<filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
 
    <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    




<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:security="http://www.springframework.org/schema/security" 
 xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.2.xsd">
                        
    <security:http pattern="/resources/**"   security="none"  />
    <security:http pattern="/images/**"   security="none" />
    <security:http pattern="/font/**"    security="none" />
    <security:http pattern="/js/**"    security="none" />
    <security:http pattern="/css/**"    security="none" /> 
    <security:http pattern="/**.jsp"    security="none" />
    
    <security:http pattern="/**"  auto-config="true" use-expressions="true"
          authentication-manager-ref="userProvider"  >
          
        <security:form-login login-page="/login.do" 
          username-parameter="mbrId"  
          password-parameter="mbrPwd"
                authentication-failure-url="/login.do"
                login-processing-url="/loginProc.do" 
                default-target-url="/login.do" 
          always-use-default-target='true'          
          authentication-success-handler-ref="loginSuccessHandler"
       authentication-failure-handler-ref="loginFailureHandler"      
                       
        />
        
        <security:logout logout-url="/logout.do" delete-cookies="JSESSIONID"  success-handler-ref="logoutHandler" />        
        
        <security:session-management>
         <security:concurrency-control max-sessions="100" expired-url="/login_duplicate" error-if-maximum-exceeded="false"/>             
        </security:session-management>
        
        <security:access-denied-handler ref="accessDeniedHandler" />
    </security:http>
    
    <bean id="logoutHandler" class="com.cmmn.security.logoutHandler" />
    
    <bean id="accessDeniedHandler" class="com.cmmn.security.CustomAccessDeniedHandler">
     <property name="errorPage" value="/accessDenied"/>
    </bean>
    
    <bean id="loginSuccessHandler" class="com.cmmn.security.LoginSuccessHandler"/>
  <bean id="loginFailureHandler" class="com.cmmn.security.LoginFailureHandler"/>
  <bean id="adminLoginFailureHandler" class="com.cmmn.security.AdminLoginFailureHandler"/>
  <bean id="customAuthenticationProvider" class="com.cmmn.security.CustomAuthenticationProvider"/>
    <security:authentication-manager id="userProvider" alias="userProvider">     
     <security:authentication-provider ref="customAuthenticationProvider"/>          
    </security:authentication-manager>  
    
</beans>