From 86a8fcb92de5475f366cda9e79e1b494834267b1 Mon Sep 17 00:00:00 2001
From: Venkatraghavan Sankarasubbu <vensanka@sjc-ads-2495.(none)>
Date: Sat, 6 Apr 2013 07:19:52 -0700
Subject: [PATCH] Replacing Spring Security framework with Apache Tomcat Valve
 for Web Security (UI Only). Northbound will be handled as part of a different
 commit. Updated Web UI modules : 1. Root 2. Flows 3. Devices 4. Topology 5.
 Troublehshooting

Change-Id: I09fa1968a184bf6ae0c6248e8eea3c05a40433d8
Signed-off-by: Venkatraghavan Sankarasubbu <vensanka@cisco.com>
---
 .../distribution/opendaylight/pom.xml         |   7 +-
 .../main/resources/configuration/context.xml  |   2 +-
 .../resources/configuration/tomcat-server.xml |   4 +-
 opendaylight/security/pom.xml                 |  60 ++++++
 .../security/ControllerCustomRealm.java       |  68 +++++++
 .../controller/usermanager/IUserManager.java  |   3 +
 .../usermanager/internal/UserManagerImpl.java |   4 +
 .../usermanager/security/SessionManager.java  |  20 +-
 opendaylight/web/devices/pom.xml              |  20 +-
 .../controller/devices/web/Devices.java       | 167 ++++++++++-------
 .../src/main/resources/WEB-INF/jsp/error.jsp  |   8 +
 .../src/main/resources/WEB-INF/jsp/login.jsp  |   8 +
 .../main/resources/WEB-INF/spring/context.xml |  10 -
 .../WEB-INF/spring/servlet/security.xml       | 120 ------------
 .../src/main/resources/WEB-INF/web.xml        |  72 ++++---
 opendaylight/web/flows/pom.xml                |  20 +-
 .../controller/flows/web/Flows.java           | 176 ++++++++++--------
 .../controller/flows/web/Flows.java.rej       |  85 +++++++++
 .../src/main/resources/WEB-INF/jsp/error.jsp  |   8 +
 .../src/main/resources/WEB-INF/jsp/login.jsp  |   8 +
 .../main/resources/WEB-INF/spring/context.xml |  10 -
 .../WEB-INF/spring/servlet/security.xml       | 120 ------------
 .../flows/src/main/resources/WEB-INF/web.xml  |  75 ++++++--
 opendaylight/web/root/pom.xml                 |  22 ---
 .../web/AuthenticationProviderWrapper.java    |  52 ------
 ...ontrollerAuthenticationSuccessHandler.java |  70 -------
 .../web/ControllerCustomFilter.java           |  87 ---------
 .../web/ControllerLoginUrlAuthEntryPoint.java |  50 -----
 .../web/ControllerLogoutHandler.java          |  53 ------
 .../web/ControllerUserDetailsService.java     |  47 -----
 ...ontrollerWebSecurityContextRepository.java |  69 -------
 .../controller/web/DaylightWeb.java           | 126 ++++++++-----
 .../controller/web/DaylightWebAdmin.java      |  61 +++---
 .../src/main/resources/WEB-INF/jsp/error.jsp  |  45 +++++
 .../src/main/resources/WEB-INF/jsp/login.jsp  |   4 +-
 .../main/resources/WEB-INF/spring/context.xml |  10 -
 .../root/src/main/resources/WEB-INF/web.xml   |  77 +++++---
 .../web/root/src/main/resources/js/one.js     |   6 +-
 opendaylight/web/topology/pom.xml             |  18 --
 .../controller/topology/web/Topology.java     |  11 +-
 .../src/main/resources/WEB-INF/jsp/error.jsp  |   8 +
 .../src/main/resources/WEB-INF/jsp/login.jsp  |   8 +
 .../main/resources/WEB-INF/spring/context.xml |  10 -
 .../WEB-INF/spring/servlet/security.xml       | 120 ------------
 .../src/main/resources/WEB-INF/web.xml        |  75 +++++---
 opendaylight/web/troubleshoot/pom.xml         |  20 +-
 .../src/main/resources/WEB-INF/jsp/error.jsp  |   8 +
 .../src/main/resources/WEB-INF/jsp/login.jsp  |   8 +
 .../main/resources/WEB-INF/spring/context.xml |  10 -
 .../WEB-INF/spring/servlet/security.xml       | 120 ------------
 .../src/main/resources/WEB-INF/web.xml        |  81 +++++---
 51 files changed, 942 insertions(+), 1409 deletions(-)
 create mode 100644 opendaylight/security/pom.xml
 create mode 100644 opendaylight/security/src/main/java/org/opendaylight/controller/security/ControllerCustomRealm.java
 create mode 100644 opendaylight/web/devices/src/main/resources/WEB-INF/jsp/error.jsp
 create mode 100644 opendaylight/web/devices/src/main/resources/WEB-INF/jsp/login.jsp
 delete mode 100644 opendaylight/web/devices/src/main/resources/WEB-INF/spring/context.xml
 delete mode 100644 opendaylight/web/devices/src/main/resources/WEB-INF/spring/servlet/security.xml
 create mode 100644 opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java.rej
 create mode 100644 opendaylight/web/flows/src/main/resources/WEB-INF/jsp/error.jsp
 create mode 100644 opendaylight/web/flows/src/main/resources/WEB-INF/jsp/login.jsp
 delete mode 100644 opendaylight/web/flows/src/main/resources/WEB-INF/spring/context.xml
 delete mode 100644 opendaylight/web/flows/src/main/resources/WEB-INF/spring/servlet/security.xml
 delete mode 100644 opendaylight/web/root/src/main/java/org/opendaylight/controller/web/AuthenticationProviderWrapper.java
 delete mode 100644 opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerAuthenticationSuccessHandler.java
 delete mode 100644 opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerCustomFilter.java
 delete mode 100644 opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerLoginUrlAuthEntryPoint.java
 delete mode 100644 opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerLogoutHandler.java
 delete mode 100644 opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerUserDetailsService.java
 delete mode 100644 opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerWebSecurityContextRepository.java
 create mode 100644 opendaylight/web/root/src/main/resources/WEB-INF/jsp/error.jsp
 delete mode 100644 opendaylight/web/root/src/main/resources/WEB-INF/spring/context.xml
 create mode 100644 opendaylight/web/topology/src/main/resources/WEB-INF/jsp/error.jsp
 create mode 100644 opendaylight/web/topology/src/main/resources/WEB-INF/jsp/login.jsp
 delete mode 100644 opendaylight/web/topology/src/main/resources/WEB-INF/spring/context.xml
 delete mode 100644 opendaylight/web/topology/src/main/resources/WEB-INF/spring/servlet/security.xml
 create mode 100644 opendaylight/web/troubleshoot/src/main/resources/WEB-INF/jsp/error.jsp
 create mode 100644 opendaylight/web/troubleshoot/src/main/resources/WEB-INF/jsp/login.jsp
 delete mode 100644 opendaylight/web/troubleshoot/src/main/resources/WEB-INF/spring/context.xml
 delete mode 100644 opendaylight/web/troubleshoot/src/main/resources/WEB-INF/spring/servlet/security.xml

diff --git a/opendaylight/distribution/opendaylight/pom.xml b/opendaylight/distribution/opendaylight/pom.xml
index 6984fd647b..f6f9a01830 100644
--- a/opendaylight/distribution/opendaylight/pom.xml
+++ b/opendaylight/distribution/opendaylight/pom.xml
@@ -48,6 +48,9 @@
     <module>../../statisticsmanager</module>
     <module>../../topologymanager</module>
     <module>../../usermanager</module>
+    <module>../../security</module>
+    
+    
     <module>../../../third-party/openflowj</module>
     <module>../../../third-party/net.sf.jung2</module>
     <module>../../../third-party/jersey-servlet</module>
@@ -64,6 +67,8 @@
     <module>../../web/topology</module>
     
     <!-- Northbound bundles -->
+    
+     
     <module>../../northbound/commons</module>
     <module>../../northbound/topology</module>
     <module>../../northbound/staticrouting</module>
@@ -72,7 +77,7 @@
     <module>../../northbound/hosttracker</module>
     <module>../../northbound/subnets</module>
     <module>../../northbound/switchmanager</module>
-
+    
     <!-- Debug and logging -->
     <module>../../logging/bridge</module>
 
diff --git a/opendaylight/distribution/opendaylight/src/main/resources/configuration/context.xml b/opendaylight/distribution/opendaylight/src/main/resources/configuration/context.xml
index 85bba5a6aa..24c211ac47 100644
--- a/opendaylight/distribution/opendaylight/src/main/resources/configuration/context.xml
+++ b/opendaylight/distribution/opendaylight/src/main/resources/configuration/context.xml
@@ -1 +1 @@
-<Context crossContext="true"/>
+<Context crossContext="true" sessionCookiePath="/"/>
diff --git a/opendaylight/distribution/opendaylight/src/main/resources/configuration/tomcat-server.xml b/opendaylight/distribution/opendaylight/src/main/resources/configuration/tomcat-server.xml
index 42199b774c..4be075451e 100644
--- a/opendaylight/distribution/opendaylight/src/main/resources/configuration/tomcat-server.xml
+++ b/opendaylight/distribution/opendaylight/src/main/resources/configuration/tomcat-server.xml
@@ -48,7 +48,9 @@
       <Host name="localhost" appBase=""
             unpackWARs="false" autoDeploy="false"
             deployOnStartup="false" createDirs="false">
-
+        <Realm className="org.opendaylight.controller.security.ControllerCustomRealm" />
+	    <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+     
         <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
 			prefix="web_access_log_" suffix=".txt" resolveHosts="false"
 			rotatable="true" fileDateFormat="yyyy-MM"
diff --git a/opendaylight/security/pom.xml b/opendaylight/security/pom.xml
new file mode 100644
index 0000000000..8b0676ba83
--- /dev/null
+++ b/opendaylight/security/pom.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
+	xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+	<modelVersion>4.0.0</modelVersion>
+	<parent>
+		<groupId>org.opendaylight.controller</groupId>
+		<artifactId>commons.opendaylight</artifactId>
+		<version>1.4.0-SNAPSHOT</version>
+		<relativePath>../commons/opendaylight</relativePath>
+	</parent>
+
+	<groupId>org.opendaylight.controller</groupId>
+	<artifactId>security</artifactId>
+	<version>0.4.0-SNAPSHOT</version>
+	<packaging>bundle</packaging>
+	<build>
+		<plugins>
+			<plugin>
+				<groupId>org.apache.felix</groupId>
+				<artifactId>maven-bundle-plugin</artifactId>
+				<version>2.3.6</version>
+				<extensions>true</extensions>
+				<configuration>
+					<instructions>
+					    <Fragment-Host>
+					    org.apache.catalina
+					    </Fragment-Host>				    
+						<Import-Package>
+						org.slf4j,
+						javax.servlet,
+						org.apache.catalina,
+						org.apache.catalina.connector,
+						org.apache.catalina.valves,
+						org.apache.catalina.realm,
+						org.opendaylight.controller.sal.utils,
+						org.opendaylight.controller.sal.authorization,
+						org.opendaylight.controller.usermanager
+						</Import-Package>
+						<Export-Package>
+						org.opendaylight.controller.security
+						</Export-Package>
+					</instructions>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+	<dependencies>
+		<dependency>
+			<groupId>org.opendaylight.controller</groupId>
+			<artifactId>usermanager</artifactId>
+			<version>0.4.0-SNAPSHOT</version>
+		</dependency>
+		<dependency>
+            <groupId>org.opendaylight.controller</groupId>
+            <artifactId>sal</artifactId>
+            <version>0.4.0-SNAPSHOT</version>
+        </dependency>
+	</dependencies>
+</project>
diff --git a/opendaylight/security/src/main/java/org/opendaylight/controller/security/ControllerCustomRealm.java b/opendaylight/security/src/main/java/org/opendaylight/controller/security/ControllerCustomRealm.java
new file mode 100644
index 0000000000..43a41da824
--- /dev/null
+++ b/opendaylight/security/src/main/java/org/opendaylight/controller/security/ControllerCustomRealm.java
@@ -0,0 +1,68 @@
+package org.opendaylight.controller.security;
+
+import java.security.Principal;
+import java.util.List;
+
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.catalina.realm.RealmBase;
+import org.opendaylight.controller.sal.authorization.AuthResultEnum;
+import org.opendaylight.controller.sal.utils.ServiceHelper;
+import org.opendaylight.controller.usermanager.IUserManager;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class ControllerCustomRealm  extends RealmBase {
+
+    private static final String name = "ControllerCustomRealm";
+
+    private static final Logger logger = LoggerFactory
+            .getLogger(ControllerCustomRealm.class);
+
+    @Override
+    protected String getName() {
+        return name;
+    }
+
+    @Override
+    protected String getPassword(String username) {
+        IUserManager userManager = (IUserManager) ServiceHelper
+                .getGlobalInstance(IUserManager.class, this);
+        if (userManager != null) {
+            return userManager.getPassword(username);
+        } else
+            throw new RuntimeException("User Manager reference is null");
+    }
+
+    @Override
+    protected Principal getPrincipal(String username) {
+        IUserManager userManager = (IUserManager) ServiceHelper
+                .getGlobalInstance(IUserManager.class, this);
+        if (userManager != null) {
+            final List<String> roles = userManager.getUserRoles(username);
+            return new GenericPrincipal(username, getPassword(username), roles);
+        } else
+            throw new RuntimeException("User Manager reference is null");
+
+    }
+
+    @Override
+    public Principal authenticate(String username, String credentials) {
+
+        IUserManager userManager = (IUserManager) ServiceHelper
+                .getGlobalInstance(IUserManager.class, this);
+        if (userManager != null) {
+            AuthResultEnum result = userManager.authenticate(username,
+                    credentials);
+            if (result.equals(AuthResultEnum.AUTHOR_PASS)
+                    || result.equals(AuthResultEnum.AUTH_ACCEPT_LOC)
+                    || result.equals(AuthResultEnum.AUTH_ACCEPT)) {
+                return this.getPrincipal(username);
+            } else {
+                logger.error("Authentication failed for user " + username);
+                return null;
+            }
+        } else
+            throw new RuntimeException("User Manager reference is null");
+    }
+
+}
diff --git a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/IUserManager.java b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/IUserManager.java
index aac5aba353..a998ac3670 100644
--- a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/IUserManager.java
+++ b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/IUserManager.java
@@ -204,5 +204,8 @@ public interface IUserManager extends UserDetailsService {
 
