Now we can enable the web security by configuring the <http> element. The <http> element is the parent of all namespaces related to Web and can be configured as follows:
<http> <form-login /> <http-basic /> <logout /> </http>
The preceding configuration states the authentication mechanism to use the services handling logout. However, instead of using the preceding configuration, we can use the auto-config as short syntax, as shown here:
<http auto-config='true'> <intercept-url pattern="url_pattern_under_protecetd_access" access="role_who_can_access_url" /> </http>