<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http pattern="/css/**" security="none"/>
<http pattern="/js/**" security="none"/>
<http pattern="/fonts/**" security="none"/>
<http pattern="/images/**" security="none"/>
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login.htm*" access="permitAll"/>
<intercept-url pattern="/home.htm*" access="permitAll"/>
<intercept-url pattern="/unavailable.htm*" access="permitAll"/>
<intercept-url pattern="/error.htm*" access="permitAll" />
<intercept-url pattern="/register.htm*" access="isAnonymous()"/>
<intercept-url pattern="/user/**" access="isFullyAuthenticated()"/>
<intercept-url pattern="/admin/**" access="hasRole('SEC_ADMIN')"/>
<form-login login-page="/login.htm" default-target-url="/home.htm" authentication-failure-url="/loginfailed.htm"/>
<logout logout-url="/logout" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>
</beans:beans>