     // Session manager to implement session mgmt across web-apps
     public ISessionManager getSessionManager();
+    
+    
+    public String getPassword(String username);
 
 }
diff --git a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java
index 0aad599222..1bd323d38e 100644
--- a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java
+++ b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/internal/UserManagerImpl.java
@@ -985,4 +985,8 @@ public class UserManagerImpl implements IUserManager, IObjectReader,
     public void setSessionMgr(ISessionManager sessionMgr) {
         this.sessionMgr = sessionMgr;
     }
+    
+    public String getPassword(String username) {
+        return localUserConfigList.get(username).getPassword();
+    }
 }
diff --git a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/security/SessionManager.java b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/security/SessionManager.java
index bbad9eb2ca..7706fe2b1a 100644
--- a/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/security/SessionManager.java
+++ b/opendaylight/usermanager/src/main/java/org/opendaylight/controller/usermanager/security/SessionManager.java
@@ -24,7 +24,6 @@ import javax.servlet.http.HttpSessionEvent;
 import org.opendaylight.controller.usermanager.ISessionManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.security.core.context.SecurityContext;
 
 public class SessionManager implements ISessionManager {
 
@@ -32,7 +31,6 @@ public class SessionManager implements ISessionManager {
             .getLogger(SessionManager.class);
 
     private Map<ServletContext, Set<HttpSession>> sessionMap = new HashMap<ServletContext, Set<HttpSession>>();
-    public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
 
     @Override
     public void sessionCreated(HttpSessionEvent se) {
@@ -84,22 +82,8 @@ public class SessionManager implements ISessionManager {
                 while (sessIterator.hasNext()) {
                     HttpSession session = sessIterator.next();
                     if (session != null && sessionId != null && session.getId() != null && !session.getId().equals(sessionId)) {
-                        Object contextFromSession = session
-                                .getAttribute(SPRING_SECURITY_CONTEXT_KEY);
-                        if (contextFromSession != null
-                                && contextFromSession instanceof SecurityContext) {
-                            String storedUserName = ((SecurityContext) contextFromSession)
-                                    .getAuthentication().getName();
-                            if (storedUserName != null && storedUserName.equals(username)) {                                
-                                sessionsList.add(session);                                
-                                sessIterator.remove();
-                            }
-                            else {
-                                logger.debug("storedUserName is null or did not match username " + username);
-                            }
-                        } else {
-                            logger.debug("contextFromSession is null or not instance of SecurityContext");
-                        }
+                        sessionsList.add(session);                                
+                        sessIterator.remove();
                     }
                     else {
                         logger.debug(" session or sessionId is null ");
diff --git a/opendaylight/web/devices/pom.xml b/opendaylight/web/devices/pom.xml
index 3500cd2eaf..e8a67ac9ed 100644
--- a/opendaylight/web/devices/pom.xml
+++ b/opendaylight/web/devices/pom.xml
@@ -73,26 +73,8 @@
 							org.springframework.web.servlet,
 							org.springframework.web.servlet.config,
 							org.springframework.web.servlet.view,
-
 							org.springframework.web.filter,
-							org.springframework.web.context,
-							org.springframework.security.core,
-							org.springframework.security.core.userdetails,
-							org.springframework.security.core.authority,
-							org.springframework.security.core.context,
-							org.springframework.security.authentication,
-							org.springframework.security.config,
-							org.springframework.security.config.authentication,
-							org.springframework.security.taglibs.authz,
-							org.springframework.security.web,
-							org.springframework.security.web.context,
-							org.springframework.security.web.authentication,
-							org.springframework.security.web.authentication.www,
-							org.springframework.security.provisioning,
-							org.springframework.security.web.util,
-							org.springframework.security.web.authentication.rememberme,
-							org.springframework.security.web.authentication.logout,
-							org.springframework.dao
+							org.springframework.web.context							
 						</Import-Package>
 						<Web-ContextPath>/controller/web/devices</Web-ContextPath>
 					</instructions>
diff --git a/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/Devices.java b/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/Devices.java
index ece5959dc0..5371f708de 100644
--- a/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/Devices.java
+++ b/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/Devices.java
@@ -16,11 +16,12 @@ import java.util.Map.Entry;
 import java.util.Set;
 import java.util.TreeMap;
 import java.util.concurrent.ConcurrentMap;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
 import org.codehaus.jackson.map.ObjectMapper;
 import org.opendaylight.controller.usermanager.IUserManager;
 import org.opendaylight.controller.web.IDaylightWeb;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -116,10 +117,10 @@ public class Devices implements IDaylightWeb {
                 Map<Short, String> portList = new HashMap<Short, String>();
                 for (NodeConnector nodeConnector : nodeConnectorSet) {
                     nodeConnectorNumberToStr = nodeConnector.getID().toString();
-                    Name ncName = ((Name) switchManager
-                            .getNodeConnectorProp(nodeConnector,
-                                    Name.NamePropName));
-                    nodeConnectorName = (ncName != null) ? ncName.getValue() : "";
+                    Name ncName = ((Name) switchManager.getNodeConnectorProp(
+                            nodeConnector, Name.NamePropName));
+                    nodeConnectorName = (ncName != null) ? ncName.getValue()
+                            : "";
                     portList.put(Short.parseShort(nodeConnectorNumberToStr),
                             nodeConnectorName);
                 }
@@ -141,7 +142,7 @@ public class Devices implements IDaylightWeb {
         columnNames.add("Tier");
         columnNames.add("Mac Address");
         columnNames.add("Ports");
-        
+
         result.setColumnNames(columnNames);
         return result;
     }
@@ -151,19 +152,20 @@ public class Devices implements IDaylightWeb {
     public List<String> getTiers() {
         return TierHelper.getTiers();
     }
-    
+
     @RequestMapping(value = "/nodesLearnt/update", method = RequestMethod.GET)
     @ResponseBody
     public StatusJsonBean updateLearntNode(
             @RequestParam("nodeName") String nodeName,
             @RequestParam("nodeId") String nodeId,
             @RequestParam("tier") String tier,
-            @RequestParam("operationMode") String operationMode) {
-    	if (!authorize(UserLevel.NETWORKADMIN)) {
-    		return unauthorizedMessage();
-    	}
-    	
-    	StatusJsonBean resultBean = new StatusJsonBean();
+            @RequestParam("operationMode") String operationMode,
+            HttpServletRequest request) {
+        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            return unauthorizedMessage();
+        }
+
+        StatusJsonBean resultBean = new StatusJsonBean();
         try {
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                     .getInstance(ISwitchManager.class, containerName, this);
@@ -185,7 +187,8 @@ public class Devices implements IDaylightWeb {
     public DevicesJsonBean getStaticRoutes() {
         Gson gson = new Gson();
         IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
-                .getInstance(IForwardingStaticRouting.class, containerName, this);
+                .getInstance(IForwardingStaticRouting.class, containerName,
+                        this);
         List<Map<String, String>> staticRoutes = new ArrayList<Map<String, String>>();
         ConcurrentMap<String, StaticRouteConfig> routeConfigs = staticRouting
                 .getStaticRouteConfigs();
@@ -212,11 +215,11 @@ public class Devices implements IDaylightWeb {
     public StatusJsonBean addStaticRoute(
             @RequestParam("routeName") String routeName,
             @RequestParam("staticRoute") String staticRoute,
-            @RequestParam("nextHop") String nextHop) {
-    	if (!authorize(UserLevel.NETWORKADMIN)) {
-    		return unauthorizedMessage();
-    	}
-    	
+            @RequestParam("nextHop") String nextHop, HttpServletRequest request) {
+        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            return unauthorizedMessage();
+        }
+
         StatusJsonBean result = new StatusJsonBean();
         try {
             IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
@@ -244,11 +247,12 @@ public class Devices implements IDaylightWeb {
     @RequestMapping(value = "/staticRoute/delete", method = RequestMethod.GET)
     @ResponseBody
     public StatusJsonBean deleteStaticRoute(
-            @RequestParam("routesToDelete") String routesToDelete) {
-    	if (!authorize(UserLevel.NETWORKADMIN)) {
-    		return unauthorizedMessage();
-    	}
-    	
+            @RequestParam("routesToDelete") String routesToDelete,
+            HttpServletRequest request) {
+        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            return unauthorizedMessage();
+        }
+
         StatusJsonBean resultBean = new StatusJsonBean();
         try {
             IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
@@ -295,15 +299,16 @@ public class Devices implements IDaylightWeb {
         result.setNodeData(subnets);
         return result;
     }
-    
+
     @RequestMapping(value = "/subnetGateway/add", method = RequestMethod.GET)
     @ResponseBody
     public StatusJsonBean addSubnetGateways(
             @RequestParam("gatewayName") String gatewayName,
-            @RequestParam("gatewayIPAddress") String gatewayIPAddress) {
-    	if (!authorize(UserLevel.NETWORKADMIN)) {
-    		return unauthorizedMessage();
-    	}
+            @RequestParam("gatewayIPAddress") String gatewayIPAddress,
+            HttpServletRequest request) {
+        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            return unauthorizedMessage();
+        }
 
         StatusJsonBean resultBean = new StatusJsonBean();
         try {
@@ -329,11 +334,12 @@ public class Devices implements IDaylightWeb {
     @RequestMapping(value = "/subnetGateway/delete", method = RequestMethod.GET)
     @ResponseBody
     public StatusJsonBean deleteSubnetGateways(
-            @RequestParam("gatewaysToDelete") String gatewaysToDelete) {
-    	if (!authorize(UserLevel.NETWORKADMIN)) {
-    		return unauthorizedMessage();
-    	}
-    	
+            @RequestParam("gatewaysToDelete") String gatewaysToDelete,
+            HttpServletRequest request) {
+        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            return unauthorizedMessage();
+        }
+
         StatusJsonBean resultBean = new StatusJsonBean();
         try {
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
@@ -361,11 +367,11 @@ public class Devices implements IDaylightWeb {
     public StatusJsonBean addSubnetGatewayPort(
             @RequestParam("portsName") String portsName,
             @RequestParam("ports") String ports,
-            @RequestParam("nodeId") String nodeId) {
-    	if (!authorize(UserLevel.NETWORKADMIN)) {
-    		return unauthorizedMessage();
-    	}
-    	
+            @RequestParam("nodeId") String nodeId, HttpServletRequest request) {
+        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            return unauthorizedMessage();
+        }
+
         StatusJsonBean resultBean = new StatusJsonBean();
         try {
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
@@ -392,11 +398,12 @@ public class Devices implements IDaylightWeb {
     @ResponseBody
     public StatusJsonBean deleteSubnetGatewayPort(
             @RequestParam("gatewayName") String gatewayName,
-            @RequestParam("nodePort") String nodePort) {
-    	if (!authorize(UserLevel.NETWORKADMIN)) {
-    		return unauthorizedMessage();
-    	}
-    	
+            @RequestParam("nodePort") String nodePort,
+            HttpServletRequest request) {
+        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            return unauthorizedMessage();
+        }
+
         StatusJsonBean resultBean = new StatusJsonBean();
         try {
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
@@ -487,11 +494,13 @@ public class Devices implements IDaylightWeb {
 
