LoginUrlStrategy is a good idea, but implementations are limited to evaluating the SecurityConfig. If implementations had access to the HttpServletRequest, a wider range of strategies could be implemented.

For this particular usecase (probably handled/addressed with Crowd) we need Jira/Confluence to allow logins via our institutions' single sign on (Siteminder) and the local Jira database. Allowing LoginUrlStrategy access to the HttpServletRequest gives us the ability to redirect users to the correct login/logout links, and allows access to two different login servlets (the SecurityFilter grants access to the login servlet if the requested URL matches the login url).

Patch attached, unit tests pass.