* web.xml
{{{
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<display-name>springweb</display-name>
	<servlet>
		<servlet-name>dispatcher</servlet-name>
		<servlet-class>
			org.springframework.web.servlet.DispatcherServlet
		</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>

	<listener>
		<listener-class>
			org.springframework.web.context.ContextLoaderListener
		</listener-class>
	</listener>

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>/WEB-INF/dispatcher-servlet.xml</param-value>
	</context-param>

	<servlet-mapping>
		<servlet-name>dispatcher</servlet-name>
		<url-pattern>*.htm</url-pattern>
	</servlet-mapping>
	
	<filter>
		<filter-name>Acegi Filter Chain Proxy</filter-name>
		<filter-class>
			org.acegisecurity.util.FilterToBeanProxy
		</filter-class>
		<init-param>
			<param-name>targetBean</param-name>
			<param-value>filterChainProxy</param-value>
		</init-param>
	</filter>

	<filter-mapping>
		<filter-name>Acegi Filter Chain Proxy</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<welcome-file-list>
		<welcome-file>redirect.jsp</welcome-file>
	</welcome-file-list>
	
	<taglib>
		<taglib-uri>http://java.sun.com/jstl/fmt</taglib-uri>
		<taglib-location>/WEB-INF/tlds/fmt.tld</taglib-location>
	</taglib>
	<taglib>
		<taglib-uri>http://java.sun.com/jstl/fmt-rt</taglib-uri>
		<taglib-location>/WEB-INF/tlds/fmt-rt.tld</taglib-location>
	</taglib>
	<taglib>
		<taglib-uri>http://java.sun.com/jstl/core</taglib-uri>
		<taglib-location>/WEB-INF/tlds/c.tld</taglib-location>
	</taglib>
	<taglib>
		<taglib-uri>http://java.sun.com/jstl/core-rt</taglib-uri>
		<taglib-location>/WEB-INF/tlds/c-rt.tld</taglib-location>
	</taglib>
	<taglib>
		<taglib-uri>http://java.sun.com/jstl/sql</taglib-uri>
		<taglib-location>/WEB-INF/tlds/sql.tld</taglib-location>
	</taglib>
	<taglib>
		<taglib-uri>http://java.sun.com/jstl/sql-rt</taglib-uri>
		<taglib-location>/WEB-INF/tlds/sql-rt.tld</taglib-location>
	</taglib>
	<taglib>
		<taglib-uri>http://java.sun.com/jstl/x</taglib-uri>
		<taglib-location>/WEB-INF/tlds/x.tld</taglib-location>
	</taglib>
	<taglib>
		<taglib-uri>http://java.sun.com/jstl/x-rt</taglib-uri>
		<taglib-location>/WEB-INF/tlds/x-rt.tld</taglib-location>
	</taglib>
	<taglib>
		<taglib-uri>http://java.sun.com/jstl/fn</taglib-uri>
		<taglib-location>/WEB-INF/tlds/fn.tld</taglib-location>
	</taglib>
	<taglib>
		<taglib-uri>http://www.springframework.org/spring</taglib-uri>
		<taglib-location>/WEB-INF/tlds/spring.tld</taglib-location>
	</taglib>
	
</web-app>

}}}

* dispatcher-servlet.xml
{{{
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>

	<!-- Controller definitions -->
	<bean id="indexController"
		class="springweb.controller.IndexController">
		<property name="greeting">
			<value>Welcome to the Demo App!!</value>
		</property>
	</bean>
	<bean id="logoutController"
		class="springweb.controller.LogoutController" />
	<bean id="initParamSubmitController"
		class="springweb.controller.InitParamSubmitController" />
	<bean id="paramSubmitController"
		class="springweb.controller.ParamSubmitController">
		<property name="sessionForm">
			<value>false</value>
		</property>
		<property name="commandName">
			<value>simplePersonForm</value>
		</property>
		<property name="commandClass">
			<value>springweb.form.SimplePersonForm</value>
		</property>
		<property name="validator">
			<bean
				class="springweb.form.validator.SimplePersonFormValidator" />
		</property>
		<property name="formView">
			<value>initparamsubmit</value>
		</property>
		<property name="successView">
			<value>/secure/app/paramsubmit.htm</value>
		</property>
	</bean>
	<bean id="initAdminController"
		class="springweb.controller.InitAdminController" />


	<!-- URL Mapping definition -->
	<bean id="simpleUrlMapping"
		class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
		<property name="mappings">
			<props>
				<prop key="/index.htm">indexController</prop>
				<prop key="/logout.htm">logoutController</prop>
				<prop key="/secure/app/initparamsubmit.htm">
					initParamSubmitController
				</prop>
				<prop key="/secure/app/paramsubmit.htm">
					paramSubmitController
				</prop>
				<prop key="/secure/admin/initadmin.htm">
					initAdminController
				</prop>
			</props>
		</property>
	</bean>