     @RequestMapping(value = "/spanPorts/add", method = RequestMethod.GET)
     @ResponseBody
-    public StatusJsonBean addSpanPort(@RequestParam("jsonData") String jsonData) {
-    	if (!authorize(UserLevel.NETWORKADMIN)) {
-    		return unauthorizedMessage();
-    	}
-    	
+    public StatusJsonBean addSpanPort(
+            @RequestParam("jsonData") String jsonData,
+            HttpServletRequest request) {
+        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            return unauthorizedMessage();
+        }
+
         StatusJsonBean resultBean = new StatusJsonBean();
         try {
             Gson gson = new Gson();
@@ -517,11 +526,12 @@ public class Devices implements IDaylightWeb {
     @RequestMapping(value = "/spanPorts/delete", method = RequestMethod.GET)
     @ResponseBody
     public StatusJsonBean deleteSpanPorts(
-            @RequestParam("spanPortsToDelete") String spanPortsToDelete) {
-    	if (!authorize(UserLevel.NETWORKADMIN)) {
-    		return unauthorizedMessage();
-    	}
-    	
+            @RequestParam("spanPortsToDelete") String spanPortsToDelete,
+            HttpServletRequest request) {
+        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            return unauthorizedMessage();
+        }
+
         StatusJsonBean resultBean = new StatusJsonBean();
         try {
             Gson gson = new Gson();
@@ -555,39 +565,56 @@ public class Devices implements IDaylightWeb {
                 .getInstance(ISwitchManager.class, containerName, this);
         String description = "";
         if (switchManager != null) {
-        	description = switchManager
-        			.getNodeDescription(Node.fromString(nodeId));
+            description = switchManager.getNodeDescription(Node
+                    .fromString(nodeId));
         }
-        return (description.isEmpty() || description.equalsIgnoreCase("none"))?
-        		nodeId : description;
+        return (description.isEmpty() || description.equalsIgnoreCase("none")) ? nodeId
+                : description;
     }
 
-    
     /**
      * Is the operation permitted for the given level
      * 
      * @param level
      */
-    private boolean authorize(UserLevel level) {
-    	IUserManager userManager = (IUserManager) ServiceHelper
+    private boolean authorize(UserLevel level, HttpServletRequest request) {
+        IUserManager userManager = (IUserManager) ServiceHelper
                 .getGlobalInstance(IUserManager.class, this);
         if (userManager == null) {
-        	return false;
+            return false;
         }
-        
-        String username = SecurityContextHolder.getContext().getAuthentication().getName();
+
+        String username = request.getUserPrincipal().getName();
         UserLevel userLevel = userManager.getUserLevel(username);
         if (userLevel.toNumber() <= level.toNumber()) {
-        	return true;
+            return true;
         }
         return false;
     }
-    
+
     private StatusJsonBean unauthorizedMessage() {
-    	StatusJsonBean message = new StatusJsonBean();
-    	message.setStatus(false);
-    	message.setMessage("Operation not authorized");
-    	return message;
+        StatusJsonBean message = new StatusJsonBean();
+        message.setStatus(false);
+        message.setMessage("Operation not authorized");
+        return message;
+    }
+
+    @RequestMapping(value = "login")
+    public String login(final HttpServletRequest request,
+            final HttpServletResponse response) {
+        // response.setHeader("X-Page-Location", "/login");
+        /*
+         * IUserManager userManager = (IUserManager) ServiceHelper
+         * .getGlobalInstance(IUserManager.class, this); if (userManager ==
+         * null) { return "User Manager is not available"; }
+         * 
+         * String username = request.getUserPrincipal().getName();
+         * 
+         * 
+         * model.addAttribute("username", username); model.addAttribute("role",
+         * userManager.getUserLevel(username).toNumber());
+         */
+        return "forward:" + "/";
     }
 
 }
diff --git a/opendaylight/web/devices/src/main/resources/WEB-INF/jsp/error.jsp b/opendaylight/web/devices/src/main/resources/WEB-INF/jsp/error.jsp
new file mode 100644
index 0000000000..270d793e5c
--- /dev/null
+++ b/opendaylight/web/devices/src/main/resources/WEB-INF/jsp/error.jsp
@@ -0,0 +1,8 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
diff --git a/opendaylight/web/devices/src/main/resources/WEB-INF/jsp/login.jsp b/opendaylight/web/devices/src/main/resources/WEB-INF/jsp/login.jsp
new file mode 100644
index 0000000000..270d793e5c
--- /dev/null
+++ b/opendaylight/web/devices/src/main/resources/WEB-INF/jsp/login.jsp
@@ -0,0 +1,8 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
diff --git a/opendaylight/web/devices/src/main/resources/WEB-INF/spring/context.xml b/opendaylight/web/devices/src/main/resources/WEB-INF/spring/context.xml
deleted file mode 100644
index 8a4bda53b0..0000000000
--- a/opendaylight/web/devices/src/main/resources/WEB-INF/spring/context.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xmlns:context="http://www.springframework.org/schema/context"
-  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-  http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
-        <import resource="servlet/security.xml"/>
-
-</beans>
diff --git a/opendaylight/web/devices/src/main/resources/WEB-INF/spring/servlet/security.xml b/opendaylight/web/devices/src/main/resources/WEB-INF/spring/servlet/security.xml
deleted file mode 100644
index 18ac6e7ecb..0000000000
--- a/opendaylight/web/devices/src/main/resources/WEB-INF/spring/servlet/security.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<beans:beans xmlns="http://www.springframework.org/schema/security"
-	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans
-           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-           http://www.springframework.org/schema/security
-           http://www.springframework.org/schema/security/spring-security-3.1.xsd">
-
-
-	<http pattern="/css/**" security="none" />
-	<http pattern="/js/**" security="none" />
-	<http pattern="/images/**" security="none" />
-	<http pattern="/favicon.ico" security="none" />
-	<http pattern="/controller/web/css/**" security="none" />
-	<http pattern="/controller/web/js/**" security="none" />
-	<http pattern="/controller/web/images/**" security="none" />
-
-
-	<http auto-config="false" authentication-manager-ref="authenticationManager"
-		security-context-repository-ref="securityContextRepo" entry-point-ref="loginUrlAuthenticationEntryPoint">
-		<intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<intercept-url pattern="/logout*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
-
-		<intercept-url pattern="/**"
-			access="ROLE_SYSTEM-ADMIN, ROLE_NETWORK-ADMIN, ROLE_NETWORK-OPERATOR, ROLE_CONTAINER-USER" />
-		<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
-		<custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />
-		<custom-filter position="LAST" ref="controllerFilter" />
-		<remember-me services-ref="rememberMeServices" key="SDN" />
-	</http>
-	
-	<beans:bean id="controllerFilter"
-		class="org.opendaylight.controller.web.ControllerCustomFilter" />
-
-	<authentication-manager id="authenticationManager">
-		<authentication-provider ref="authenticationProviderWrapper" />
-	</authentication-manager>
-
-	<beans:bean id="authenticationFilter"
-		class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
-		<beans:property name="authenticationManager" ref="authenticationManager" />
-		<beans:property name="authenticationFailureHandler"
-			ref="authenticationFailureHandler" />
-		<beans:property name="authenticationSuccessHandler">
-			<beans:bean
-				class="org.opendaylight.controller.web.ControllerAuthenticationSuccessHandler">
-				<beans:property name="targetUrlParameter" value="x-page-url" />
-				<beans:property name="defaultTargetUrl" value="/" />
-			</beans:bean>
-		</beans:property>
-		<beans:property name="rememberMeServices" ref="rememberMeServices" />
-	</beans:bean>
-
-	<beans:bean id="securityContextRepo"
-		class="org.opendaylight.controller.web.ControllerWebSecurityContextRepository" />
-
-	<beans:bean id="authenticationFailureHandler"
-		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
-		<beans:property name="useForward" value="false" />
-		<beans:property name="defaultFailureUrl" value="/login" />		
-	</beans:bean>
-
-	<beans:bean id="loginUrlAuthenticationEntryPoint"
-		class="org.opendaylight.controller.web.ControllerLoginUrlAuthEntryPoint">
-		<beans:property name="loginFormUrl" value="/login" />
-	</beans:bean>
-
-	<beans:bean id="authenticationProviderWrapper"
-		class="org.opendaylight.controller.web.AuthenticationProviderWrapper" />
-
-    <!-- logout related -->
-    
-    <beans:bean id="logoutHandler"
-        class="org.opendaylight.controller.web.ControllerLogoutHandler" />
-        
-    <beans:bean id="securityContextLogoutHandler"
-        class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />    
-        
-            
-    <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
-        <!-- if logout succeed then this is the URL -->
-        <beans:constructor-arg value="/login" />
-        <beans:constructor-arg>
-            <beans:list>
-                <beans:ref bean="logoutHandler"/>
-                <beans:ref bean="rememberMeServices"/>
-                <beans:ref bean="securityContextLogoutHandler"/>
-            </beans:list>
-        </beans:constructor-arg>
-        <beans:property name="filterProcessesUrl" value="/logout" />
-    </beans:bean>       
-        
-
-
-
-	<!-- remember me related -->
-	<beans:bean id="rememberMeFilter"
-		class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
-		<beans:property name="rememberMeServices" ref="rememberMeServices" />
-		<beans:property name="authenticationManager" ref="authenticationManager" />
-	</beans:bean>
-
-	<beans:bean id="rememberMeServices"
-		class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
-		<beans:property name="userDetailsService" ref="userDetailsServiceRef" />
-		<beans:property name="key" value="SDN" />
-		<beans:property name="alwaysRemember" value="true"></beans:property>
-		<beans:property name="tokenValiditySeconds" value="3600" />
-		<beans:property name="cookieName" value="SDN-Controller" />
-	</beans:bean>
-
-	<beans:bean id="userDetailsServiceRef" class="org.opendaylight.controller.web.ControllerUserDetailsService" />
-
-
-	<beans:bean id="rememberMeAuthenticationProvider"
-		class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
-		<beans:property name="key" value="SDN" />
-	</beans:bean>
-	
-</beans:beans>
diff --git a/opendaylight/web/devices/src/main/resources/WEB-INF/web.xml b/opendaylight/web/devices/src/main/resources/WEB-INF/web.xml
index de9d0778a3..0ebb738473 100644
--- a/opendaylight/web/devices/src/main/resources/WEB-INF/web.xml
+++ b/opendaylight/web/devices/src/main/resources/WEB-INF/web.xml
@@ -1,17 +1,51 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
-http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
-	version="2.4">
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource-name>free access</web-resource-name>
+			<url-pattern>/js/*</url-pattern>
+			<url-pattern>/images/*</url-pattern>
+			<url-pattern>/css/*</url-pattern>
+			<url-pattern>/favicon.ico</url-pattern>
+		</web-resource-collection>
+	</security-constraint>
 
-	<context-param>
-		<param-name>contextConfigLocation</param-name>
-		<param-value>/WEB-INF/spring/*.xml</param-value>
-	</context-param>
+	<security-constraint>
+		<display-name>DevicesApp</display-name>
+		<web-resource-collection>
+			<web-resource-name>DevicesGUI</web-resource-name>
+			<url-pattern>/*</url-pattern>
+		</web-resource-collection>
+		<auth-constraint>
+			<role-name>System-Admin</role-name>
+			<role-name>Network-Admin</role-name>
+			<role-name>Network-Operator</role-name>
+			<role-name>Container-User</role-name>
+		</auth-constraint>
+	</security-constraint>
 
-	<listener>
-		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-	</listener>
+	<security-role>
+		<role-name>System-Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Network-Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Network-Operator</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Container-User</role-name>
+	</security-role>
+
+	<login-config>
+		<auth-method>FORM</auth-method>
+		<form-login-config>
+			<form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
+			<form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
+		</form-login-config>
+	</login-config>
 
 	<servlet>
 		<servlet-name>Devices</servlet-name>
@@ -24,17 +58,13 @@ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
 		<url-pattern>/</url-pattern>
 	</servlet-mapping>
 
-	<filter>
-		<filter-name>springSecurityFilterChain</filter-name>
-		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-	</filter>
-
-	<filter-mapping>
-		<filter-name>springSecurityFilterChain</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-
 	<listener>
 		<listener-class>org.opendaylight.controller.web.ControllerUISessionManager</listener-class>
 	</listener>
+	<session-config>
+		<cookie-config>
+			<path>/</path>
+		</cookie-config>
+	</session-config>
+
 </web-app>
diff --git a/opendaylight/web/flows/pom.xml b/opendaylight/web/flows/pom.xml
index 891f951f50..4eaf227fe9 100644
--- a/opendaylight/web/flows/pom.xml
+++ b/opendaylight/web/flows/pom.xml
@@ -73,26 +73,8 @@
 							org.springframework.web.servlet,
 							org.springframework.web.servlet.config,
 							org.springframework.web.servlet.view,
-
 							org.springframework.web.filter,
-							org.springframework.web.context,
-							org.springframework.security.core,
-							org.springframework.security.core.userdetails,
-							org.springframework.security.core.authority,
-							org.springframework.security.core.context,
-							org.springframework.security.authentication,
-							org.springframework.security.config,
-							org.springframework.security.config.authentication,
-							org.springframework.security.taglibs.authz,
-							org.springframework.security.web,
-							org.springframework.security.web.context,
-							org.springframework.security.web.authentication,
-							org.springframework.security.web.authentication.www,
-							org.springframework.security.provisioning,
-							org.springframework.security.web.util,
-							org.springframework.security.web.authentication.rememberme,
-							org.springframework.security.web.authentication.logout,
-							org.springframework.dao
+							org.springframework.web.context							
 						</Import-Package>
 						<Web-ContextPath>/controller/web/flows</Web-ContextPath>
 					</instructions>
diff --git a/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java b/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java
index 4cc35e2f92..35237999b8 100644
--- a/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java
+++ b/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java
@@ -1,4 +1,3 @@
-
 /*
  * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
  *
@@ -15,6 +14,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.opendaylight.controller.forwardingrulesmanager.FlowConfig;
 import org.opendaylight.controller.forwardingrulesmanager.IForwardingRulesManager;
 import org.opendaylight.controller.sal.authorization.UserLevel;
@@ -30,7 +31,6 @@ import org.opendaylight.controller.switchmanager.Switch;
 import org.opendaylight.controller.switchmanager.SwitchConfig;
 import org.opendaylight.controller.usermanager.IUserManager;
 import org.opendaylight.controller.web.IDaylightWeb;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -43,7 +43,7 @@ import com.google.gson.Gson;
 @Controller
 @RequestMapping("/")
 public class Flows implements IDaylightWeb {
-	private static final UserLevel AUTH_LEVEL = UserLevel.CONTAINERUSER;
+    private static final UserLevel AUTH_LEVEL = UserLevel.CONTAINERUSER;
     private static final String WEB_NAME = "Flows";
     private static final String WEB_ID = "flows";
     private static final short WEB_ORDER = 2;
@@ -68,41 +68,43 @@ public class Flows implements IDaylightWeb {
         return WEB_ORDER;
     }
 
