@Override
  public void initializeFromConfig(SecurityNamedServiceConfig config) throws IOException {
    super.initializeFromConfig(config);

    pathInfos = GeoServerSecurityFilterChain.FORM_LOGIN_CHAIN.split(",");

    UsernamePasswordAuthenticationFilterConfig upConfig =
        (UsernamePasswordAuthenticationFilterConfig) config;

    aep = new LoginUrlAuthenticationEntryPoint(URL_LOGIN_FORM);
    aep.setForceHttps(false);
    try {
      aep.afterPropertiesSet();
    } catch (Exception e2) {
      throw new IOException(e2);
    }

    RememberMeServices rms = securityManager.getRememberMeService();

    // add login filter
    UsernamePasswordAuthenticationFilter filter =
        new UsernamePasswordAuthenticationFilter() {
          @Override
          protected boolean requiresAuthentication(
              HttpServletRequest request, HttpServletResponse response) {

            for (String pathInfo : pathInfos) {
              if (getRequestPath(request).startsWith(pathInfo)) return true;
            }
            return false;
          }
        };

    filter.setPasswordParameter(upConfig.getPasswordParameterName());
    filter.setUsernameParameter(upConfig.getUsernameParameterName());
    filter.setAuthenticationManager(getSecurityManager());

    filter.setRememberMeServices(rms);
    GeoServerWebAuthenticationDetailsSource s = new GeoServerWebAuthenticationDetailsSource();
    filter.setAuthenticationDetailsSource(s);

    filter.setAllowSessionCreation(false);
    // filter.setFilterProcessesUrl(URL_FOR_LOGIN);

    SimpleUrlAuthenticationSuccessHandler successHandler =
        new SimpleUrlAuthenticationSuccessHandler();
    successHandler.setDefaultTargetUrl(URL_LOGIN_SUCCCESS);
    filter.setAuthenticationSuccessHandler(successHandler);

    SimpleUrlAuthenticationFailureHandler failureHandler =
        new SimpleUrlAuthenticationFailureHandler();
    // TODO, check this when using encrypting of URL parameters
    failureHandler.setDefaultFailureUrl(URL_LOGIN_FAILURE);
    filter.setAuthenticationFailureHandler(failureHandler);

    // filter.afterPropertiesSet();
    getNestedFilters().add(filter);
  }
 @Override
 public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
     throws IOException, ServletException {
   req.setAttribute(GeoServerSecurityFilter.AUTHENTICATION_ENTRY_POINT_HEADER, aep);
   super.doFilter(req, res, chain);
 }