Refined the url pattern for perform_login, remove permitAll (it's not needed, works either way)

spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java

@@ -39,7 +39,7 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         .anyRequest().authenticated()
         .and()
         //.requiresChannel()
-        //.antMatchers("/login*", "/perform_log*").requiresSecure()
+        //.antMatchers("/login*", "/perform_login").requiresSecure()
         //.anyRequest().requiresInsecure()
         //.and()
         //.sessionManagement()

spring-security-mvc-login/src/main/resources/webSecurityConfig.xml

@@ -14,7 +14,7 @@
         <!--
         <intercept-url pattern="/anonymous*" access="isAnonymous()" requires-channel="http"/>
         <intercept-url pattern="/login*" access="permitAll" requires-channel="https"/>
-        <intercept-url pattern="/perform_log*" access="permitAll" requires-channel="https"/>
+        <intercept-url pattern="/perform_login" requires-channel="https"/>
         <intercept-url pattern="/**" access="isAuthenticated()" requires-channel="http"/>
         -->