spring-context.xml sample

CustomAuthenticationProvider.java

@Component
public class CustomAuthenticationProvider implements AuthenticationProvider{
    
	@Autowired
	private UsuarioDAO usuarioDAO;
	
	@Override
	public boolean supports(Class<? extends Object> authentication) {
		return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
	}

	@Override
	public Authentication authenticate(Authentication authentication)throws AuthenticationException {
		UserDetails userDetails = usuarioDAO.loadUserByUsername(authentication.getName());
		if(userDetails != null) {
			List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(userDetails.getAuthorities());
			UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(userDetails.getUsername(), userDetails, authorities);
			SecurityContextHolder.getContext().setAuthentication(authenticationToken);
			return authenticationToken;
		}
		return authentication;
	}

}

lista.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="sec"
	uri="http://www.springframework.org/security/tags"%>
<%@taglib uri="http://www.springframework.org/tags" prefix="spring"%>

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Lista de Produtos</title>
</head>
<body>

	<span style="float: right"> <a href="?lang=pt">pt</a> | <a
		href="?lang=de">de</a>
	</span>

	<h1>
		<spring:message code="bla" />
	</h1>
	<p>Current Locale : ${pageContext.response.locale}</p>

	Status:
	<sec:authorize access="isFullyAuthenticated()">
	<p>Logged and remember</p>
	</sec:authorize>

	<sec:authorize access="isAuthenticated()">
	<p>remember</p>
	</sec:authorize>

	<sec:authorize access="hasRole('ROLE_ADMIN')">
		Este texto só será visto por ROLE_ADMIN.<br />
	</sec:authorize>
	<sec:authorize access="hasRole('ROLE_USER')">
		Este texto só será visto por ROLE_USER.<br />
	</sec:authorize>


	<c:forEach items="${produtoList}" var="produto">
		${produto.descricao} - ${produto.quantidade}<br />
	</c:forEach>
</body>
</html>

spring-context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc"
	xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
	xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="
		http://www.springframework.org/schema/beans	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
		http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
	    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
	    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
	    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

	<!-- enable autoscan of annotations -->
	<context:component-scan base-package="br.com.caelum.estoque" />
	<!-- enable scan of spring mvc -->
	<mvc:annotation-driven />

	<!-- jsp view resolver -->
	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="prefix" value="/WEB-INF/views/" />
		<property name="suffix" value=".jsp" />
	</bean>

	<!-- component scan that adds @Controller annotation to every class in the package -->
	<context:component-scan base-package="br.com.caelum.estoque" use-default-filters="false">
		<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
	</context:component-scan>

	<!-- Transaction bean-->
	<bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
		<property name="sessionFactory" ref="sessionFactory" />
	</bean>
	<!-- Enable transaction annotations-->
	<tx:annotation-driven />

	<!-- security configurations-->
	<security:authentication-manager>
		<!-- provider, can be more than one -->
		<security:authentication-provider user-service-ref="usuarioHibernateDAO" >
			<!-- password encoder for this peovider -->
			<security:password-encoder ref="passwordEncoder"/>
		</security:authentication-provider>
	</security:authentication-manager>
	<!-- password encoder bean -->
	<bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>

<!-- 	 in memory user list -->
<!-- 	 john's password is admin, while jane;s password is user  -->
<!--     <security:user-service id="userDetailsService"> -->
<!--         <security:user name="john" password="21232f297a57a5a743894a0e4a801fc3" authorities="ROLE_USER, ROLE_ADMIN" /> -->
<!--         <security:user name="jane" password="ee11cbb19052e40b07aac0ca060c23ee" authorities="ROLE_USER" /> -->
<!--     </security:user-service> -->

	<!-- security http config -->
	<security:http auto-config="true" use-expressions="true">
		
		<!-- urls to intercept -->
		<security:intercept-url pattern="/produtos/**" access="hasRole('ROLE_USER')" />
		
		<!-- login form configuration -->
		<security:form-login 
			login-page="/login-form" 
			always-use-default-target="true" 
			default-target-url="/produtos/listar"
			login-processing-url="/login" />

		<!-- enable remember me on login form -->
		<security:remember-me key="fj27-remember" token-validity-seconds="864000" />
		
		<!-- logout configuration -->
		<security:logout logout-url="/logout" logout-success-url="/login-form" />
	
	</security:http>

	<!-- Spring message bundle -->
	<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
		<!-- message file location and name -->
		<property name="basename" value="/WEB-INF/i18n/mensagens" />
		<!-- encoding of message file -->
		<property name="defaultEncoding" value="UTF-8" />
	</bean>

	<!-- based on a user cookie, changes the default language -->
	<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
		<property name="defaultLocale" value="pt" />
	</bean>	
	
	<!-- Spring-mvc interceptors (filters) -->
	<mvc:interceptors>
		<!-- change the locale based on a request parameter -->
		<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
			<property name="paramName" value="lang" />
		</bean>
	</mvc:interceptors>

	<!-- hibernate session configuration -->
	<bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean"
		destroy-method="destroy" primary="true">

		<property name="hibernateProperties">
			<props>
				<prop key="hibernate.connection.url">jdbc:mysql://localhost/fj27</prop>
				<prop key="hibernate.connection.driver_class">com.mysql.jdbc.Driver</prop>
				<prop key="hibernate.connection.username">root</prop>
				<prop key="hibernate.connection.password"></prop>
				<prop key="hibernate.dialect">org.hibernate.dialect.MySQL5InnoDBDialect</prop>
				<prop key="hibernate.show_sql">true</prop>
				<prop key="hibernate.format_sql">true</prop>
				<prop key="hibernate.hbm2ddl.auto">update</prop>
			</props>
		</property>
		<property name="annotatedClasses">
			<list>
				<value>br.com.caelum.estoque.model.Produto</value>
				<value>br.com.caelum.estoque.model.Movimentacao</value>
				<value>br.com.caelum.estoque.Grupo</value>
				<value>br.com.caelum.estoque.Usuario</value>
			</list>
		</property>
	</bean>

</beans>