And 2 more posts similar to it. They were using backing beans to do authentication instead of relying on the filters. I couldn't get it to work despite attempting to duplicate it. It just appears to break all the other filters and render the whole web app unsecured.
If anyone has more experience with Acegi Security, I would really appreciate your help. Thanks for reading.