geine/spring-security.xml

## spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:context="http://www.springframework.org/schema/context"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context.xsd">


    <http auto-config="true" use-expressions="true">

        <form-login login-processing-url="/login" login-page="/loginpage"
                    authentication-failure-url="/loginpage?error=t" default-target-url="/"/>

        <logout logout-url="/logout" logout-success-url="/loginpage" invalidate-session="true"/>

        <intercept-url pattern="/login" access="permitAll"/>
        <intercept-url pattern="/logout" access="permitAll"/>
        <intercept-url pattern="/loginpage" access="permitAll"/>
        <intercept-url pattern="/resources/**" access="permitAll"/>


        <intercept-url pattern="/denied" access="isFullyAuthenticated()"/>

        <intercept-url pattern="/**" access="isFullyAuthenticated()"/>

        <http-basic/>
        <access-denied-handler error-page="/denied"/>
    </http>

    <authentication-manager>
        <authentication-provider ref="daoAuthenticationProvider"/>
        <authentication-provider>
            <user-service>
                <user name="altaire" authorities="ROLE_ADMIN" password="123"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>
    <context:component-scan base-package="com.rscharitas.training.spring.web.jpa.hibernate.security"/>

    <beans:bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="passwordEncoder"/>
    <beans:bean class="org.springframework.security.authentication.dao.ReflectionSaltSource" id="saltSource">
        <beans:property name="userPropertyToUse" value="salt"/>
    </beans:bean>
    <beans:bean id="daoAuthenticationProvider"
                class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
        <beans:property name="userDetailsService" ref="securityService"/>
        <beans:property name="passwordEncoder" ref="passwordEncoder"/>
        <beans:property name="saltSource" ref="saltSource"/>
    </beans:bean>

</beans:beans>
	<?xml version="1.0" encoding="UTF-8"?>
	<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security.xsd
	http://www.springframework.org/schema/context
	http://www.springframework.org/schema/context/spring-context.xsd">


	<http auto-config="true" use-expressions="true">

	<form-login login-processing-url="/login" login-page="/loginpage"
	authentication-failure-url="/loginpage?error=t" default-target-url="/"/>

	<logout logout-url="/logout" logout-success-url="/loginpage" invalidate-session="true"/>

	<intercept-url pattern="/login" access="permitAll"/>
	<intercept-url pattern="/logout" access="permitAll"/>
	<intercept-url pattern="/loginpage" access="permitAll"/>
	<intercept-url pattern="/resources/**" access="permitAll"/>


	<intercept-url pattern="/denied" access="isFullyAuthenticated()"/>

	<intercept-url pattern="/**" access="isFullyAuthenticated()"/>

	<http-basic/>
	<access-denied-handler error-page="/denied"/>
	</http>

	<authentication-manager>
	<authentication-provider ref="daoAuthenticationProvider"/>
	<authentication-provider>
	<user-service>
	<user name="altaire" authorities="ROLE_ADMIN" password="123"/>
	</user-service>
	</authentication-provider>
	</authentication-manager>
	<context:component-scan base-package="com.rscharitas.training.spring.web.jpa.hibernate.security"/>

	<beans:bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="passwordEncoder"/>
	<beans:bean class="org.springframework.security.authentication.dao.ReflectionSaltSource" id="saltSource">
	<beans:property name="userPropertyToUse" value="salt"/>
	</beans:bean>
	<beans:bean id="daoAuthenticationProvider"
	class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
	<beans:property name="userDetailsService" ref="securityService"/>
	<beans:property name="passwordEncoder" ref="passwordEncoder"/>
	<beans:property name="saltSource" ref="saltSource"/>
	</beans:bean>

	</beans:beans>