security-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <security:http auto-config="true" use-expressions="true">
        <security:intercept-url pattern="/posts/**"/>
        <!--<security:intercept-url pattern="/posts/**" access="hasRole('ROLE_USER')"/>-->
    </security:http>


    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service id="testService">
                <security:user name="test1" password="123" authorities="ROLE_USER, ROLE_ADMIN"/>
                <security:user name="test2" password="123" authorities="ROLE_ANOTHER"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>


</beans>