security work

spring-security-login/pom.xml

@@ -22,6 +22,11 @@
 			<artifactId>spring-security-web</artifactId>
 			<version>${org.springframework.security.version}</version>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+			<version>${org.springframework.security.version}</version>
+		</dependency>
 
 		<!-- Spring -->
 

spring-security-login/src/main/java/org/baeldung/spring/web/config/SecSecurityConfig.java

@@ -0,0 +1,14 @@
+package org.baeldung.spring.web.config;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.ImportResource;
+
+@Configuration
+@ImportResource({ "classpath:webSecurityConfig.xml" })
+public class SecSecurityConfig {
+
+	public SecSecurityConfig() {
+		super();
+	}
+
+}

spring-security-login/src/main/resources/webSecurityConfig.xml

@@ -1,36 +1,27 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:beans="http://www.springframework.org/schema/beans"
+<beans:beans xmlns="http://www.springframework.org/schema/security"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
 	xsi:schemaLocation="
 		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd">
 
-	<http access-denied-page="/access-denied.html" use-expressions="true">
-		<intercept-url pattern="/access-denied*" access="hasAnyRole('ROLE_LOCATION_WRITE','ROLE_POLYGON_WRITE')" />
-		<intercept-url pattern="/admin/**" access="hasAnyRole('ROLE_ADMIN')" />
-		<intercept-url pattern="/organization/**" access="hasAnyRole('ROLE_ORGANIZATION')" />
-		<intercept-url pattern="/location/edit*" access="hasAnyRole('ROLE_LOCATION_WRITE')" />
-		<intercept-url pattern="/location/view*" access="permitAll" />
-
+	<http use-expressions="true">
 		<intercept-url pattern="/login*" access="isAnonymous()" />
-		<intercept-url pattern="/register*" access="isAnonymous()" />
-		<intercept-url pattern="/login-denied/**" access="isAnonymous()" />
+		<intercept-url pattern="/**" access="isAuthenticated()" />
 
-		<intercept-url pattern="/**" access="permitAll" />
+		<form-login login-page='/login.html' default-target-url="/"
+			authentication-failure-url="/login.html?error=true" />
 
-		<form-login login-page='/login.html' default-target-url="/" always-use-default-target="false" authentication-failure-url="/login.html?error=true" />
+		<logout logout-success-url="/login.html" />
 
-		<logout />
-
-		<anonymous />
-
-		<session-management invalid-session-url="/">
-			<concurrency-control max-sessions="1" />
-		</session-management>
 	</http>
 
-	<authentication-manager alias="authenticationManager" erase-credentials="false">
-		<authentication-provider ref="restAuthenticationProvider" />
+	<authentication-manager>
+		<authentication-provider>
+			<user-service>
+				<user name="user1" password="user1Pass" authorities="ROLE_USER" />
+			</user-service>
+		</authentication-provider>
 	</authentication-manager>
 
 </beans:beans>

spring-security-login/src/main/webapp/WEB-INF/web.xml

@@ -35,6 +35,16 @@
 		<url-pattern>/</url-pattern>
 	</servlet-mapping>
 
+	<!-- Spring Security -->
+	<filter>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>springSecurityFilterChain</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
 	<welcome-file-list>
 		<welcome-file>index.html</welcome-file>
 	</welcome-file-list>