Develop Reference

Spring Security for Static Web Project

I am having issues implementing spring security for static web project.
my web.xml
<?xml version="1.0"?>
<web-app xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/j2ee" version="2.4" id="WebApp_ID">
<display-name>Spring Security Application</display-name>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value> /WEB-INF/spring-security.xml </param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
and my spring-security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/security/html/folder1/**" access="isAnonymous()" />
<security:intercept-url pattern="/security/html/folder2/**" access="isAuthenticated()" />
<security:intercept-url pattern="/security/html/folder3/**" access="hasRole('ROLE_MANAGER')" />
<security:intercept-url pattern="/security/html/folder4/**" access="hasRole('ROLE_ADMIN','ROLE_USER','ROLE_MANAGER')" />
<security:form-login password-parameter="password" username-parameter="username" authentication-failure-url="/login?error" login-page="/login" />
<security:logout logout-success-url="/login?logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user1" password="password" authorities="ROLE_USER, ROLE_ADMIN" />
<security:user name="user2" password="password" authorities="ROLE_USER" />
<security:user name="user3" password="password" authorities="ROLE_MANAGER" />
<security:user name="user4" password="password" authorities="ROLE_ADMIN" />
<security:user name="user5" password="password" authorities="ROLE_USER, ROLE_MANAGER" />
<security:user name="user6" password="password" authorities="ROLE_ADMIN, ROLE_MANAGER" />
<security:user name="user7" password="password" authorities="ROLE_ADMIN, ROLE_USER, ROLE_MANAGER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
My folder structure are
src/main/webapp/WEB-INF/web.xml
src/main/webapp/WEB-INF/spring-security.xml
src/main/webapp/WEB-INF/html/folder1/*.html
src/main/webapp/WEB-INF/html/folder2/*.html
src/main/webapp/WEB-INF/html/folder3/*.html
src/main/webapp/WEB-INF/html/folder4/*.html
I do not have any welcome page or any other java files in my project. I need this to deployed in Tomcat server.
Can any one help me out if I am missing anything in config files

I found the answer for my question.
Two mistakes.
I had to remove /security from intercept-url as security is my context root
Move html folder out of WEB-INF

spring mvc 3 (3.2.5) + tiles 3 error 404 not resource found

when i load my app i get only 404 resource not found error.. no logs on tomcat at all..
here you can see my project configuration:
this is my web.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Spring Web MVC Application</display-name>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/pages/*</url-pattern>
<!--url-pattern>*.jsp</url-pattern-->
</servlet-mapping>
<urlrewrite default-match-type="wildcard">
<rule>
<from>/</from>
<to>/pages/</to>
</rule>
<rule>
<from>/**</from>
<to>/pages/$1</to>
</rule>
<outbound-rule>
<from>/pages/**</from>
<to>/$1</to>
</outbound-rule>
</urlrewrite>
<filter>
<filter-name>urlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>urlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml,
/WEB-INF/spring-database.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
tiles.xml file
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE tiles-definitions PUBLIC
"-//Apache Software Foundation//DTD Tiles Configuration 2.0//EN"
"http://tiles.apache.org/dtds/tiles-config_2_0.dtd">
<tiles-definitions>
<definition name="base.definition"
template="/WEB-INF/pages/layout.jsp">
<put-attribute name="title" value="" />
<put-attribute name="header" value="/WEB-INF/pages/header.jsp" />
<put-attribute name="menu" value="/WEB-INF/pages/menu.jsp" />
<put-attribute name="body" value="" />
<put-attribute name="footer" value="/WEB-INF/pages/footer.jsp" />
</definition>
<definition name="contact" extends="base.definition">
<put-attribute name="title" value="Contact Manager" />
<put-attribute name="body" value="/WEB-INF/pages/prueba2.jsp" />
</definition>
</tiles-definitions>
mvc-dispatcher-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<context:component-scan base-package="com.mkyong.common.controller" />
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>mymessages</value>
</list>
</property>
</bean>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass">
<value>
org.springframework.web.servlet.view.tiles3.TilesView
</value>
</property>
</bean>
<bean id="tilesConfigurer"
class="org.springframework.web.servlet.view.tiles3.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/tiles.xml</value>
</list>
</property>
</bean>
<mvc:annotation-driven />
<mvc:resources mapping="/resources/**" location="/resources/" />
<context:annotation-config />
</beans>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<!--import resource="../database/spring-database.xml"/-->
<http auto-config="true" access-denied-page="/accessDenied">
<intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/*" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/prueba2"
authentication-failure-url="/loginfailed.jsp"/>
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
select username,password, enabled
from users where USERNAME=?"
authorities-by-username-query="
select u.username, ur.authority from users u, user_roles ur
where u.user_id = ur.user_id and u.username =? "
/>
</authentication-provider>
</authentication-manager>
</beans:beans>
this is my controller:
#Controller
#RequestMapping("/prueba2")
public class controller2 extends AbstractController {
Stock stock=new Stock();
List stockList=new ArrayList<Stock>();
ApplicationContext appContext = new ClassPathXmlApplicationContext("spring/config/BeanLocations.xml");
StockBo stockBo = (StockBo)appContext.getBean("stockBo");
/*#RequestMapping(method = RequestMethod.GET)
public Stock returnCustomer(ModelMap model) {
stock=stockBo.findByStockCode("7668");
model.addAttribute("miStock", stock);
return stock;
}*/
protected ModelAndView handleRequestInternal (HttpServletRequest req, HttpServletResponse res) throws Exception{
User user = (User) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
String name = user.getUsername();
Map<String, Object> model = new HashMap<String, Object>();
stockList=stockBo.findAll();
stock=stockBo.findByStockCode("7668");
model.put("listaStock",stockList);
model.put("miStock", stock);
model.put("nombreUsuario", name);
System.out.println("lista objetos--->" + stockList.toString());
return new ModelAndView( "prueba2", "model", model );
}
public StockBo getStockBo() {
return stockBo;
}
public void setStockBo(StockBo stockBo) {
this.stockBo = stockBo;
}
}

