<http access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/styles/**" filters="none" />
<intercept-url pattern="/images/**" filters="none" />
<intercept-url pattern="/scripts/**" filters="none" />
<intercept-url pattern="/index.jsp" filters="none" />
<intercept-url pattern="/login.jsp" filters="none" />
<intercept-url pattern="/accessDenied.jsp" filters="none" />
<intercept-url pattern="/role/**" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" />
<!-- default-target-url="/home/load" -->
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp?error=true"
default-target-url="/main.jsp"
always-use-default-target="true" />
<logout logout-success-url="/login.jsp" />
<http-basic />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="1" authorities="ROLE_ADMIN" />
<user name="a" password="1" authorities="ROLE_USER" />
<user name="b" password="2" authorities="ROLE_USER,ROLE_ADMIN" />
<user name="c" password="3" authorities="ROLE_GUEST" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>