We are developing "box" web-product, so I cannot foreseen the environment where application is deployed. This application uses spring-security. But it is appeared that if Tomcat placed application not at the root then following configuration fails:
<sec:http auto-config="true" >
....
<sec:form-login login-page="/ui/Login" />
Following recommendation: https://stackoverflow.com/a/6934712/149818 to use
#{servletContext.contextPath} doesn't work. User instead of http://foo/myApp/ui/Login is redirected to http://foo/ui/Login
So my question is
Great thanks to @Luke Taylor and @axtavt - my error is missing root '/' in the
<sec:http auto-config="true" use-expressions="true">
<sec:intercept-url pattern="/ui/Login"
access="IS_AUTHENTICATED_ANONYMOUSLY"/>
When '/' appears - #{servletContext.contextPath} starts work correctly.