-	@Override
-	public boolean isAuthorized(UserLevel userLevel) {
-		return userLevel.ordinal() <= AUTH_LEVEL.ordinal();
-	}
-	
+    @Override
+    public boolean isAuthorized(UserLevel userLevel) {
+        return userLevel.ordinal() <= AUTH_LEVEL.ordinal();
+    }
+
     @RequestMapping(value = "/main")
     @ResponseBody
     public Set<Map<String, Object>> getFlows() {
         // fetch frm
         IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
                 .getInstance(IForwardingRulesManager.class, containerName, this);
-        if (frm == null) { return null; }
+        if (frm == null) {
+            return null;
+        }
 
         // fetch sm
         ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                 .getInstance(ISwitchManager.class, containerName, this);
-        if (switchManager == null) { return null; }
-        
+        if (switchManager == null) {
+            return null;
+        }
+
         // get static flow list
         List<FlowConfig> staticFlowList = frm.getStaticFlows();
         Set<Map<String, Object>> output = new HashSet<Map<String, Object>>();
         for (FlowConfig flowConfig : staticFlowList) {
-        	Map<String, Object> entry = new HashMap<String, Object>();
-        	entry.put("flow", flowConfig);
-        	entry.put("name", flowConfig.getName());
-        	Node node = flowConfig.getNode();
-        	String description = switchManager.getNodeDescription(node);
-        	entry.put("node", 
-        			(description.isEmpty() || 
-        					description.equalsIgnoreCase("none"))? 
-        							node.toString() : description);
-        	entry.put("nodeId", node.toString());
-        	output.add(entry);
-        }
-        
+            Map<String, Object> entry = new HashMap<String, Object>();
+            entry.put("flow", flowConfig);
+            entry.put("name", flowConfig.getName());
+            Node node = flowConfig.getNode();
+            String description = switchManager.getNodeDescription(node);
+            entry.put("node", (description.isEmpty() || description
+                    .equalsIgnoreCase("none")) ? node.toString() : description);
+            entry.put("nodeId", node.toString());
+            output.add(entry);
+        }
+
         return output;
     }
 
@@ -111,7 +113,9 @@ public class Flows implements IDaylightWeb {
     public Map<String, Object> getNodePorts() {
         ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                 .getInstance(ISwitchManager.class, containerName, this);
-        if (switchManager == null) { return null; }
+        if (switchManager == null) {
+            return null;
+        }
 
         Map<String, Object> nodes = new HashMap<String, Object>();
         Map<Short, String> port;
@@ -125,53 +129,58 @@ public class Flows implements IDaylightWeb {
                     String nodeConnectorName = ((Name) switchManager
                             .getNodeConnectorProp(nodeConnector,
                                     Name.NamePropName)).getValue();
-                    port.put((Short) nodeConnector.getID(),
-                             nodeConnectorName + "("
-                             + nodeConnector.getNodeConnectorIDString() + ")");
+                    port.put((Short) nodeConnector.getID(), nodeConnectorName
+                            + "(" + nodeConnector.getNodeConnectorIDString()
+                            + ")");
                 }
             }
-            
+
             // add ports
             Map<String, Object> entry = new HashMap<String, Object>();
             entry.put("ports", port);
-            
+
             // add name
-            String description = switchManager
-            		.getNodeDescription(node.getNode());
-            entry.put("name", (description.isEmpty() || 
-            		description.equalsIgnoreCase("none"))? 
-            		node.getNode().toString() : description);
-            
+            String description = switchManager.getNodeDescription(node
+                    .getNode());
+            entry.put("name", (description.isEmpty() || description
+                    .equalsIgnoreCase("none")) ? node.getNode().toString()
+                    : description);
+
             // add to the node
             nodes.put(node.getNode().toString(), entry);
         }
 
         return nodes;
     }
-    
+
     @RequestMapping(value = "/node-flows")
     @ResponseBody
     public Map<String, Object> getNodeFlows() {
         ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                 .getInstance(ISwitchManager.class, containerName, this);
-        if (switchManager == null) { return null; }
+        if (switchManager == null) {
+            return null;
+        }
         IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
                 .getInstance(IForwardingRulesManager.class, "default", this);
-        if (frm == null) { return null; }
+        if (frm == null) {
+            return null;
+        }
 
         Map<String, Object> nodes = new HashMap<String, Object>();
 
         for (Switch sw : switchManager.getNetworkDevices()) {
             Node node = sw.getNode();
-            
+
             List<FlowConfig> flows = frm.getStaticFlows(node);
-            
+
             String nodeDesc = node.toString();
-            SwitchConfig config = switchManager.getSwitchConfig(node.getNodeIDString());
+            SwitchConfig config = switchManager.getSwitchConfig(node
+                    .getNodeIDString());
             if (config != null) {
-            	nodeDesc = config.getNodeDescription();
+                nodeDesc = config.getNodeDescription();
             }
-            
+
             nodes.put(nodeDesc, flows.size());
         }
 
@@ -181,14 +190,18 @@ public class Flows implements IDaylightWeb {
     @RequestMapping(value = "/flow", method = RequestMethod.POST)
     @ResponseBody
     public String actionFlow(@RequestParam(required = true) String action,
-            @RequestParam(required = false) String body, @RequestParam(required = true) String nodeId) {
-    	if (!isUserAuthorized(UserLevel.NETWORKADMIN)) {
-    		return "Operation not authorized";
-    	}
-    	
+            @RequestParam(required = false) String body,
+            @RequestParam(required = true) String nodeId,
+            HttpServletRequest request) {
+        if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+            return "Operation not authorized";
+        }
+
         IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
                 .getInstance(IForwardingRulesManager.class, containerName, this);
-        if (frm == null) { return null; }
+        if (frm == null) {
+            return null;
+        }
 
         Gson gson = new Gson();
         FlowConfig flow = gson.fromJson(body, FlowConfig.class);
@@ -199,45 +212,60 @@ public class Flows implements IDaylightWeb {
             result = frm.addStaticFlow(flow, false);
         }
 
