Fixes to sample app context files

samples/contacts/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -18,7 +18,7 @@
         <expression-handler ref="expressionHandler"/>
     </global-method-security>
 
-    <http auto-config="true" realm="Contacts Realm">
+    <http realm="Contacts Realm">
         <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
         <intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
         <intercept-url pattern="/hello.htm" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
@@ -28,6 +28,7 @@
         <intercept-url pattern="/**" access="ROLE_USER"/>
 
         <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/>
+        <http-basic/>
         <logout logout-success-url="/index.jsp"/>
         <remember-me />
     </http>
@@ -49,10 +50,10 @@
     </b:bean>
 
     <b:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
-        <b:property name="permissionEvaluator">
-            <b:bean class="org.springframework.security.acls.AclPermissionEvaluator">
-                <b:constructor-arg ref="aclService"/>
-            </b:bean>
-        </b:property>
+        <b:property name="permissionEvaluator" ref="permissionEvaluator"/>
+    </b:bean>
+
+    <b:bean id="permissionEvaluator" class="org.springframework.security.acls.AclPermissionEvaluator">
+        <b:constructor-arg ref="aclService"/>
     </b:bean>
 </b:beans>

samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security.xml

@@ -12,13 +12,13 @@
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
 
-    <global-method-security prepost-annotations="enabled">
+    <global-method-security pre-post-annotations="enabled">
         <!-- AspectJ pointcut expression that locates our "post" method and applies security that way
         <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
         -->
     </global-method-security>
 
-    <http auto-config="true" use-expressions="true">
+    <http use-expressions="true">
         <intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')"/>
         <intercept-url pattern="/secure/**" access="isAuthenticated()" />
         <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
@@ -26,19 +26,13 @@
         <intercept-url pattern="/post.html" access="ROLE_TELLER" />
         -->
         <intercept-url pattern="/**" access="permitAll" />
+        <form-login />
+        <logout />
         <remember-me />
 <!--
     Uncomment to enable X509 client authentication support
         <x509 />
 -->
-
-<!-- All of this is unnecessary if auto-config="true"
-        <form-login />
-        <anonymous />
-        <http-basic />
-        <logout />
--->
-
         <!-- Uncomment to limit the number of sessions a user can have
         <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
         -->