Default Filters will be executed which is predefined in DefaultHttpFirewalls as the following order shows.
1. ConcurrentSessionFilter: retrieves a session and checks if the session has been marked as expired.
2. SecurityContextPersistenceFilter: To resolve servlet container (specifically Weblogic) incompatibilities.
3. LogoutFilter: redirect URLs if logout required.
4. AuthenticationFilters
4.1 UsernamePasswordAuthenticationFilter: Processes an authentication form submission.
4.2 RemeberMeAuthenticationFilter: Detects if there is no Authentication in the SecurityContext, and populate a remember-me authentication token if a RememberMeServices implementation so requests.
4.3 DefaultLoginPageGenerateFilter: Generate a new login page if user doesn't configure.
5. RequestCacheAwareFilter: Reconstitute the saved request if one is cached and it matches the current request.
6. SecurityContextHolderAwareRequestFilter: Wrapper the http request which implements the servlet API security methods.
7. AnonymousAuthenticationFilter: Detect if there is no Authentication in the SecurityContextHolder and populates it with one if needed.
8. SessionManagementFilter: Detect if a user has been authenticated since the start of the request and perform any session-related activity. 9. ExceptionTranslationFilter: Provide the bridge between Java exceptions and HTTP responses.
10.User Buisness Controllers,which should implments org.springframework.web.servlet.mvc.Controlle