-        return (result.isSuccess())? StatusCode.SUCCESS.toString(): result.getDescription();
+        return (result.isSuccess()) ? StatusCode.SUCCESS.toString() : result
+                .getDescription();
     }
-    
+
     @RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST)
     @ResponseBody
-    public String removeFlow(@PathVariable("nodeId") String nodeId, @PathVariable("name") String name,
-    		@RequestParam(required = true) String action) {
-    	if (!isUserAuthorized(UserLevel.NETWORKADMIN)) { return "Operation not authorized"; }
-    	
-    	IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
+    public String removeFlow(@PathVariable("nodeId") String nodeId,
+            @PathVariable("name") String name,
+            @RequestParam(required = true) String action,
+            HttpServletRequest request) {
+        if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+
+            return "Operation not authorized";
+        }
+
+        IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
                 .getInstance(IForwardingRulesManager.class, containerName, this);
-        if (frm == null) { return null; }
-        
+        if (frm == null) {
+            return null;
+        }
+
         Status result = null;
         Node node = Node.fromString(nodeId);
-        if (node == null) { return null; }
+        if (node == null) {
+            return null;
+        }
         if (action.equals("remove")) {
-        	result = frm.removeStaticFlow(name, node);
+            result = frm.removeStaticFlow(name, node);
         } else if (action.equals("toggle")) {
-        	result = frm.toggleStaticFlowStatus(name, node);
+            result = frm.toggleStaticFlowStatus(name, node);
         } else {
-        	result = new Status(StatusCode.BADREQUEST, "Unknown action");
+            result = new Status(StatusCode.BADREQUEST, "Unknown action");
         }
-        
-        return (result.isSuccess())? StatusCode.SUCCESS.toString(): result.getDescription();
+
+        return (result.isSuccess()) ? StatusCode.SUCCESS.toString() : result
+                .getDescription();
     }
-    
+
     /**
-     * Returns whether the current user's level is same or above
-     * the required authorization level. 
+     * Returns whether the current user's level is same or above the required
+     * authorization level.
      * 
-     * @param requiredLevel the authorization level required
+     * @param requiredLevel
+     *            the authorization level required
      */
-    private boolean isUserAuthorized(UserLevel requiredLevel) {
-    	IUserManager userManager = (IUserManager) ServiceHelper
+    private boolean isUserAuthorized(UserLevel requiredLevel,
+            HttpServletRequest request) {
+        IUserManager userManager = (IUserManager) ServiceHelper
                 .getGlobalInstance(IUserManager.class, this);
-        if (userManager == null) { return false; }
-        
-        String username = SecurityContextHolder.getContext().getAuthentication().getName();
+        if (userManager == null) {
+            return false;
+        }
+
+        String username = request.getUserPrincipal().getName();
         UserLevel userLevel = userManager.getUserLevel(username);
         return (userLevel.ordinal() <= requiredLevel.ordinal());
     }
diff --git a/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java.rej b/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java.rej
new file mode 100644
index 0000000000..7b03d3434e
--- /dev/null
+++ b/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java.rej
@@ -0,0 +1,85 @@
+***************
+*** 29,35 ****
+  import org.opendaylight.controller.switchmanager.SwitchConfig;
+  import org.opendaylight.controller.usermanager.IUserManager;
+  import org.opendaylight.controller.web.IOneWeb;
+- import org.springframework.security.core.context.SecurityContextHolder;
+  import org.springframework.stereotype.Controller;
+  import org.springframework.web.bind.annotation.PathVariable;
+  import org.springframework.web.bind.annotation.RequestMapping;
+--- 31,36 ----
+  import org.opendaylight.controller.switchmanager.SwitchConfig;
+  import org.opendaylight.controller.usermanager.IUserManager;
+  import org.opendaylight.controller.web.IOneWeb;
+  import org.springframework.stereotype.Controller;
+  import org.springframework.web.bind.annotation.PathVariable;
+  import org.springframework.web.bind.annotation.RequestMapping;
+***************
+*** 182,189 ****
+      @RequestMapping(value = "/flow", method = RequestMethod.POST)
+      @ResponseBody
+      public String actionFlow(@RequestParam(required = true) String action,
+-             @RequestParam(required = false) String body, @RequestParam(required = true) String nodeId) {
+-     	if (!authorize(UserLevel.NETWORKADMIN)) {
+      		return "Operation not authorized";
+      	}
+      	
+--- 183,190 ----
+      @RequestMapping(value = "/flow", method = RequestMethod.POST)
+      @ResponseBody
+      public String actionFlow(@RequestParam(required = true) String action,
++             @RequestParam(required = false) String body, @RequestParam(required = true) String nodeId, HttpServletRequest request) {
++     	if (!authorize(UserLevel.NETWORKADMIN, request)) {
+      		return "Operation not authorized";
+      	}
+      	
+***************
+*** 206,213 ****
+      @RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST)
+      @ResponseBody
+      public String removeFlow(@PathVariable("nodeId") String nodeId, @PathVariable("name") String name,
+-     		@RequestParam(required = true) String action) {
+-     	if (!authorize(UserLevel.NETWORKADMIN)) { return "Operation not authorized"; }
+      	
+      	IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
+                  .getInstance(IForwardingRulesManager.class, "default", this);
+--- 207,214 ----
+      @RequestMapping(value = "/flow/{nodeId}/{name}", method = RequestMethod.POST)
+      @ResponseBody
+      public String removeFlow(@PathVariable("nodeId") String nodeId, @PathVariable("name") String name,
++     		@RequestParam(required = true) String action, HttpServletRequest request) {
++     	if (!authorize(UserLevel.NETWORKADMIN, request)) { return "Operation not authorized"; }
+      	
+      	IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
+                  .getInstance(IForwardingRulesManager.class, "default", this);
+***************
+*** 235,248 ****
+       * 
+       * @param level
+       */
+-     private boolean authorize(UserLevel level) {
+      	IUserManager userManager = (IUserManager) ServiceHelper
+                  .getGlobalInstance(IUserManager.class, this);
+          if (userManager == null) {
+          	return false;
+          }
+          
+-         String username = SecurityContextHolder.getContext().getAuthentication().getName();
+          UserLevel userLevel = userManager.getUserLevel(username);
+          if (userLevel.toNumber() <= level.toNumber()) {
+          	return true;
+--- 236,249 ----
+       * 
+       * @param level
+       */
++     private boolean authorize(UserLevel level, HttpServletRequest request) {
+      	IUserManager userManager = (IUserManager) ServiceHelper
+                  .getGlobalInstance(IUserManager.class, this);
+          if (userManager == null) {
+          	return false;
+          }
+          
++         String username = request.getUserPrincipal().getName();
+          UserLevel userLevel = userManager.getUserLevel(username);
+          if (userLevel.toNumber() <= level.toNumber()) {
+          	return true;
diff --git a/opendaylight/web/flows/src/main/resources/WEB-INF/jsp/error.jsp b/opendaylight/web/flows/src/main/resources/WEB-INF/jsp/error.jsp
new file mode 100644
index 0000000000..270d793e5c
--- /dev/null
+++ b/opendaylight/web/flows/src/main/resources/WEB-INF/jsp/error.jsp
@@ -0,0 +1,8 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
diff --git a/opendaylight/web/flows/src/main/resources/WEB-INF/jsp/login.jsp b/opendaylight/web/flows/src/main/resources/WEB-INF/jsp/login.jsp
new file mode 100644
index 0000000000..270d793e5c
--- /dev/null
+++ b/opendaylight/web/flows/src/main/resources/WEB-INF/jsp/login.jsp
@@ -0,0 +1,8 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
diff --git a/opendaylight/web/flows/src/main/resources/WEB-INF/spring/context.xml b/opendaylight/web/flows/src/main/resources/WEB-INF/spring/context.xml
deleted file mode 100644
index 8a4bda53b0..0000000000
--- a/opendaylight/web/flows/src/main/resources/WEB-INF/spring/context.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xmlns:context="http://www.springframework.org/schema/context"
-  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-  http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
-        <import resource="servlet/security.xml"/>
-
-</beans>
diff --git a/opendaylight/web/flows/src/main/resources/WEB-INF/spring/servlet/security.xml b/opendaylight/web/flows/src/main/resources/WEB-INF/spring/servlet/security.xml
deleted file mode 100644
index 18ac6e7ecb..0000000000
--- a/opendaylight/web/flows/src/main/resources/WEB-INF/spring/servlet/security.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<beans:beans xmlns="http://www.springframework.org/schema/security"
-	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans
-           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-           http://www.springframework.org/schema/security
-           http://www.springframework.org/schema/security/spring-security-3.1.xsd">
-
-
-	<http pattern="/css/**" security="none" />
-	<http pattern="/js/**" security="none" />
-	<http pattern="/images/**" security="none" />
-	<http pattern="/favicon.ico" security="none" />
-	<http pattern="/controller/web/css/**" security="none" />
-	<http pattern="/controller/web/js/**" security="none" />
-	<http pattern="/controller/web/images/**" security="none" />
-
-
-	<http auto-config="false" authentication-manager-ref="authenticationManager"
-		security-context-repository-ref="securityContextRepo" entry-point-ref="loginUrlAuthenticationEntryPoint">
-		<intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<intercept-url pattern="/logout*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
-
-		<intercept-url pattern="/**"
-			access="ROLE_SYSTEM-ADMIN, ROLE_NETWORK-ADMIN, ROLE_NETWORK-OPERATOR, ROLE_CONTAINER-USER" />
-		<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
-		<custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />
-		<custom-filter position="LAST" ref="controllerFilter" />
-		<remember-me services-ref="rememberMeServices" key="SDN" />
-	</http>
-	
-	<beans:bean id="controllerFilter"
-		class="org.opendaylight.controller.web.ControllerCustomFilter" />
-
-	<authentication-manager id="authenticationManager">
-		<authentication-provider ref="authenticationProviderWrapper" />
-	</authentication-manager>
-
-	<beans:bean id="authenticationFilter"
-		class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
-		<beans:property name="authenticationManager" ref="authenticationManager" />
-		<beans:property name="authenticationFailureHandler"
-			ref="authenticationFailureHandler" />
-		<beans:property name="authenticationSuccessHandler">
-			<beans:bean
-				class="org.opendaylight.controller.web.ControllerAuthenticationSuccessHandler">
-				<beans:property name="targetUrlParameter" value="x-page-url" />
-				<beans:property name="defaultTargetUrl" value="/" />
-			</beans:bean>
-		</beans:property>
-		<beans:property name="rememberMeServices" ref="rememberMeServices" />
-	</beans:bean>
-
-	<beans:bean id="securityContextRepo"
-		class="org.opendaylight.controller.web.ControllerWebSecurityContextRepository" />
-
-	<beans:bean id="authenticationFailureHandler"
-		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
-		<beans:property name="useForward" value="false" />
-		<beans:property name="defaultFailureUrl" value="/login" />		
-	</beans:bean>
-
-	<beans:bean id="loginUrlAuthenticationEntryPoint"
-		class="org.opendaylight.controller.web.ControllerLoginUrlAuthEntryPoint">
-		<beans:property name="loginFormUrl" value="/login" />
-	</beans:bean>
-
-	<beans:bean id="authenticationProviderWrapper"
-		class="org.opendaylight.controller.web.AuthenticationProviderWrapper" />
-
-    <!-- logout related -->
-    
-    <beans:bean id="logoutHandler"
-        class="org.opendaylight.controller.web.ControllerLogoutHandler" />
-        
-    <beans:bean id="securityContextLogoutHandler"
-        class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />    
-        
-            
-    <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
-        <!-- if logout succeed then this is the URL -->
-        <beans:constructor-arg value="/login" />
-        <beans:constructor-arg>
-            <beans:list>
-                <beans:ref bean="logoutHandler"/>
-                <beans:ref bean="rememberMeServices"/>
-                <beans:ref bean="securityContextLogoutHandler"/>
-            </beans:list>
-        </beans:constructor-arg>
-        <beans:property name="filterProcessesUrl" value="/logout" />
-    </beans:bean>       
-        
-
-
-
-	<!-- remember me related -->
-	<beans:bean id="rememberMeFilter"
-		class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
-		<beans:property name="rememberMeServices" ref="rememberMeServices" />
-		<beans:property name="authenticationManager" ref="authenticationManager" />
-	</beans:bean>
-
-	<beans:bean id="rememberMeServices"
-		class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
-		<beans:property name="userDetailsService" ref="userDetailsServiceRef" />
-		<beans:property name="key" value="SDN" />
-		<beans:property name="alwaysRemember" value="true"></beans:property>
-		<beans:property name="tokenValiditySeconds" value="3600" />
-		<beans:property name="cookieName" value="SDN-Controller" />
-	</beans:bean>
-
-	<beans:bean id="userDetailsServiceRef" class="org.opendaylight.controller.web.ControllerUserDetailsService" />
-
-
-	<beans:bean id="rememberMeAuthenticationProvider"
-		class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
-		<beans:property name="key" value="SDN" />
-	</beans:bean>
-	
-</beans:beans>
diff --git a/opendaylight/web/flows/src/main/resources/WEB-INF/web.xml b/opendaylight/web/flows/src/main/resources/WEB-INF/web.xml
index 5841ed28c5..adbdf75b7c 100644
--- a/opendaylight/web/flows/src/main/resources/WEB-INF/web.xml
+++ b/opendaylight/web/flows/src/main/resources/WEB-INF/web.xml
@@ -1,17 +1,8 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
-http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
-	version="2.4">
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
 
-	<context-param>
-		<param-name>contextConfigLocation</param-name>
-		<param-value>/WEB-INF/spring/*.xml</param-value>
-	</context-param>
-
-	<listener>
-		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-	</listener>
 
 	<servlet>
 		<servlet-name>Flows</servlet-name>
@@ -24,18 +15,62 @@ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
 		<url-pattern>/</url-pattern>
 	</servlet-mapping>
 
-	<filter>
-		<filter-name>springSecurityFilterChain</filter-name>
-		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-	</filter>
 
-	<filter-mapping>
-		<filter-name>springSecurityFilterChain</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource-name>free access</web-resource-name>
+			<url-pattern>/js/*</url-pattern>
+			<url-pattern>/images/*</url-pattern>
+			<url-pattern>/css/*</url-pattern>
+			<url-pattern>/favicon.ico</url-pattern>
+		</web-resource-collection>
+	</security-constraint>
+
+	<security-constraint>
+		<display-name>FlowApp</display-name>
+		<web-resource-collection>
+			<web-resource-name>FlowMgrGUI</web-resource-name>
+			<url-pattern>/*</url-pattern>
+		</web-resource-collection>
+		<auth-constraint>
+			<role-name>System-Admin</role-name>
+			<role-name>Network-Admin</role-name>
+			<role-name>Network-Operator</role-name>
+			<role-name>Container-User</role-name>
+		</auth-constraint>
+	</security-constraint>
+	<security-role>
+		<role-name>System-Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Network-Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Network-Operator</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Container-User</role-name>
+	</security-role>
+
+	<login-config>
+		<auth-method>FORM</auth-method>
+		<form-login-config>
+			<form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
+			<form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
+		</form-login-config>
+	</login-config>
+
 
 	<listener>
 		<listener-class>org.opendaylight.controller.web.ControllerUISessionManager</listener-class>
 	</listener>
 
