How can I secure /** ? Need to solve circular redirects

I'm using spring-security 3.0.5 for my web application.

I want to make sure that all application access is challenged with authentication. So I'm placing all urls behind authentication /**.

Of course, the only url that should not require authentication is /login, since it will present the login form to the user.

Currently, my configu开发者_运维百科ration file for spring-security makes a cycle of redirects:

/ -> /login --+
              |
        ^.....+

Question: how can I change my spring security configuration to allow /login, but challenge /** ?

This is a snippet of my spring security configuration file:

<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">
    <form-login login-processing-url="/j_spring_security_check"
                login-page="/login"
                authentication-failure-url="/login?login_error=t"/>
    <logout logout-url="/j_spring_security_logout"/>
    <intercept-url pattern="/login*" access="permitAll" />
    <intercept-url pattern="/**" access="isAuthenticated()" />
</http>