Now we can enable the web security by configuring the <http> element. The <http> element is the parent of all namespaces related to Web and can be configured as follows:

    <http> 
      <form-login /> 
      <http-basic /> 
      <logout /> 
    </http> 

The preceding configuration states the authentication mechanism to use the services handling logout. However, instead of using the preceding configuration, we can use the auto-config as short syntax, as shown here:

    <http auto-config='true'> 
      <intercept-url pattern="url_pattern_under_protecetd_access"  
        access="role_who_can_access_url" /> 
    </http>