+	<session-config>
+		<cookie-config>
+			<path>/</path>
+		</cookie-config>
+	</session-config>
+
+
+
 </web-app>
diff --git a/opendaylight/web/root/pom.xml b/opendaylight/web/root/pom.xml
index 7c1155496d..7f5c45319e 100644
--- a/opendaylight/web/root/pom.xml
+++ b/opendaylight/web/root/pom.xml
@@ -73,31 +73,9 @@
 							org.springframework.web.servlet.config,
 							org.springframework.web.servlet.view,
 							org.springframework.web.servlet.view.json,
-
 							org.springframework.web.filter,
 							org.springframework.web.context,
-							org.springframework.security.core,
-							org.springframework.security.core.userdetails,
-							org.springframework.security.core.authority,
-							org.springframework.security.core.context,
-							org.springframework.security.authentication,
-							org.springframework.security.config,
-							org.springframework.security.config.authentication,
-							org.springframework.security.taglibs.authz,
-							org.springframework.security.web,
-							org.springframework.security.web.context,
-							org.springframework.security.web.authentication,
-							org.springframework.security.web.authentication.www,
-							org.springframework.security.provisioning,
-							org.springframework.security.web.util,
-							org.springframework.security.web.authentication.rememberme,
-							org.springframework.security.web.authentication.logout,
-							org.springframework.dao,
-							org.springframework.security.web.savedrequest,
-							org.springframework.security.access,
 							org.springframework.util
-
-
 						</Import-Package>
 						<Export-Package>
 							org.opendaylight.controller.web
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/AuthenticationProviderWrapper.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/AuthenticationProviderWrapper.java
deleted file mode 100644
index 7877ff68eb..0000000000
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/AuthenticationProviderWrapper.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-
-import org.opendaylight.controller.sal.utils.ServiceHelper;
-import org.opendaylight.controller.usermanager.IUserManager;
-
-
-public class AuthenticationProviderWrapper implements
-        AuthenticationProvider {
-
-    private static final Logger logger = LoggerFactory
-            .getLogger(AuthenticationProviderWrapper.class);
-
-    @Override
-    public Authentication authenticate(Authentication authentication)
-            throws AuthenticationException {
-        return ((AuthenticationProvider) getUserManagerRef())
-                .authenticate(authentication);
-    }
-
-    @Override
-    public boolean supports(Class<?> authentication) {
-        return ((AuthenticationProvider) getUserManagerRef())
-                .supports(authentication);
-    }
-
-    private IUserManager getUserManagerRef() {
-        IUserManager userManager = (IUserManager) ServiceHelper
-                .getGlobalInstance(IUserManager.class, this);
-        if (userManager != null) {
-            return userManager;
-        } else {
-            logger.error("UserManager Ref is null. ");
-            throw new RuntimeException("UserManager Ref is null. ");
-        }
-    }
-
-}
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerAuthenticationSuccessHandler.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerAuthenticationSuccessHandler.java
deleted file mode 100644
index 9514109bea..0000000000
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerAuthenticationSuccessHandler.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import java.io.IOException;
-import java.util.Map;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
-import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
-import org.springframework.security.web.savedrequest.RequestCache;
-import org.springframework.security.web.savedrequest.SavedRequest;
-import org.springframework.util.StringUtils;
-
-public class ControllerAuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
-    private RequestCache requestCache = new HttpSessionRequestCache();
-
-    @Override
-    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
-            Authentication authentication) throws ServletException, IOException {
-        SavedRequest savedRequest = requestCache.getRequest(request, response);
-
-        if (savedRequest == null) {
-            super.onAuthenticationSuccess(request, response, authentication);
-
-            return;
-        }
-        String targetUrlParameter = getTargetUrlParameter();
-        if (isAlwaysUseDefaultTargetUrl() || (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
-            requestCache.removeRequest(request, response);
-            super.onAuthenticationSuccess(request, response, authentication);
-
-            return;
-        }
-
-        clearAuthenticationAttributes(request);
-
-        // Use the DefaultSavedRequest URL
-        
-        String targetUrl = savedRequest.getRedirectUrl();
-        //workaround to avoid being redirected to ajax calls
-        Map<String, String[]> m = savedRequest.getParameterMap();
-        if(m!= null)
-        {
-            String[] value = m.get("x-page-url");
-            if(value != null && value.length > 0)
-                targetUrl = request.getContextPath() + "#" + value[0];
-        }
-        logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl);
-        
-        
-        
-        getRedirectStrategy().sendRedirect(request, response, targetUrl);
-    }
-
-    public void setRequestCache(RequestCache requestCache) {
-        this.requestCache = requestCache;
-    }
-}
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerCustomFilter.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerCustomFilter.java
deleted file mode 100644
index a14df9475a..0000000000
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerCustomFilter.java
+++ /dev/null
@@ -1,87 +0,0 @@
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-package org.opendaylight.controller.web;
-
-import java.io.IOException;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.opendaylight.controller.sal.utils.ServiceHelper;
-import org.opendaylight.controller.usermanager.IUserManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.filter.GenericFilterBean;
-
-public class ControllerCustomFilter extends GenericFilterBean {
-
-    private static final Logger logger = LoggerFactory
-            .getLogger(ControllerCustomFilter.class);
-
- 
-    @Override
-    public void doFilter(ServletRequest req, ServletResponse resp,
-            FilterChain chain) throws IOException, ServletException {
-        //custom filter to handle logged out users
-        HttpServletRequest request = (HttpServletRequest) req;
-        HttpServletResponse response = (HttpServletResponse) resp;
-
-        String url = request.getRequestURL().toString();
-
-        //skip anonymous auth
-        if (!(url.indexOf("login") > -1) && !(url.indexOf("logout") > -1)) {
-            if (SecurityContextHolder.getContext().getAuthentication() != null
-                    && SecurityContextHolder.getContext().getAuthentication()
-                            .isAuthenticated()) {
-
-                IUserManager userManager = (IUserManager) ServiceHelper
-                        .getGlobalInstance(IUserManager.class, this);
-                if (userManager != null) {
-                    Map<String, List<String>> activeUsers = userManager
-                            .getUserLoggedIn();
-                    if (activeUsers != null && activeUsers.size() > 0) {
-
-                        String username = SecurityContextHolder.getContext()
-                                .getAuthentication().getName();
-                        if (!activeUsers.containsKey(username)) {
-                            throw new AccessDeniedException(
-                                    "UserManager activeUserList does not contain user "
-                                            + username);
-                        }
-                    } else {
-                        logger.error("UserManager return empty activeusers");
-                        throw new AccessDeniedException(
-                                "UserManager activeUserList is empty. ");
-                    }
-                } else {
-                    logger.error("UserManager Ref is null. ");
-                    throw new RuntimeException("UserManager Ref is null. ");
-                }
-
-            } else {
-                logger.error("SecurityContextHolder getAuthentication is null");
-                throw new AccessDeniedException(
-                        "SecurityContextHolder is not populated");
-            }
-        }
-
-        chain.doFilter(request, response);
-    }
-
-
-}
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerLoginUrlAuthEntryPoint.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerLoginUrlAuthEntryPoint.java
deleted file mode 100644
index 36a192e0e9..0000000000
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerLoginUrlAuthEntryPoint.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.DefaultRedirectStrategy;
-import org.springframework.security.web.RedirectStrategy;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-import org.springframework.security.web.util.RedirectUrlBuilder;
-
-@SuppressWarnings("deprecation")
-public class ControllerLoginUrlAuthEntryPoint extends
-        LoginUrlAuthenticationEntryPoint {
-
-    private String loginFormUrl = "/login";
-    private final RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
-
-    //This entry point always re-directs to root login page.
-
-   @Override
-   public void commence(HttpServletRequest request,
-            HttpServletResponse response, AuthenticationException authException)
-            throws IOException, ServletException {
-
-        String redirectUrl = request.getRequestURL().toString();
-            RedirectUrlBuilder urlBuilder = new RedirectUrlBuilder();
-            urlBuilder.setScheme(request.getScheme());
-            urlBuilder.setServerName(request.getServerName());
-            urlBuilder.setPort(getPortResolver().getServerPort(request));
-            // urlBuilder.setContextPath(request.getContextPath());
-            urlBuilder.setPathInfo(loginFormUrl);
-            redirectUrl = urlBuilder.getUrl();
-            redirectStrategy.sendRedirect(request, response, redirectUrl);  
-
-    }
-
-}
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerLogoutHandler.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerLogoutHandler.java
deleted file mode 100644
index ee06a13093..0000000000
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerLogoutHandler.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.logout.LogoutHandler;
-
-import org.opendaylight.controller.sal.utils.ServiceHelper;
-import org.opendaylight.controller.usermanager.IUserManager;
-
-public class ControllerLogoutHandler implements LogoutHandler {
-
-    private static final Logger logger = LoggerFactory
-            .getLogger(ControllerLogoutHandler.class);
-
-    @Override
-    public void logout(HttpServletRequest request,
-            HttpServletResponse response, Authentication authentication) {
-        if (authentication != null) {
-            String userName = authentication.getName();
-            if (userName != null) {
-                IUserManager userManager = (IUserManager) ServiceHelper
-                        .getGlobalInstance(IUserManager.class, this);
-                if (userManager != null) {
-                    userManager.userLogout(userName);
-                    HttpSession session = request.getSession();
-                    userManager.getSessionManager().invalidateSessions(userName, session.getId());
-                    
-                } else
-                    logger
-                            .error("UserMgr ref is null. Logout is not done cleanly");
-
-            } else
-                logger
-                        .error("User name is null in authentication. Logout is not done cleanly");
-        }
-
-    }
-
-}
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerUserDetailsService.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerUserDetailsService.java
deleted file mode 100644
index 2aac0b03cf..0000000000
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerUserDetailsService.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-
-import org.opendaylight.controller.sal.utils.ServiceHelper;
-import org.opendaylight.controller.usermanager.IUserManager;
-
-
-public class ControllerUserDetailsService implements UserDetailsService {
-
-    private static final Logger logger = LoggerFactory
-            .getLogger(ControllerUserDetailsService.class);
-
-    ControllerUserDetailsService() {
-    }
-
-    @Override
-    public UserDetails loadUserByUsername(String username)
-            throws UsernameNotFoundException {
-        return getUserManagerRef().loadUserByUsername(username);
-    }
-
-    private IUserManager getUserManagerRef() {
-        IUserManager userManager = (IUserManager) ServiceHelper
-                .getGlobalInstance(IUserManager.class, this);
-        if (userManager != null) {
-            return userManager;
-        } else {
-            logger.error("UserManager Ref is null. ");
-            throw new RuntimeException("UserManager Ref is null. ");
-        }
-    }
-
-}
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerWebSecurityContextRepository.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerWebSecurityContextRepository.java
deleted file mode 100644
index 38007f4aed..0000000000
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/ControllerWebSecurityContextRepository.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License v1.0 which accompanies this distribution,
- * and is available at http://www.eclipse.org/legal/epl-v10.html
- */
-
-
-package org.opendaylight.controller.web;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.web.context.HttpRequestResponseHolder;
-import org.springframework.security.web.context.SecurityContextRepository;
-
-import org.opendaylight.controller.sal.utils.ServiceHelper;
-import org.opendaylight.controller.usermanager.IUserManager;
-
-
-public class ControllerWebSecurityContextRepository implements
-        SecurityContextRepository {
-
-    private static final Logger logger = LoggerFactory
-            .getLogger(ControllerWebSecurityContextRepository.class);
-
-    ControllerWebSecurityContextRepository() {
-    }
-
-    @Override
-    public SecurityContext loadContext(
-            HttpRequestResponseHolder requestResponseHolder) {
-
-        SecurityContextRepository contextRepo = (SecurityContextRepository) getUserManagerRef()
-                .getSecurityContextRepo();
-        return contextRepo.loadContext(requestResponseHolder);
-    }
-
-    @Override
-    public void saveContext(SecurityContext context,
-            HttpServletRequest request, HttpServletResponse response) {
-        SecurityContextRepository contextRepo = (SecurityContextRepository) getUserManagerRef()
-                .getSecurityContextRepo();
-        contextRepo.saveContext(context, request, response);
-    }
-
-    private IUserManager getUserManagerRef() {
-        IUserManager userManager = (IUserManager) ServiceHelper
-                .getGlobalInstance(IUserManager.class, this);
-        if (userManager != null) {
-            return userManager;
-        } else {
-            logger.error("UserManager Ref is null. ");
-            throw new RuntimeException("UserManager Ref is null. ");
-        }
-    }
-
-    @Override
-    public boolean containsContext(HttpServletRequest request) {
-        SecurityContextRepository contextRepo = (SecurityContextRepository) getUserManagerRef()
-                .getSecurityContextRepo();
-        return contextRepo.containsContext(request);
-    }
-
-}
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWeb.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWeb.java
index 296a8fbbd6..24f0b4d80c 100644
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWeb.java
+++ b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWeb.java
@@ -1,4 +1,3 @@
-
 /*
  * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
  *
@@ -12,7 +11,9 @@ package org.opendaylight.controller.web;
 import java.util.HashMap;
 import java.util.Map;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 import org.opendaylight.controller.configuration.IConfigurationService;
 import org.opendaylight.controller.sal.authorization.UserLevel;
@@ -20,7 +21,6 @@ import org.opendaylight.controller.sal.utils.ServiceHelper;
 import org.opendaylight.controller.sal.utils.Status;
 import org.opendaylight.controller.sal.utils.StatusCode;
 import org.opendaylight.controller.usermanager.IUserManager;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -31,73 +31,111 @@ import org.springframework.web.bind.annotation.ResponseBody;
 @RequestMapping("/")
 public class DaylightWeb {
     @RequestMapping(value = "")
-    public String index(Model model) {
-    	IUserManager userManager = (IUserManager) ServiceHelper
+    public String index(Model model, HttpServletRequest request) {
+        IUserManager userManager = (IUserManager) ServiceHelper
                 .getGlobalInstance(IUserManager.class, this);
         if (userManager == null) {
-        	return "User Manager is not available";
+            return "User Manager is not available";
         }
-    	
-        String username = SecurityContextHolder.getContext().getAuthentication().getName();
+
+        String username = request.getUserPrincipal().getName();
+
         model.addAttribute("username", username);
-        model.addAttribute("role", userManager.getUserLevel(username).toNumber());
-        
+        model.addAttribute("role", userManager.getUserLevel(username)
+                .toNumber());
+
         return "main";
     }
 
     @RequestMapping(value = "web.json")
     @ResponseBody
-    public Map<String, Map<String, Object>> bundles() {
-        Object[] instances = ServiceHelper.getGlobalInstances(IDaylightWeb.class,
-                this, null);
+    public Map<String, Map<String, Object>> bundles(HttpServletRequest request) {
+        Object[] instances = ServiceHelper.getGlobalInstances(
+                IDaylightWeb.class, this, null);
         Map<String, Map<String, Object>> bundles = new HashMap<String, Map<String, Object>>();
         Map<String, Object> entry;
         IDaylightWeb bundle;
-        String userName = SecurityContextHolder.getContext().getAuthentication().getName();
-        IUserManager userManger = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
+        String username = request.getUserPrincipal().getName();
+        IUserManager userManger = (IUserManager) ServiceHelper
+                .getGlobalInstance(IUserManager.class, this);
         for (Object instance : instances) {
             bundle = (IDaylightWeb) instance;
-            if (userManger != null &&
-            		bundle.isAuthorized(userManger.getUserLevel(userName))) {
-	            entry = new HashMap<String, Object>();
-	            entry.put("name", bundle.getWebName());
-	            entry.put("order", bundle.getWebOrder());
-	            bundles.put(bundle.getWebId(), entry);
+            if (userManger != null
+                    && bundle.isAuthorized(userManger.getUserLevel(username))) {
+                entry = new HashMap<String, Object>();
+                entry.put("name", bundle.getWebName());
+                entry.put("order", bundle.getWebOrder());
+                bundles.put(bundle.getWebId(), entry);
             }
         }
         return bundles;
     }
-    
+
     @RequestMapping(value = "save", method = RequestMethod.POST)
     @ResponseBody
-    public String save() {
-    	String username = SecurityContextHolder.getContext().getAuthentication().getName();
-    	IUserManager userManager = (IUserManager) ServiceHelper
+    public String save(HttpServletRequest request) {
+        String username = request.getUserPrincipal().getName();
+        IUserManager userManager = (IUserManager) ServiceHelper
                 .getGlobalInstance(IUserManager.class, this);
-        if (userManager == null) return "User Manager is not available";
-        
+        if (userManager == null) {
+            return "User Manager is not available";
+        }
+
         UserLevel level = userManager.getUserLevel(username);
         if (level == UserLevel.NETWORKOPERATOR) {
-        	return "Save not permitted for Operator";
+            return "Save not permitted for Operator";
+        }
+
+        Status status = new Status(StatusCode.UNAUTHORIZED,
+                "Operation not allowed for current user");
+        if (level == UserLevel.NETWORKADMIN || level == UserLevel.SYSTEMADMIN) {
+            IConfigurationService configService = (IConfigurationService) ServiceHelper
+                    .getGlobalInstance(IConfigurationService.class, this);
+            if (configService != null) {
+                status = configService.saveConfigurations();
+            }
         }
-        
-        Status status = new Status(StatusCode.UNAUTHORIZED, 
-        		"Operation not allowed for current user");
-	    if (level == UserLevel.NETWORKADMIN || level == UserLevel.SYSTEMADMIN) {
-	        IConfigurationService configService = (IConfigurationService) ServiceHelper
-	                .getGlobalInstance(IConfigurationService.class, this);
-	        if (configService != null) {
-	        	status = configService.saveConfigurations();
-	        }
-	    }
-        
+
         return status.getDescription();
     }
-    
+
+    @RequestMapping(value = "logout")
+    public String login(Map<String, Object> model,
+            final HttpServletRequest request) {
+
+        IUserManager userManager = (IUserManager) ServiceHelper
+                .getGlobalInstance(IUserManager.class, this);
+        if (userManager == null) {
+            return "User Manager is not available";
+        }
+        String username = request.getUserPrincipal().getName();
+        HttpSession session = request.getSession(false);
+        if (session != null) {
+            if (username != null) {
+                userManager.userLogout(username);
+            }
+            session.invalidate();
+
+        }
+        return "redirect:" + "/";
+    }
+
     @RequestMapping(value = "login")
-	public String login(Map<String, Object> model, final HttpServletResponse response) {
-                response.setHeader("X-Page-Location", "/login");
-		return "login";
-	}
+    public String login(Model model, final HttpServletRequest request,
+            final HttpServletResponse response) {
+        // response.setHeader("X-Page-Location", "/login");
+        IUserManager userManager = (IUserManager) ServiceHelper
+                .getGlobalInstance(IUserManager.class, this);
+        if (userManager == null) {
+            return "User Manager is not available";
+        }
+
+        String username = request.getUserPrincipal().getName();
+
+        model.addAttribute("username", username);
+        model.addAttribute("role", userManager.getUserLevel(username)
+                .toNumber());
+        return "forward:" + "/";
+    }
 
