diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/ChannelSecSecurityConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/ChannelSecSecurityConfig.java
new file mode 100644
index 0000000000..4f736360b9
--- /dev/null
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/ChannelSecSecurityConfig.java
@@ -0,0 +1,69 @@
+package org.baeldung.spring;
+
+import org.baeldung.security.CustomLogoutSuccessHandler;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
+@Configuration
+// @ImportResource({ "classpath:channelWebSecurityConfig.xml" })
+@EnableWebSecurity
+@Profile("https")
+public class ChannelSecSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    public ChannelSecSecurityConfig() {
+        super();
+    }
+
+    @Override
+    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+        // @formatter:off
+        auth.inMemoryAuthentication()
+        .withUser("user1").password("user1Pass").roles("USER")
+        .and()
+        .withUser("user2").password("user2Pass").roles("USER");
+        // @formatter:on
+    }
+
+    @Override
+    protected void configure(final HttpSecurity http) throws Exception {
+        // @formatter:off
+        http
+        .csrf().disable()
+        .authorizeRequests()
+        .antMatchers("/anonymous*").anonymous()
+        .antMatchers("/login*").permitAll()
+        .anyRequest().authenticated()
+        .and()
+        .requiresChannel()
+        .antMatchers("/login*", "/perform_login").requiresSecure()
+        .anyRequest().requiresInsecure()
+        .and()
+        .sessionManagement()
+        .sessionFixation()
+        .none()
+        .and()
+        .formLogin()
+        .loginPage("/login.html")
+        .loginProcessingUrl("/perform_login")
+        .defaultSuccessUrl("/homepage.html",true)
+        .failureUrl("/login.html?error=true")
+        .and()
+        .logout()
+        .logoutUrl("/perform_logout")
+        .deleteCookies("JSESSIONID")
+        .logoutSuccessHandler(logoutSuccessHandler());
+        // @formatter:on
+    }
+
+    @Bean
+    public LogoutSuccessHandler logoutSuccessHandler() {
+        return new CustomLogoutSuccessHandler();
+    }
+
+}
diff --git a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
index b4d0a6466b..654c934fac 100644
--- a/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
+++ b/spring-security-mvc-login/src/main/java/org/baeldung/spring/SecSecurityConfig.java
@@ -3,6 +3,7 @@ package org.baeldung.spring;
 import org.baeldung.security.CustomLogoutSuccessHandler;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -12,6 +13,7 @@ import org.springframework.security.web.authentication.logout.LogoutSuccessHandl
 @Configuration
 // @ImportResource({ "classpath:webSecurityConfig.xml" })
 @EnableWebSecurity
+@Profile("!https")
 public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
 
     public SecSecurityConfig() {
@@ -38,14 +40,6 @@ public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
         .antMatchers("/login*").permitAll()
         .anyRequest().authenticated()
         .and()
-        //.requiresChannel()
-        //.antMatchers("/login*", "/perform_login").requiresSecure()
-        //.anyRequest().requiresInsecure()
-        //.and()
-        //.sessionManagement()
-        //.sessionFixation()
-        //.none()
-        //.and()
         .formLogin()
         .loginPage("/login.html")
         .loginProcessingUrl("/perform_login")
diff --git a/spring-security-mvc-login/src/main/resources/channelWebSecurityConfig.xml b/spring-security-mvc-login/src/main/resources/channelWebSecurityConfig.xml
new file mode 100644
index 0000000000..de073b8aac
--- /dev/null
+++ b/spring-security-mvc-login/src/main/resources/channelWebSecurityConfig.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
+    xsi:schemaLocation="
+		http://www.springframework.org/schema/security 
+        http://www.springframework.org/schema/security/spring-security-4.0.xsd
+		http://www.springframework.org/schema/beans 
+        http://www.springframework.org/schema/beans/spring-beans-4.2.xsd"
+>
+
+    <http use-expressions="true">
+        <intercept-url pattern="/anonymous*" access="isAnonymous()"/>
+        <intercept-url pattern="/login*" access="permitAll" requires-channel="https"/>
+        <intercept-url pattern="/perform_login" requires-channel="https"/>
+        <intercept-url pattern="/**" access="isAuthenticated()" requires-channel="http"/>
+
+        <csrf disabled="true"/>
+
+        <form-login login-page='/login.html' login-processing-url="/perform_login" default-target-url="/homepage.html" authentication-failure-url="/login.html?error=true"
+            always-use-default-target="true"/>
+
+        <logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
+
+        <session-management session-fixation-protection="none"/>
+    </http>
+
+    <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>
+
+    <authentication-manager>
+        <authentication-provider>
+            <user-service>
+                <user name="user1" password="user1Pass" authorities="ROLE_USER"/>
+                <user name="user2" password="user2Pass" authorities="ROLE_USER"/>
+            </user-service>
+        </authentication-provider>
+    </authentication-manager>
+
+</beans:beans>
\ No newline at end of file
diff --git a/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml b/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
index 3bba50a87d..7a736d0024 100644
--- a/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
+++ b/spring-security-mvc-login/src/main/resources/webSecurityConfig.xml
@@ -11,12 +11,6 @@
         <intercept-url pattern="/anonymous*" access="isAnonymous()"/>
         <intercept-url pattern="/login*" access="permitAll"/>
         <intercept-url pattern="/**" access="isAuthenticated()"/>
-        <!--
-        <intercept-url pattern="/anonymous*" access="isAnonymous()"/>
-        <intercept-url pattern="/login*" access="permitAll" requires-channel="https"/>
-        <intercept-url pattern="/perform_login" requires-channel="https"/>
-        <intercept-url pattern="/**" access="isAuthenticated()" requires-channel="http"/>
-        -->
 
         <csrf disabled="true"/>
 
@@ -24,10 +18,6 @@
             always-use-default-target="true"/>
 
         <logout logout-url="/perform_logout" delete-cookies="JSESSIONID" success-handler-ref="customLogoutSuccessHandler"/>
-
-        <!--
-        <session-management session-fixation-protection="none"/>
-        -->
     </http>
 
     <beans:bean name="customLogoutSuccessHandler" class="org.baeldung.security.CustomLogoutSuccessHandler"/>