Currently I have the http's entry-point-ref pointing to a CAS entry point. I want add a separate login page which authenticates against a local db authentication provider. I want a separate login (spring/login) to auth against a separate provider and everything else (spring/**) to auth against CAS. The resources are shared, but I want the security context to be set differently depending on where they enter. Is there a way to do that? I'm using security 3.0. I would appreciate any ideas.