-}
\ No newline at end of file
+}
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java
index bc3d39aa21..1ab8dff116 100644
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java
+++ b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java
@@ -1,4 +1,3 @@
-
 /*
  * Copyright (c) 2013 Cisco Systems, Inc. and others.  All rights reserved.
  *
@@ -11,12 +10,13 @@ package org.opendaylight.controller.web;
 
 import java.util.List;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.opendaylight.controller.sal.authorization.UserLevel;
 import org.opendaylight.controller.sal.utils.ServiceHelper;
 import org.opendaylight.controller.sal.utils.Status;
 import org.opendaylight.controller.usermanager.IUserManager;
 import org.opendaylight.controller.usermanager.internal.UserConfig;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -50,56 +50,59 @@ public class DaylightWebAdmin {
     @ResponseBody
     public String saveLocalUserConfig(
             @RequestParam(required = true) String json,
-            @RequestParam(required = true) String action) {
+            @RequestParam(required = true) String action,
+            HttpServletRequest request) {
 
-    	IUserManager userManager = (IUserManager) ServiceHelper
+        IUserManager userManager = (IUserManager) ServiceHelper
                 .getGlobalInstance(IUserManager.class, this);
         if (userManager == null) {
-        	return "Internal Error";
+            return "Internal Error";
         }
-        
-        if (!authorize(userManager, UserLevel.NETWORKADMIN)) {
-			return "Operation not permitted";
+
+        if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
+            return "Operation not permitted";
         }
-    	
+
         Gson gson = new Gson();
         UserConfig config = gson.fromJson(json, UserConfig.class);
-        
-        Status result = (action.equals("add")) ? 
-        		userManager.addLocalUser(config)
-                   : userManager.removeLocalUser(config);
+
+        Status result = (action.equals("add")) ? userManager
+                .addLocalUser(config) : userManager.removeLocalUser(config);
 
         return result.getDescription();
     }
-    
+
     @RequestMapping(value = "/users/{username}", method = RequestMethod.POST)
     @ResponseBody
-    public String removeLocalUser(@PathVariable("username") String userName) {
-    	if(SecurityContextHolder.getContext().getAuthentication()
-    			.getName().equals(userName)) {
-    		return "Invalid Request: User cannot delete itself";
-    	}
-    	
-    	IUserManager userManager = (IUserManager) ServiceHelper
+    public String removeLocalUser(@PathVariable("username") String userName,
+            HttpServletRequest request) {
+
+        String username = request.getUserPrincipal().getName();
+        if (username.equals(userName)) {
+            return "Invalid Request: User cannot delete itself";
+        }
+
+        IUserManager userManager = (IUserManager) ServiceHelper
                 .getGlobalInstance(IUserManager.class, this);
         if (userManager == null) {
-        	return "Internal Error";
+            return "Internal Error";
         }
-        
-        if (!authorize(userManager, UserLevel.NETWORKADMIN)) {
-			return "Operation not permitted";
+
+        if (!authorize(userManager, UserLevel.NETWORKADMIN, request)) {
+            return "Operation not permitted";
         }
-        
+
         return userManager.removeLocalUser(userName).getDescription();
     }
-    
+
     /**
      * Is the operation permitted for the given level
      * 
      * @param level
      */
-    private boolean authorize(IUserManager userManager, UserLevel level) {
-        String username = SecurityContextHolder.getContext().getAuthentication().getName();
+    private boolean authorize(IUserManager userManager, UserLevel level,
+            HttpServletRequest request) {
+        String username = request.getUserPrincipal().getName();
         UserLevel userLevel = userManager.getUserLevel(username);
         return userLevel.toNumber() <= level.toNumber();
     }
diff --git a/opendaylight/web/root/src/main/resources/WEB-INF/jsp/error.jsp b/opendaylight/web/root/src/main/resources/WEB-INF/jsp/error.jsp
new file mode 100644
index 0000000000..86625854d1
--- /dev/null
+++ b/opendaylight/web/root/src/main/resources/WEB-INF/jsp/error.jsp
@@ -0,0 +1,45 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>OpenDaylight - Error</title>
+
+    <!-- Bootstrap CSS - 1 -->
+    <link href="/css/bootstrap.min.css" rel="stylesheet" media="screen">
+    
+    <!-- Login CSS - 2 -->
+    <link rel="stylesheet/less" type="text/css" href="/css/login.less">
+    
+    <!-- Bootstrap JS - 1 -->
+    <script src="/js/bootstrap.min.js"></script>
+    
+    <!-- LESS - 2 -->
+    <script type="text/javascript">
+        less = {
+            env: "production"
+        };
+    </script>
+    <script src="/js/less-1.3.3.min.js"></script>
+</head>
+<body>
+        <form action="<c:url value='/' />" id="form" method="post">
+
+  <div class="container">
+    <div class="content">
+       <div class="login-form">
+         <div id="logo"></div>
+           <fieldset>
+            <p>Your session has timed out or there was an error.<p>
+            <p>Please go back to the login page and try again.</p>
+            <br/>
+             <button class="btn btn-primary" type="submit" value="Log In" >Go To Login Page</button>
+           </fieldset>
+       </div>
+    </div>
+  </div> 
+  </form>
+</body>
+</html>
\ No newline at end of file
diff --git a/opendaylight/web/root/src/main/resources/WEB-INF/jsp/login.jsp b/opendaylight/web/root/src/main/resources/WEB-INF/jsp/login.jsp
index 431f23aa23..b9d32b1d3d 100644
--- a/opendaylight/web/root/src/main/resources/WEB-INF/jsp/login.jsp
+++ b/opendaylight/web/root/src/main/resources/WEB-INF/jsp/login.jsp
@@ -34,7 +34,7 @@
 	<script src="/js/less-1.3.3.min.js"></script>
 </head>
 <body>
-  <form action="<c:url value='j_spring_security_check' />" id="form" method="post">
+  <form action="<c:url value='j_security_check' />" id="form" method="post">
 
   <div class="container">
     <div class="content">
@@ -54,4 +54,4 @@
   </div> 
   </form>
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/opendaylight/web/root/src/main/resources/WEB-INF/spring/context.xml b/opendaylight/web/root/src/main/resources/WEB-INF/spring/context.xml
deleted file mode 100644
index 8a4bda53b0..0000000000
--- a/opendaylight/web/root/src/main/resources/WEB-INF/spring/context.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xmlns:context="http://www.springframework.org/schema/context"
-  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-  http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
-        <import resource="servlet/security.xml"/>
-
-</beans>
diff --git a/opendaylight/web/root/src/main/resources/WEB-INF/web.xml b/opendaylight/web/root/src/main/resources/WEB-INF/web.xml
index c763531aa0..a14d1c505b 100644
--- a/opendaylight/web/root/src/main/resources/WEB-INF/web.xml
+++ b/opendaylight/web/root/src/main/resources/WEB-INF/web.xml
@@ -1,17 +1,56 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
-http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
-	version="2.4">
+<!-- <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" 
+	version="2.4"> -->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
 
-	<context-param>
-		<param-name>contextConfigLocation</param-name>
-		<param-value>/WEB-INF/spring/*.xml</param-value>
-	</context-param>
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource-name>free access</web-resource-name>
+			<url-pattern>/js/*</url-pattern>
+			<url-pattern>/images/*</url-pattern>
+			<url-pattern>/css/*</url-pattern>
+			<url-pattern>/favicon.ico</url-pattern>
+		</web-resource-collection>
+	</security-constraint>
+
+	<security-constraint>
+		<display-name>RootApp</display-name>
+		<web-resource-collection>
+			<web-resource-name>RootGUI</web-resource-name>
+			<url-pattern>/*</url-pattern>
+		</web-resource-collection>
+		<auth-constraint>
+			<role-name>System-Admin</role-name>
+			<role-name>Network-Admin</role-name>
+			<role-name>Network-Operator</role-name>
+			<role-name>Container-User</role-name>
+		</auth-constraint>
+	</security-constraint>
+
+	<security-role>
+		<role-name>System-Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Network-Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Network-Operator</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Container-User</role-name>
+	</security-role>
 
-	<listener>
-		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-	</listener>
+
+	<login-config>
+		<auth-method>FORM</auth-method>
+		<form-login-config>
+			<form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
+			<form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
+		</form-login-config>
+	</login-config>
 
 	<servlet>
 		<servlet-name>RootGUI</servlet-name>
@@ -24,16 +63,6 @@ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
 		<url-pattern>/</url-pattern>
 	</servlet-mapping>
 
-	<filter>
-		<filter-name>springSecurityFilterChain</filter-name>
-		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-	</filter>
-
-	<filter-mapping>
-		<filter-name>springSecurityFilterChain</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-
 	<display-name>OpenDaylight Controller</display-name>
 	<description>OpenDaylight Controller</description>
 
@@ -41,4 +70,10 @@ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
 		<listener-class>org.opendaylight.controller.web.ControllerUISessionManager</listener-class>
 	</listener>
 
+	<session-config>
+		<cookie-config>
+			<path>/</path>
+		</cookie-config>
+	</session-config>
+
 </web-app>
diff --git a/opendaylight/web/root/src/main/resources/js/one.js b/opendaylight/web/root/src/main/resources/js/one.js
index 4cb633e385..51e8ea9663 100644
--- a/opendaylight/web/root/src/main/resources/js/one.js
+++ b/opendaylight/web/root/src/main/resources/js/one.js
@@ -706,9 +706,9 @@ $("#logout").click(function() {
 
 $.ajaxSetup({
     complete : function(xhr,textStatus) {
-        var page = xhr.getResponseHeader('X-Page-Location');
-        if(page == '/login') {
-            location.href = '/login';
+    	var mime = xhr.getResponseHeader('Content-Type');
+        if (mime.substring(0, 9) == 'text/html') {
+            location.href = '/';
         }
     }
 });
diff --git a/opendaylight/web/topology/pom.xml b/opendaylight/web/topology/pom.xml
index daef22cf23..38999257f1 100644
--- a/opendaylight/web/topology/pom.xml
+++ b/opendaylight/web/topology/pom.xml
@@ -76,26 +76,8 @@
 							org.springframework.web.servlet,
 							org.springframework.web.servlet.config,
 							org.springframework.web.servlet.view,
-
 							org.springframework.web.filter,
 							org.springframework.web.context,
-							org.springframework.security.core,
-							org.springframework.security.core.userdetails,
-							org.springframework.security.core.authority,
-							org.springframework.security.core.context,
-							org.springframework.security.authentication,
-							org.springframework.security.config,
-							org.springframework.security.config.authentication,
-							org.springframework.security.taglibs.authz,
-							org.springframework.security.web,
-							org.springframework.security.web.context,
-							org.springframework.security.web.authentication,
-							org.springframework.security.web.authentication.www,
-							org.springframework.security.provisioning,
-							org.springframework.security.web.util,
-							org.springframework.security.web.authentication.rememberme,
-							org.springframework.security.web.authentication.logout,
-							org.springframework.dao
 						</Import-Package>
 						<Web-ContextPath>/controller/web/topology</Web-ContextPath>
 					</instructions>
diff --git a/opendaylight/web/topology/src/main/java/org/opendaylight/controller/topology/web/Topology.java b/opendaylight/web/topology/src/main/java/org/opendaylight/controller/topology/web/Topology.java
index 33669128f3..791358c18a 100644
--- a/opendaylight/web/topology/src/main/java/org/opendaylight/controller/topology/web/Topology.java
+++ b/opendaylight/web/topology/src/main/java/org/opendaylight/controller/topology/web/Topology.java
@@ -19,6 +19,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import javax.servlet.http.HttpServletRequest;
+
 import org.opendaylight.controller.sal.authorization.UserLevel;
 import org.opendaylight.controller.sal.core.Bandwidth;
 import org.opendaylight.controller.sal.core.Edge;
@@ -33,7 +35,6 @@ import org.opendaylight.controller.switchmanager.Switch;
 import org.opendaylight.controller.switchmanager.SwitchConfig;
 import org.opendaylight.controller.topologymanager.ITopologyManager;
 import org.opendaylight.controller.usermanager.IUserManager;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -274,8 +275,8 @@ public class Topology {
     @RequestMapping(value = "/node/{nodeId}", method = RequestMethod.POST)
     @ResponseBody
     public Map<String, Object> post(@PathVariable String nodeId, @RequestParam(required = true) String x,
-    		@RequestParam(required = true) String y) {
-    	if (!authorize(UserLevel.NETWORKADMIN)) {
+    		@RequestParam(required = true) String y, HttpServletRequest request) {
+    	if (!authorize(UserLevel.NETWORKADMIN, request)) {
     		return new HashMap<String, Object>(); // silently disregard new node position
     	}
     	
