<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                    http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
                    http://www.springframework.org/schema/security
                    http://www.springframework.org/schema/security/spring-security-4.2.xsd">

    <global-method-security pre-post-annotations="enabled"/>

    <!-- Выражения безопасности -->
    <http use-expressions="true">
        <!-- Общедоступные ресурсы -->
        <intercept-url pattern="favicon.ico" access="permitAll" />
        <intercept-url pattern="/login.xhtml" access="permitAll"/>
        <intercept-url pattern="/help/**" access="permitAll" />
        <intercept-url pattern="/resources/**" access="permitAll" />
        
        <!-- Только для пользователей системы -->
        <intercept-url pattern="/user/**" access="hasRole('user')"/>
        <intercept-url pattern="/" access="hasRole('user')"/>
        
        <!-- Только для администратора системы -->
        <intercept-url pattern="/admin/**" access="hasRole('admin')"/>
        
        <form-login login-page='/login.xhtml' default-target-url='/main.xhtml'
                    login-processing-url="/j_spring_security_check"
                    always-use-default-target='true' 
                    authentication-success-handler-ref="authenticationSuccessHandler"/>
        <http-basic/>
        <logout/>
    </http>
    
    <authentication-manager>
        <authentication-provider user-service-ref="userService">
            <password-encoder ref="passwordEncoder"/>
            <!--            <jdbc-user-service data-source-ref="dataSource"
                               users-by-username-query="
         select username, passwd as password,1 as enabled
         from people
         where username=?;"

                               authorities-by-username-query="
        select u.username, 'user' as authority
        from people u
        where u.username=?;"
            />-->
            <!--            <user-service>
                <user name="shiche" password="iS0nequo" authorities="user" />
            </user-service>-->
        </authentication-provider>
    </authentication-manager>
</beans:beans>

/**
 * Spring security.
 *
 * @author Vitaly Livshic
 */
@Configuration
public class SecurityConfig extends WebMvcConfigurationSupport
{

    /**
     * Обработчик удачного входа в систему.
     *
     * @return Обработчик.
     */
    @Bean
    public UrlAuthenticationSuccessHandler authenticationSuccessHandler()
    {
        return new UrlAuthenticationSuccessHandler();
    }

    /**
     * Шифрование паролей.
     *
     * @return Шифровщик.
     */
    @Bean
    public PasswordEncoder passwordEncoder()
    {
        return new BCryptPasswordEncoder();
    }
}

@Service
public class UserServiceImpl implements UserService
{

    @Autowired
    private PasswordEncoder passwordEncoder;

    /**
     * Сведения о пользователе по его логину. Метод требуется Spring Security.
     *
     * @param username
     * @return
     * @throws UsernameNotFoundException
     */
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
    {
        List<GrantedAuthority> roles = new ArrayList<>(2);

        roles.add(new SimpleGrantedAuthority("user"));
        //roles.add(new SimpleGrantedAuthority("admin"));

        // Остальные данные
       UserDetails details = new User("shiche", passwordEncoder.encode("iS0nequo"), roles);
//        UserDetails details = new User("shiche", "iS0nequo", roles);
        if (details == null)
            throw new UsernameNotFoundException("Пользователь не найден.");
        return details;
    }