	<!-- View Resolver definition -->
	<bean id="xmlViewResolver"
		class="org.springframework.web.servlet.view.XmlViewResolver">
		<property name="location">
			<value>/WEB-INF/springweb-views.xml</value>
		</property>
	</bean>

	<!-- ****** START ACEGI Security Configuration *******-->
	<!-- ======================== FILTER CHAIN ======================= -->

	<!--  if you wish to use channel security, add "channelProcessingFilter," in front
		of "httpSessionContextIntegrationFilter" in the list below -->
	<bean id="filterChainProxy"
		class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=httpSessionContextIntegrationFilter,formAuthenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
			</value>
		</property>
	</bean>

	<!-- Start Security filter config -->
	<bean id="exceptionTranslationFilter"
		class="org.acegisecurity.ui.ExceptionTranslationFilter">
		<property name="authenticationEntryPoint">
			<ref bean="formLoginAuthenticationEntryPoint" />
		</property>
	</bean>

	<!-- Define filter to handle BASIC authentication -->
	<bean id="basicProcessingFilter"
		class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
		<property name="authenticationManager">
			<ref bean="authenticationManager" />
		</property>
		<property name="authenticationEntryPoint">
			<ref bean="authenticationEntryPoint" />
		</property>
	</bean>

	<!-- Define realm for BASIC login-->
	<bean id="authenticationEntryPoint"
		class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
		<property name="realmName">
			<value>Spring Web Realm</value>
		</property>
	</bean>

	<!-- Define filter to handle FORM authentication -->
	<bean id="formAuthenticationProcessingFilter"
		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
		<property name="filterProcessesUrl">
			<value>/j_acegi_security_check</value>
		</property>
		<property name="authenticationFailureUrl">
			<value>/loginFailed.html</value>
		</property>
		<property name="defaultTargetUrl">
			<value>/</value>
		</property>
		<property name="authenticationManager">
			<ref bean="authenticationManager" />
		</property>
	</bean>

	<!-- Define realm for FORM login-->
	<bean id="formLoginAuthenticationEntryPoint"
		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<property name="loginFormUrl">
			<value>/login.jsp</value>
		</property>
		<property name="forceHttps">
			<value>false</value>
		</property>
	</bean>

	<bean id="httpSessionContextIntegrationFilter"
		class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
	</bean>
	<!-- End Security filter config -->

	<!-- Start Security interceptor config -->
	<!-- Define authentication manager, decision manager and secure URL patterns -->
	<bean id="filterSecurityInterceptor"
		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager">
			<ref bean="authenticationManager" />
		</property>
		<property name="accessDecisionManager">
			<ref bean="accessDecisionManager" />
		</property>
		<property name="objectDefinitionSource">
			<value>
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT 
				/secure/admin/*=ROLE_ADMIN
				/secure/app/*=ROLE_USER
			</value>
		</property>
	</bean>
	<!-- End Security interceptor config -->

	<!-- Start authentication config -->
	<bean id="authenticationManager"
		class="org.acegisecurity.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref bean="daoAuthenticationProvider" />
			</list>
		</property>
	</bean>

	<bean id="daoAuthenticationProvider"
		class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
		<property name="userDetailsService">
			<ref bean="userDetailsService" />
		</property>
	</bean>

	<!-- Authentication using In-memory Dao -->
	<bean id="userDetailsService"
		class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
		<property name="userMap">
			<value>
				jklaassen=4moreyears,ROLE_ADMIN
				bouerj=ineedsleep,ROLE_USER
			</value>
		</property>
	</bean>
		
	<!-- Authentication using JDBC Dao -->
	<!-- <bean id="userDetailsService"
		class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
		<property name="dataSource">
		<ref bean="dataSource"/>
		</property>
		</bean>
	 -->
		<!-- End authentication config -->

	<!-- Start authorization config -->
	<bean id="accessDecisionManager"
		class="org.acegisecurity.vote.UnanimousBased">
		<property name="decisionVoters">
			<list>
				<ref bean="roleVoter" />
			</list>
		</property>
	</bean>

	<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
		<property name="rolePrefix">
			<value>ROLE_</value>
		</property>
	</bean>
	<!-- End authorization config -->

	<!-- ****** END ACEGI Security Configuration *******-->

	<!-- DataSource definition -->
	<bean id="dataSource"
		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
		<property name="driverClassName">
			<value>com.mysql.jdbc.Driver</value>
		</property>
		<property name="url">
			<value>jdbc:mysql://localhost:3306/springweb_auth_db</value>
		</property>
		<property name="username">
			<value>j2ee</value>
		</property>
		<property name="password">
			<value>password</value>
		</property>
	</bean>
</beans>

}}}