-url pattern="/secure/**" access="ROLE_1"/>
+            </sec:filter-security-metadata-source>
+        </property>
+        <property name="observeOncePerRequest" value="false" />
+    </bean>
+
+    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
+        <property name="allowIfAllAbstainDecisions" value="false"/>
+        <property name="decisionVoters">
+            <list>
+                <bean class="org.springframework.security.access.vote.RoleVoter"/>
+            </list>
+        </property>
+    </bean>
+
+    <sec:authentication-manager alias="authenticationManager">
+        <sec:authentication-provider>
+            <sec:user-service id="userService">
+                <sec:user name="notused" password="notused" authorities="ROLE_0,ROLE_1"/>
+            </sec:user-service>
+        </sec:authentication-provider>
+    </sec:authentication-manager>
+
+</beans>