ROLE_ , /**=httpSessionContextIntegrationFilter ,authenticationProcessingFilter ,basicProcessingFilter Unsupported auth-method in web.xml, must be FORM or BASIC ,rememberMeProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter ======================== AUTHENTICATION ======================= superuser=password, foobar anonymousUser,ROLE_ANONYMOUS foobar springRocks springRocks Your Realm Processing form login configuration Remember to switch your login form action from "j_security_check" to "j_acegi_security_check" /j_acegi_security_check false ======================== FILTER CHAIN ======================= if you wish to use channel security, add "channelProcessingFilter," in front of "httpSessionContextIntegrationFilter" in the list below CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT false An access decision voter that reads ROLE_* configuration settings Note the order that entries are placed against the objectDefinitionSource is critical. The FilterSecurityInterceptor will work from the top of the list down to the FIRST pattern that matches the request URL. Accordingly, you should place MOST SPECIFIC (ie a/b/c/d.*) expressions first, with LEAST SPECIFIC (ie a/.*) expressions last CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT = ROLE_ ,