mapfish-spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <http use-expressions="true">
        <!-- in order to get a challenge (for capabilities for example) you need to use the print/sec/* urls -->
        <intercept-url pattern="/sec/print/**" requires-channel="https" access="isAuthenticated()" />
        <http-basic />
        <anonymous />
    </http>

    <beans:bean name="bcryptEncoder"
        class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

    <!--
        This authentication manager is not really production quality.  It will work if you don't have complex
        needs but it is recommended to use ldap or database based authentication providers, etc..
        See http://docs.spring.io/spring-security/site/docs/3.2.5.RELEASE/reference/htmlsingle/#ns-config for some
        help
    -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <password-encoder ref="bcryptEncoder" />
            <user-service>
                <!-- password is jimi -->
                <user name="jimi" password="$2a$10$OeKmMfVmL2IbF/3skK8l2.Gl3EqvvGhb.Pxr/K0dN7.ttPRHsOzVW"
                    authorities="ROLE_USER, ROLE_ADMIN" />
                <!-- password is bob -->
                <user name="bob" password="$2a$10$D5gwUewQQSpjfZPTcj9rpuTTfmxAqNEyJ19pzC7Z9.fHSCl3jtDj."
                    authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>