- * In the default-configuration, the <code>X-Frame-Options: DENY</code> is
- * set for every response. This prevents the browser from showing our
- * response inside Facebook, becaus that is an iFrame and the header
- * forbidds to display our content in a frame.
+ * We inject our specialized implementation of the
+ * {@link AuthenticationEntryPoint}-interface.
+ * </li>
+ * <li>
+ * We configure the mechanism, that adds securtiy headers to the response,
+ * to disable the headers, that deny, to display our content insiede a frame,
+ * because otherwise, the browser would not render our content, when the
+ * app is displayed inside of Facebook through our canvas-page.
+ * </li>
+ * <li>
+ * Last but not least, we configure the pages, that should be accessible
+ * without authentication.