<http auto-config="boolean"
create-session="ifRequired|always|never"
path-type="ant|regex"
lowercase-comparisons="boolean"
access-decision-manager-ref="string"
realm="Spring Security Application"
session-fixation-protection="none|newSession|migrateSession"
entry-point-ref="string"
once-per-request="boolean"
access-denied-page="string">
<intercept-url pattern="string"
access="string"
method="GET|DELETE|HEAD|OPTIONS|POST|PUT|TRACE"
filters="none"
requires-channel="http|https|any"/>
<form-login login-processing-url="string"
default-target-url="string"
always-use-default-target="boolean"
login-page="string"
authentication-failure-url="string"/>
<openid-login login-processing-url="string"
default-target-url="string"
always-use-default-target="boolean"
login-page="string"
authentication-failure-url="string"
user-service-ref="string"/>
<x509 subject-principal-regex="string"
user-service-ref="string"/>
<http-basic/>
<logout logout-url=""
logout-success-url=""
invalidate-session="boolean"/>
<concurrent-session-control max-sessions="positiveInteger"
expired-url="string"
exception-if-maximum-exceeded="boolean"
session-registry-alias="string"
session-registry-ref="string"/>
<remember-me key="string"
token-repository-ref="string"
remember-me-data-source-ref="string"
remember-me-services-ref="string"
user-service-ref="string"
token-validity-seconds="positiveInteger"/>
<anonymous key="string"
username="string"
granted-authority="string"/>
<port-mappings>
<port-mapping http="" https=""/>
</port-mappings>
</http>