I don't know the answer to your question directly, but here's how I'd approach it:
First, if I understand your problem correctly, you're expecting that going to the url http://localhost:8080/SpringExample will redirect you to the login page, but that's not happening (you're seeing a 404). I assume that you've checked that your application is actually deployed to the SpringExample context.
You've several things that could influence how URLs are interpreted and redirected. First, you've got Spring, which maps any request starting with /pages/ to the Spring dispatcher. Next, you've got some URL rewriting, which because it's done in a filter, should happen ahead of the spring dispatcher servlet. You've also got a listener that loads all of the spring context configs. Third, you've got Spring Security which is implemented in a filter. Lastly, you've got the tiles configuration, which could in theory also cause a 404 error if a resource isn't found, though it looks like yours is ok.
This is pretty complex, and if things don't happen in the correct order, you'll have a problem. What I would do is strip out each of these components, and then start adding them back in one by one. First, take everything out except the welcome-file configuration and see if you can get to /index.jsp by going to your url. Then add Spring back in and see if you can still get to it. Then add in URL redirection, then security, then tiles. This will help you to narrow down your problem.

<bean id="viewResolver" class="org.springframework.web.servlet.view.tiles3.TilesViewResolver"/>
<bean id="tilesConfigurer"
class="org.springframework.web.servlet.view.tiles3.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/tiles.xml</value>
</list>
</property>
</bean>
Try to write the code =>

No need to write this code tiles integration is enough
/WEB-INF/pages/
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>

Securing GWT servlets with Spring Security

I'm writing a GWT application secured with Spring security. Logging in works fine, but authorization doesn't.
I've tried using #Secured and #PreAuthorize annotations on my methods and that didn't work either.
For instance, this is a code snippet from AppUserServiceImpl
#Secured("ROLE_ADMINISTRATOR")
#Override
public List<AppUser> fetch(Integer startRow, Integer endRow, Map criteria) {
return appUserManagerBean.getUsers(criteria);
}
ApplicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true">
<intercept-url pattern="/testapplication/**" access="ROLE_USER"/>
<intercept-url pattern="/gwt/**" access="ROLE_USER"/>
<intercept-url pattern="/**/*.html" access="ROLE_USER"/>
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/security/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/testapplication/appUserService*" access="ROLE_ADMIN"/>
<form-login
login-page="/login.jsp"
authentication-failure-url="/security/error.html"
login-processing-url="/j_spring_security_check"
/>
</http>
<beans:bean id="appUserService" class="com.test.testapplication.server.admin.appuser.AppUserServiceImpl"/>
<beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
[DATASOURCE CONFIGURATION]
</beans:bean>
<global-method-security pre-post-annotations="enabled" secured-annotations="enabled" />
<authentication-manager>
<authentication-provider>
<password-encoder hash="sha" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password,DECODE(enabled,'Y',1,'N',0) as enabled from APP_USER where username=?"
authorities-by-username-query="select u.username, ur.role from APP_USER u, APP_USER_ROLE ur
where u.id = ur.APP_USER_ID and u.username =? "
/>
</authentication-provider>
</authentication-manager>
To test, I'm trying to secure 'appUserService'.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
</param-value>
</context-param>
<servlet>
<servlet-name>appUserService</servlet-name>
<servlet-class>com.test.testapplication.server.admin.appuser.AppUserServiceImpl</servlet-class>
</servlet>
<!-- Spring security filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring listener -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Default page to serve -->
<welcome-file-list>
<welcome-file>testapplication.html</welcome-file>
</welcome-file-list>
I'm looking for the simplest solution and I would prefer not to use AspectJ, help would be greatly appreciated

