java-tutorials/spring-security-mvc-custom/src/main/resources/webSecurityConfig.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
	xsi:schemaLocation="
		http://www.springframework.org/schema/security 
        http://www.springframework.org/schema/security/spring-security-3.1.xsd
		http://www.springframework.org/schema/beans 
        http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">

	<http use-expressions="true" >
		<intercept-url pattern="/anonymous*" access="isAnonymous()" />
        <intercept-url pattern="/login*" access="permitAll" />
        <intercept-url pattern="/**" access="isAuthenticated()" />

		<form-login 
			login-page='/login.html' 
			login-processing-url="/perform_login" 
			default-target-url="/homepage.html"
			authentication-failure-url="/login.html?error=true" 
			always-use-default-target="true"/>
            
            <logout 
            	logout-url="/perform_logout"
                delete-cookies="JSESSIONID"
                success-handler-ref="customLogoutSuccessHandler" />
            
	</http>
    
    <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler" />

	<authentication-manager>
		<authentication-provider>
			<user-service>
				<user name="user1" password="user1Pass" authorities="ROLE_USER" />
				<user name="user2" password="user2Pass" authorities="ROLE_USER" />
			</user-service>
		</authentication-provider>
	</authentication-manager>

</beans:beans>
initial work on custom mvc project for spring security 2013-07-14 15:25:28 +03:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<beans:beans xmlns="http://www.springframework.org/schema/security"`
			`xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"`
			`xsi:schemaLocation="`
			`http://www.springframework.org/schema/security`
			`http://www.springframework.org/schema/security/spring-security-3.1.xsd`
			`http://www.springframework.org/schema/beans`
			`http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">`

			`<http use-expressions="true" >`
			`<intercept-url pattern="/anonymous*" access="isAnonymous()" />`
			`<intercept-url pattern="/login*" access="permitAll" />`
			`<intercept-url pattern="/**" access="isAuthenticated()" />`

			`<form-login`
			`login-page='/login.html'`
			`login-processing-url="/perform_login"`
			`default-target-url="/homepage.html"`
			`authentication-failure-url="/login.html?error=true"`
			`always-use-default-target="true"/>`

			`<logout`
			`logout-url="/perform_logout"`
			`delete-cookies="JSESSIONID"`
			`success-handler-ref="customLogoutSuccessHandler" />`

			`</http>`

			`<beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler" />`

			`<authentication-manager>`
			`<authentication-provider>`
			`<user-service>`
			`<user name="user1" password="user1Pass" authorities="ROLE_USER" />`
			`<user name="user2" password="user2Pass" authorities="ROLE_USER" />`
			`</user-service>`
			`</authentication-provider>`
			`</authentication-manager>`

			`</beans:beans>`