Integration shouldn't be different than any other web app.

1. You need the spring-security dependencies either the jars or the maven dependencies. I'll post the maven dependencies, if you don't use maven you can look the jars up from here: mvn browser

   <properties>
     <spring.version>3.0.1.RELEASE</spring.version>
   </properties>
   <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-web</artifactId>
     <version>${spring.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-config</artifactId>
     <version>${spring.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-taglibs</artifactId>
     <version>${spring.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-core</artifactId>
     <version>${spring.version}</version>
   </dependency>
   

2. You need the FilterChainProxy defined in your web.xml:

   <filter>
     <filter-name>springSecurityFilterChain</filter-name>
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
   </filter>
   <filter-mapping>
     <filter-name>springSecurityFilterChain</filter-name>
     <url-pattern>/*</url-pattern>
   </filter-mapping>
   

3. You need your spring context locations defined in your web.xml:

   <context-param>
     <param-name>contextConfigLocation</param-name>
     <param-value>WEB-INF/spring-contexts/myContextConfig.xml</param-value>
   </context-param>
   

4. You need the ContextLoaderListener defined in your web.xml:

   <listener>
     <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
   </listener>
   

5. Finally for a basic security config you can have a look at the petclinic tutotial app.

That should do it.