Where are you mapping your servlet to particular path?
I'm using gwt-sl for integration of RemoteServiceServlets and Spring.
Define Dispatcher servlet in your web.xml:
<servlet>
<servlet-name>gwtservice</servlet-name>
<servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
And declaration and mapping for your gwt-servlet:
<bean name="DeviceListenerServlet" class="your.package.your.SomeService"/>
<bean id="urlMappingGWT" class="org.gwtwidgets.server.spring.GWTHandler">
<property name="mappings">
<map>
<entry key="/service" value-ref="DriverServiceImpl"/>
</map>
</property>
</bean>
And change Annotation in your RemoteService class (in my example it will be #RemoteServiceRelativePath("gwtservice/service")).
Now you can use you #Secured annotation (if you added )
Hope this help.

maven and spring mvc is not working?

I'm trying to build an application using Spring MVC and Maven 3.0 within Eclipse using the webapp. I'm not able to get to the initial page, or navigate to any other pages from there w/out getting a 404 error. Please let me know if there's something I'm missing. Thanks!
mvc-dispatcher.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<context:component-scan base-package="se.guards.controller" />
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
<context:annotation-config />
<!-- show pictures -->
<mvc:default-servlet-handler />
<!-- also add the following beans to get rid of some exceptions -->
<bean
class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" />
<bean
class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
</bean>
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>mymessages</value>
</list>
</property>
</bean>
web.xml
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Spring MVC Application</display-name>
<!-- Spring MVC -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.js.resource.ResourceServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-database.xml,
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
database.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/test" />
<property name="username" value="root" />
<property name="password" value="password" />
</bean>
userController.java
package se.guards.controller;
import java.util.ArrayList;
import java.util.Collection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import se.datalayer.guards.service.UserService;
import se.guard.User;
#Controller
#RequestMapping(value="/")
public class UserController
{
#SuppressWarnings("unused")
#Autowired
private UserService userService;
#RequestMapping(value = "/", method = RequestMethod.GET)
public String findAllUsers(Model model){
Collection<User> userList= new ArrayList<User>();
model.addAttribute("users", userList);
return "showallusers";
}
}
showallusers.jsp
<%# page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%# taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt"%>
<%# taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4 /loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>found users</title>
</head>
<body>
<table>
<c:forEach var="allusers" items="${users}">
<tr>
<td>${allusers.firstname}</td>
<td>${allusers.lastname}</td>
</tr>
</c:forEach>
</table>
</body>
</html>
Answer to the questions:
This is the code I'm using.
The #Controller annotation must be there.
As I said before I get :
HTTP Status 404 - /guard_weblayer/ type Status report message /guard_weblayer/
description The requested resource (/guard_weblayer/) is not available.
Apache Tomcat/7.0.25
I use a restfule design, a domainlayer, datalayer and weblayer. Can it effecting the weblayer?

You might want to start over and use an example from springbyexample. It contains everything you need in a understandable fashion (and its in maven as well.)
Most likely that's easier than debugging the current code.

Problem trying to use spring security with my jsp aplication

It's seems so easy to use spring security following a tutorial, but when I try to do the same with this app I can get it to work (I must admit that I haven't written ) .
/-----------------Edit-------------------/
Now with the help of some great people, I finally got the application to ask the user to authenticate himself,but now I've run into a new problem: When I try to access the application using one of the users listed below(applicationContext-security.xml), I get this message :
Here's web.xml code:
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext-security.xml</param-value>
</context-param>
<welcome-file-list>
<welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>403</error-code>
<location>/sinacceso.jsp</location>
</error-page>
</web-app>
context.xml :
<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/Test01"/>
dispatcher-servlet.xml:
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<!-- GENERALES -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.tiles2.TilesView" />
</bean>
<bean id="tilesConfigurer"
class="org.springframework.web.servlet.view.tiles2.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/tiles.xml</value>
</list>
</property>
</bean>
<bean name="/index.htm" class="paginas.index"/>
<bean name="secure/villancicos.htm" class="paginas.villancicos"/>
<bean name="secure/administracion.htm" class="paginas.administracion"/>
</beans>
applicationContext-security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http>
<intercept-url pattern="/index.htm" filters="none" />
<intercept-url pattern="/secure/administracion.htm" access="ROLE_SUPERVISOR" />
<intercept-url pattern="/secure/**" access="ROLE_USER" />
<form-login />
<anonymous />
<http-basic />
<logout logout-success-url="/index.htm" />
</http>
<authentication-manager alias="myAuthenticationManager">
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
<user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
This application is currently using spring 2.5 with spring-security-2.0.4 (the same version from the tutorial I've been following).

Have you tried what the error suggests and added an alias attribute to your authentication-manager? Something like:
<authentication-manager alias="myAuthenticationManager">
<authentication-provider>
...