spring security basic configuration

security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd ">

	<global-method-security pre-post-annotations="enabled" />

	<http>
		<intercept-url pattern="/**" access="ROLE_USER" requires-channel="https"/>
		<http-basic />
		<logout invalidate-session="true"/>
	</http>

	<authentication-manager>
		<authentication-provider>
			<user-service>
				<user name="admin" password="admin" authorities="ROLE_USER" />
			</user-service>
		</authentication-provider>
	</authentication-manager>

</beans:beans>

web.xml

<context-param>
	<param-name>contextConfigLocation</param-name>
	<param-value>classpath:context.xml classpath:security.xml</param-value>
</context-param>


<listener>
   	<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>