java - Spring Security for REST -

i enabled spring security rest application not getting authorized when using curl.

security.xml

<sec:http use-expressions="true" entry-point-ref="restauthenticationentrypoint">     <sec:intercept-url pattern="/rest/**" access="hasrole('role_user')" />      <sec:form-login authentication-success-handler-ref="mysuccesshandler" />      <sec:logout /> </sec:http>  <beans:bean id="mysuccesshandler" class="net.himalay.security.mysavedrequestawareauthenticationsuccesshandler" />  <sec:authentication-manager alias="authenticationmanager">     <sec:authentication-provider>         <sec:user-service>             <sec:user name="temporary" password="temporary" authorities="role_admin" />             <sec:user name="user" password="userpass" authorities="role_user" />         </sec:user-service>     </sec:authentication-provider> </sec:authentication-manager> 

customentrypoint

@component public final class restauthenticationentrypoint implements authenticationentrypoint {      private static final logger log = loggerfactory.getlogger(restauthenticationentrypoint.class);      @override     public void commence(final httpservletrequest request, final httpservletresponse response, final authenticationexception authexception) throws ioexception {          log.info("---------restauthenticationentrypoint----------");         response.senderror(httpservletresponse.sc_unauthorized, "unauthorized");     }  } 

controller

@controller @requestmapping("rest") public class multitenantcontroller {      @autowired     private multitenantservice service;      @requestmapping(value = "/user/{id}", method = requestmethod.get)     @responsebody     public user getuserinfo(@pathvariable long id) {         return service.getuser(id);     }      @requestmapping(value = "/user", method = requestmethod.get)     @responsebody     public list<user> getcustomers() {         return service.getusers();     }      @requestmapping(value = "/user/{id}/todo", method = requestmethod.get)     @responsebody     public list<todoitem> gettransactions(@pathvariable long id) {         httpheaders headers = addaccesscontrollalloworigin();         return getuserinfo(id).gettodoitems();     } } 

$curl -i -x -u user:userpass http://localhost:8080/mt-rest/rest/user/1/todo

curl: (6) not resolve host: user http/1.1 401 unauthorized server: apache-coyote/1.1 set-cookie: jsessionid=ada11c09484e658c38d8385caba0cfae; path=/mt-rest/; httponly content-type: text/html;charset=utf-8 content-language: en content-length: 975 date: fri, 31 jan 2014 17:14:45 gmt 

after taking out security pattern security.xml, works fine. missing here?

you have defined form-login module. believe need specify http-basic. example:

<sec:http-basic />