I would like the security namespace to be able to specify lists of <url-interceptor> elements separately from the <http> element, and then wire them into the active <http> element depending some configuration property.
This is illustrative of the kind of thing I would like to be able to do:
<sec:intercept-url pattern="/images/*" filters="none" />
<sec:intercept-url pattern="/*.gif" filters="none" />
... and in a different file ...
<sec:intercept-url pattern="/annotea/admin/*" access="ROLE_ADMIN" />
<sec:include-intercept-url-list ref="some-other-id" />
... and in a Java properties file
Ideally, intercept url lists would be configurable to the same extent that regular spring beans are configurable; e.g. using <bean:import>, <bean:alias>, the new Spring EL, PropertyPlaceholderConfigurer and so on. But I'd be happy with anything that allows me to factor out the interceptor lists and compose them under the control of the System properties.