<security:http auto-config="true" use-expressions="true" pattern="/ext/**">

1. <security:http auto-config="true" use-expressions="true" pattern="/ext/**">
2. <csrf disabled="true" />
3. </security:http>
4.  
5. <security:http auto-config="true" use-expressions="true" authentication-manager-ref="authenticationManager">
6. <security:intercept-url pattern="/auth/**" access="hasAnyRole('ROLE_USER')" />
7. <security:form-login login-page="/login" authentication-success-handler-ref="loginSuccessHandler" authentication-failure-url="/login" login-processing-url="/j_spring_security_check" />
8. <security:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
9. </security:http>
10.  
11. Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: private org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter gov.in.controller.filter.LoginAdtAuthFailHdlr.usernamePasswordAuthenticationFilter; nested exception is org.springframework.beans.factory.NoUniqueBeanDefinitionException: No qualifying bean of type [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] is defined: expected single matching bean but found 2: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#1
12. at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:561)
13. at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
14. at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
15. ... 58 more
16. Caused by: org.springframework.beans.factory.NoUniqueBeanDefinitionException: No qualifying bean of type [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] is defined: expected single matching bean but found 2: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#1
17. at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1054)
18. at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:942)
19. at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:533)
20. ... 60 more
21.  
22. <security:http use-expressions="true" authentication-manager-ref="authenticationManager">
23. <security:intercept-url pattern="/auth/**" access="hasAnyRole('ROLE_USER')" />
24. <security:form-login login-page="/login" authentication-success-handler-ref="loginSuccessHandler" authentication-failure-url="/login" login-processing-url="/j_spring_security_check" />
25. <security:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
26.  
27. <security:csrf request-matcher-ref="csrfSecurityRequestMatcher" />
28. </security:http>
29.  
30. public class CsrfSecurityRequestMatcher implements RequestMatcher {
31. private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
32. private RegexRequestMatcher unprotectedMatcher = new RegexRequestMatcher("/ext/**", null);
33.  
34. @Override
35. public boolean matches(HttpServletRequest request) {
36. if(allowedMethods.matcher(request.getMethod()).matches()){
37. return false;
38. }
39. return !unprotectedMatcher.matches(request);
40. }
41. }