the following *kind* of entries in web.xml Security Filter com.k_int.svc.identity.util.TomcatSecurityFilter Security Filter /webservices/search/* Finally, your spring application context will need to make sure it defines the security service: