Spring Security XML example

spring-security.xml

<?xml version="1.0" encoding="utf-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
		http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security.xsd">

	<http pattern="/css/**" security="none"/>

	<http use-expressions="false">
		<intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="https"/>
		<intercept-url pattern="/**" access="ROLE_USER" requires-channel="any"/>

		<form-login login-page="/login.jsp"/>
		<logout logout-url="/logoutMe"/>

		<remember-me key="someRandomBunchOfChars" token-validity-seconds="#{60*60*24*30}"/>

		<port-mappings>
			<port-mapping http="9080" https="9443"/>
		</port-mappings>

		<session-management session-fixation-protection="migrateSession">
			<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/sessionExpired.html"/>
		</session-management>
	</http>

	<global-method-security secured-annotations="enabled"
	                        pre-post-annotations="enabled"/>

	<authentication-manager erase-credentials="true">
		<authentication-provider>
			<jdbc-user-service data-source-ref="dataSource"/>
			<password-encoder hash="bcrypt"/>
		</authentication-provider>
	</authentication-manager>

</beans:beans>