- <http auto-config="true">
- <intercept-url pattern="/home/*" access="ROLE_USER" />
- <form-login login-page="/login" default-target-url="/welcome"
- authentication-failure-url="/loginfailed" />
+ <http auto-config="true" use-expressions="true" access-denied-page="/denied">
+ <intercept-url pattern="/stat/**" access="hasRole('ROLE_USER')" />
+ <intercept-url pattern="/sequence/**" access="hasRole('ROLE_USER')" />
+ <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
+ <intercept-url pattern="/database/**" access="hasRole('ROLE_ADMIN')" />
+ <intercept-url pattern="/public*" access="permitAll"/>
+ <intercept-url pattern="/login*" access="permitAll"/>
+ <intercept-url pattern="/index*" access="permitAll"/>
+ <intercept-url pattern="/register*" access="permitAll"/>
+ <form-login
+ login-page="/login"
+ default-target-url="/home"
+ authentication-failure-url="/loginfailed"
+ />