Sometimes you might need to have a more sophisticated method of defining security constraints. Fortunately as of version 3.0, Spring Security also supports SpEL as a means for declaring access requirements. I will give you show you how to use it in this tip.
First thing you will need to do is to enable it. To do this, you must set the use-expressions attribute of <http> to true:
<http auto-config="true" use-expressions="true">