java-tutorials/handling-spring-static-resources/src/main/resources/webSecurityConfig.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:mvc="http://www.springframework.org/schema/mvc"
    xsi:schemaLocation="
		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
		http://www.springframework.org/schema/mvc 
        http://www.springframework.org/schema/mvc/spring-mvc-4.2.xsd"
>
    <http use-expressions="true">
        <intercept-url pattern="/login*" access="permitAll"/>
        <intercept-url pattern="/logout*" access="permitAll"/>
        <intercept-url pattern="/home*" access="permitAll"/>
        <intercept-url pattern="/files/**" access="permitAll"/>
        <intercept-url pattern="/resources/**" access="permitAll"/>
        <intercept-url pattern="/js/**" access="permitAll"/>
        <intercept-url pattern="/other-files/**" access="permitAll"/>
        <intercept-url pattern="/invalidSession*" access="isAnonymous()"/>
        <intercept-url pattern="/**" access="isAuthenticated()"/>

        <form-login login-page='/login.html' authentication-failure-url="/login.html?error=true" authentication-success-handler-ref="myAuthenticationSuccessHandler"
            default-target-url="home.html"/>
        <session-management invalid-session-url="/invalidSession.html" session-fixation-protection="none"/>
        <logout invalidate-session="false" logout-success-url="/logout.html?logSucc=true" delete-cookies="JSESSIONID"/>

    </http>

    <!-- for XML static resource confguration- comment out for java based config -->
    <!-- -<mvc:resources mapping="/resources/**" location="/resources/" /> -->

    <beans:bean id="myAuthenticationSuccessHandler" class="org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler"/>
    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="user1" password="user1Pass" authorities="ROLE_USER"/>
                <user name="admin1" password="admin1Pass" authorities="ROLE_ADMIN"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>
handling static resources 2014-10-16 20:53:24 -05:00			`<?xml version="1.0" encoding="UTF-8"?>`
formatting cleanup 2015-07-23 16:54:23 +03:00			`<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"`
			`xmlns:mvc="http://www.springframework.org/schema/mvc"`
			`xsi:schemaLocation="`
cleanup and upgrade 2016-01-09 13:01:30 +02:00			`http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd`
			`http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsd`
handling static resources 2014-10-16 20:53:24 -05:00			`http://www.springframework.org/schema/mvc`
cleanup and upgrade 2016-01-09 13:01:30 +02:00			`http://www.springframework.org/schema/mvc/spring-mvc-4.2.xsd"`
formatting cleanup 2015-07-23 16:54:23 +03:00			`>`
			`<http use-expressions="true">`
			`<intercept-url pattern="/login*" access="permitAll"/>`
			`<intercept-url pattern="/logout*" access="permitAll"/>`
			`<intercept-url pattern="/home*" access="permitAll"/>`
			`<intercept-url pattern="/files/**" access="permitAll"/>`
			`<intercept-url pattern="/resources/**" access="permitAll"/>`
			`<intercept-url pattern="/js/**" access="permitAll"/>`
			`<intercept-url pattern="/other-files/**" access="permitAll"/>`
			`<intercept-url pattern="/invalidSession*" access="isAnonymous()"/>`
			`<intercept-url pattern="/**" access="isAuthenticated()"/>`
handling static resources 2014-10-16 20:53:24 -05:00
formatting cleanup 2015-07-23 16:54:23 +03:00			`<form-login login-page='/login.html' authentication-failure-url="/login.html?error=true" authentication-success-handler-ref="myAuthenticationSuccessHandler"`
			`default-target-url="home.html"/>`
			`<session-management invalid-session-url="/invalidSession.html" session-fixation-protection="none"/>`
cleanup and upgrade 2016-01-09 13:01:30 +02:00			`<logout invalidate-session="false" logout-success-url="/logout.html?logSucc=true" delete-cookies="JSESSIONID"/>`
handling static resources 2014-10-16 20:53:24 -05:00
formatting cleanup 2015-07-23 16:54:23 +03:00			`</http>`
handling static resources 2014-10-16 20:53:24 -05:00
formatting cleanup 2015-07-23 16:54:23 +03:00			`<!-- for XML static resource confguration- comment out for java based config -->`
			`<!-- -<mvc:resources mapping="/resources/**" location="/resources/" /> -->`

			`<beans:bean id="myAuthenticationSuccessHandler" class="org.baeldung.security.MySimpleUrlAuthenticationSuccessHandler"/>`
			`<authentication-manager>`
			`<authentication-provider>`
			`<user-service>`
			`<user name="user1" password="user1Pass" authorities="ROLE_USER"/>`
			`<user name="admin1" password="admin1Pass" authorities="ROLE_ADMIN"/>`
			`</user-service>`
			`</authentication-provider>`
			`</authentication-manager>`
handling static resources 2014-10-16 20:53:24 -05:00			`</beans:beans>`