Add (commented out) config for Spring Channel Security

spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java

@@ -38,6 +38,14 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         .antMatchers("/login*").permitAll()
         .anyRequest().authenticated()
         .and()
+        //.requiresChannel()
+        //.antMatchers("/login*", "/perform_log*").requiresSecure()
+        //.anyRequest().requiresInsecure()
+        //.and()
+        //.sessionManagement()
+        //.sessionFixation()
+        //.none()
+        //.and()
         .formLogin()
         .loginPage("/login.html")
         .loginProcessingUrl("/perform_login")

spring-security-mvc-login/src/main/resources/webSecurityConfig.xml

@@ -11,6 +11,12 @@
         <intercept-url pattern="/anonymous*" access="isAnonymous()"/>
         <intercept-url pattern="/login*" access="permitAll"/>
         <intercept-url pattern="/**" access="isAuthenticated()"/>
+        <!--
+        <intercept-url pattern="/anonymous*" access="isAnonymous()" requires-channel="http"/>
+        <intercept-url pattern="/login*" access="permitAll" requires-channel="https"/>
+        <intercept-url pattern="/perform_log*" access="permitAll" requires-channel="https"/>
+        <intercept-url pattern="/**" access="isAuthenticated()" requires-channel="http"/>
+        -->
 
         <csrf disabled="true"/>
         
@@ -19,6 +25,9 @@
 
         <logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
 
+        <!--
+        <session-management session-fixation-protection="none"/>
+        -->
     </http>
 
     <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>