The login form is only shown if the access to a page is denied by the URL security, while this doesn't work if the content security filter is used.

GZipFilter does not send the response to the client if the HTTP error code is different from 200 (info.magnolia.module.cache.filter.GZipFilter:90) (seems to be related to http://jira.magnolia-cms.com/browse/MAGNOLIA-2178).
The problem is when you add a "deny access" permission on a content, the "ContentSecurityFilter clientCallback" login form can not be returned to the client, we only have a Tomcat 401 error page.

This is working well with URISecurityFilter because it is executed before the GZipFilter in the filter chain, so we can workaround the problem by adding a deny access to the content HTTP URI (but it is just a workaround).