requiresChannel()

Redirect http to https

authorizeRequests()

with HttpServletRequest

authenticated()

Pass Only Authenticated User

fullyAuthenticated()

Pass Only Fully Authenticated User

anonymous()

Anyone can requests

hasRole(role)

Pass When Has Specify Role

hasAnyRole()

Pass When Has Any Role

hasIpAddress(ip)

Pass When Specify IP Address

not()

NOT

permitAll()

Accept All Permitted Users

denyAll()

Deny All Users