@@ -427,14 +428,14 @@ public class Topology {
     	public static final String HOST = "host";
     }
     
-    private boolean authorize(UserLevel level) {
+    private boolean authorize(UserLevel level, HttpServletRequest request) {
     	IUserManager userManager = (IUserManager) ServiceHelper
                 .getGlobalInstance(IUserManager.class, this);
         if (userManager == null) {
         	return false;
         }
         
-        String username = SecurityContextHolder.getContext().getAuthentication().getName();
+        String username = request.getUserPrincipal().getName();
         UserLevel userLevel = userManager.getUserLevel(username);
         if (userLevel.toNumber() <= level.toNumber()) {
         	return true;
diff --git a/opendaylight/web/topology/src/main/resources/WEB-INF/jsp/error.jsp b/opendaylight/web/topology/src/main/resources/WEB-INF/jsp/error.jsp
new file mode 100644
index 0000000000..270d793e5c
--- /dev/null
+++ b/opendaylight/web/topology/src/main/resources/WEB-INF/jsp/error.jsp
@@ -0,0 +1,8 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
diff --git a/opendaylight/web/topology/src/main/resources/WEB-INF/jsp/login.jsp b/opendaylight/web/topology/src/main/resources/WEB-INF/jsp/login.jsp
new file mode 100644
index 0000000000..270d793e5c
--- /dev/null
+++ b/opendaylight/web/topology/src/main/resources/WEB-INF/jsp/login.jsp
@@ -0,0 +1,8 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
diff --git a/opendaylight/web/topology/src/main/resources/WEB-INF/spring/context.xml b/opendaylight/web/topology/src/main/resources/WEB-INF/spring/context.xml
deleted file mode 100644
index 8a4bda53b0..0000000000
--- a/opendaylight/web/topology/src/main/resources/WEB-INF/spring/context.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xmlns:context="http://www.springframework.org/schema/context"
-  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-  http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
-        <import resource="servlet/security.xml"/>
-
-</beans>
diff --git a/opendaylight/web/topology/src/main/resources/WEB-INF/spring/servlet/security.xml b/opendaylight/web/topology/src/main/resources/WEB-INF/spring/servlet/security.xml
deleted file mode 100644
index 6ddae0119b..0000000000
--- a/opendaylight/web/topology/src/main/resources/WEB-INF/spring/servlet/security.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<beans:beans xmlns="http://www.springframework.org/schema/security"
-	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans
-           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-           http://www.springframework.org/schema/security
-           http://www.springframework.org/schema/security/spring-security-3.1.xsd">
-
-
-	<http pattern="/css/**" security="none" />
-	<http pattern="/js/**" security="none" />
-	<http pattern="/images/**" security="none" />
-	<http pattern="/favicon.ico" security="none" />
-	<http pattern="/controller/web/css/**" security="none" />
-	<http pattern="/controller/web/js/**" security="none" />
-	<http pattern="/controller/web/images/**" security="none" />
-
-
-	<http auto-config="false" authentication-manager-ref="authenticationManager"
-		security-context-repository-ref="securityContextRepo" entry-point-ref="loginUrlAuthenticationEntryPoint">
-		<intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<intercept-url pattern="/logout*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
-
-		<intercept-url pattern="/**"
-			access="ROLE_SYSTEM-ADMIN, ROLE_NETWORK-ADMIN, ROLE_NETWORK-OPERATOR, ROLE_CONTAINER-USER, ROLE_APP-USER" />
-		<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
-		<custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />
-		<custom-filter position="LAST" ref="controllerFilter" />
-		<remember-me services-ref="rememberMeServices" key="SDN" />
-	</http>
-	
-	<beans:bean id="controllerFilter"
-		class="org.opendaylight.controller.web.ControllerCustomFilter" />
-
-	<authentication-manager id="authenticationManager">
-		<authentication-provider ref="authenticationProviderWrapper" />
-	</authentication-manager>
-
-	<beans:bean id="authenticationFilter"
-		class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
-		<beans:property name="authenticationManager" ref="authenticationManager" />
-		<beans:property name="authenticationFailureHandler"
-			ref="authenticationFailureHandler" />
-		<beans:property name="authenticationSuccessHandler">
-			<beans:bean
-				class="org.opendaylight.controller.web.ControllerAuthenticationSuccessHandler">
-				<beans:property name="targetUrlParameter" value="x-page-url" />
-				<beans:property name="defaultTargetUrl" value="/" />
-			</beans:bean>
-		</beans:property>
-		<beans:property name="rememberMeServices" ref="rememberMeServices" />
-	</beans:bean>
-
-	<beans:bean id="securityContextRepo"
-		class="org.opendaylight.controller.web.ControllerWebSecurityContextRepository" />
-
-	<beans:bean id="authenticationFailureHandler"
-		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
-		<beans:property name="useForward" value="false" />
-		<beans:property name="defaultFailureUrl" value="/login" />		
-	</beans:bean>
-
-	<beans:bean id="loginUrlAuthenticationEntryPoint"
-		class="org.opendaylight.controller.web.ControllerLoginUrlAuthEntryPoint">
-		<beans:property name="loginFormUrl" value="/login" />
-	</beans:bean>
-
-	<beans:bean id="authenticationProviderWrapper"
-		class="org.opendaylight.controller.web.AuthenticationProviderWrapper" />
-
-    <!-- logout related -->
-    
-    <beans:bean id="logoutHandler"
-        class="org.opendaylight.controller.web.ControllerLogoutHandler" />
-        
-    <beans:bean id="securityContextLogoutHandler"
-        class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />    
-        
-            
-    <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
-        <!-- if logout succeed then this is the URL -->
-        <beans:constructor-arg value="/login" />
-        <beans:constructor-arg>
-            <beans:list>
-                <beans:ref bean="logoutHandler"/>
-                <beans:ref bean="rememberMeServices"/>
-                <beans:ref bean="securityContextLogoutHandler"/>
-            </beans:list>
-        </beans:constructor-arg>
-        <beans:property name="filterProcessesUrl" value="/logout" />
-    </beans:bean>       
-        
-
-
-
-	<!-- remember me related -->
-	<beans:bean id="rememberMeFilter"
-		class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
-		<beans:property name="rememberMeServices" ref="rememberMeServices" />
-		<beans:property name="authenticationManager" ref="authenticationManager" />
-	</beans:bean>
-
-	<beans:bean id="rememberMeServices"
-		class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
-		<beans:property name="userDetailsService" ref="userDetailsServiceRef" />
-		<beans:property name="key" value="SDN" />
-		<beans:property name="alwaysRemember" value="true"></beans:property>
-		<beans:property name="tokenValiditySeconds" value="3600" />
-		<beans:property name="cookieName" value="SDN-Controller" />
-	</beans:bean>
-
-	<beans:bean id="userDetailsServiceRef" class="org.opendaylight.controller.web.ControllerUserDetailsService" />
-
-
-	<beans:bean id="rememberMeAuthenticationProvider"
-		class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
-		<beans:property name="key" value="SDN" />
-	</beans:bean>
-	
-</beans:beans>
diff --git a/opendaylight/web/topology/src/main/resources/WEB-INF/web.xml b/opendaylight/web/topology/src/main/resources/WEB-INF/web.xml
index bbf9a3479c..0d143739c3 100644
--- a/opendaylight/web/topology/src/main/resources/WEB-INF/web.xml
+++ b/opendaylight/web/topology/src/main/resources/WEB-INF/web.xml
@@ -1,18 +1,50 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
-http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
-	version="2.4">
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource-name>free access</web-resource-name>
+			<url-pattern>/js/*</url-pattern>
+			<url-pattern>/images/*</url-pattern>
+			<url-pattern>/css/*</url-pattern>
+			<url-pattern>/favicon.ico</url-pattern>
+		</web-resource-collection>
+	</security-constraint>
 
-	<context-param>
-		<param-name>contextConfigLocation</param-name>
-		<param-value>/WEB-INF/spring/*.xml</param-value>
-	</context-param>
-
-	<listener>
-		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-	</listener>
+	<security-constraint>
+		<display-name>TopologyApp</display-name>
+		<web-resource-collection>
+			<web-resource-name>TopoGUI</web-resource-name>
+			<url-pattern>/*</url-pattern>
+		</web-resource-collection>
+		<auth-constraint>
+			<role-name>System-Admin</role-name>
+			<role-name>Network-Admin</role-name>
+			<role-name>Network-Operator</role-name>
+			<role-name>Container-User</role-name>
+		</auth-constraint>
+	</security-constraint>
+	<security-role>
+		<role-name>System-Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Network-Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Network-Operator</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Container-User</role-name>
+	</security-role>
 
+	<login-config>
+		<auth-method>FORM</auth-method>
+		<form-login-config>
+			<form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
+			<form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
+		</form-login-config>
+	</login-config>
 
 	<servlet>
 		<servlet-name>Topology</servlet-name>
@@ -20,23 +52,22 @@ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
 		<load-on-startup>1</load-on-startup>
 	</servlet>
 
+
+
 	<servlet-mapping>
 		<servlet-name>Topology</servlet-name>
 		<url-pattern>/</url-pattern>
 	</servlet-mapping>
 
-	<filter>
-		<filter-name>springSecurityFilterChain</filter-name>
-		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-	</filter>
-
-	<filter-mapping>
-		<filter-name>springSecurityFilterChain</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
-
 	<listener>
 		<listener-class>org.opendaylight.controller.web.ControllerUISessionManager</listener-class>
 	</listener>
 
+	<session-config>
+		<cookie-config>
+			<path>/</path>
+		</cookie-config>
+	</session-config>
+
+
 </web-app>
diff --git a/opendaylight/web/troubleshoot/pom.xml b/opendaylight/web/troubleshoot/pom.xml
index 8aab6d5fb7..24191692a1 100644
--- a/opendaylight/web/troubleshoot/pom.xml
+++ b/opendaylight/web/troubleshoot/pom.xml
@@ -75,26 +75,8 @@
 							org.springframework.web.servlet,
 							org.springframework.web.servlet.config,
 							org.springframework.web.servlet.view,
-
 							org.springframework.web.filter,
-							org.springframework.web.context,
-							org.springframework.security.core,
-							org.springframework.security.core.userdetails,
-							org.springframework.security.core.authority,
-							org.springframework.security.core.context,
-							org.springframework.security.authentication,
-							org.springframework.security.config,
-							org.springframework.security.config.authentication,
-							org.springframework.security.taglibs.authz,
-							org.springframework.security.web,
-							org.springframework.security.web.context,
-							org.springframework.security.web.authentication,
-							org.springframework.security.web.authentication.www,
-							org.springframework.security.provisioning,
-							org.springframework.security.web.util,
-							org.springframework.security.web.authentication.rememberme,
-							org.springframework.security.web.authentication.logout,
-							org.springframework.dao
+							org.springframework.web.context							
 						</Import-Package>
 						<Web-ContextPath>/controller/web/troubleshoot</Web-ContextPath>
 					</instructions>
diff --git a/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/jsp/error.jsp b/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/jsp/error.jsp
new file mode 100644
index 0000000000..270d793e5c
--- /dev/null
+++ b/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/jsp/error.jsp
@@ -0,0 +1,8 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
diff --git a/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/jsp/login.jsp b/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/jsp/login.jsp
new file mode 100644
index 0000000000..270d793e5c
--- /dev/null
+++ b/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/jsp/login.jsp
@@ -0,0 +1,8 @@
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<c:set var="req" value="${pageContext.request}" />
+<c:set var="uri" value="${req.requestURI}" />
+<c:set var="replaceWith" value="/" />
+<c:set var="redirectUrl" value="${fn:replace(req.requestURL, req.contextPath , replaceWith)}" />
+<c:import url="${redirectUrl}" />
\ No newline at end of file
diff --git a/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/spring/context.xml b/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/spring/context.xml
deleted file mode 100644
index 8a4bda53b0..0000000000
--- a/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/spring/context.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xmlns:context="http://www.springframework.org/schema/context"
-  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-  http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
-
-        <import resource="servlet/security.xml"/>
-
-</beans>
diff --git a/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/spring/servlet/security.xml b/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/spring/servlet/security.xml
deleted file mode 100644
index 18ac6e7ecb..0000000000
--- a/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/spring/servlet/security.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<beans:beans xmlns="http://www.springframework.org/schema/security"
-	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://www.springframework.org/schema/beans
-           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-           http://www.springframework.org/schema/security
-           http://www.springframework.org/schema/security/spring-security-3.1.xsd">
-
-
-	<http pattern="/css/**" security="none" />
-	<http pattern="/js/**" security="none" />
-	<http pattern="/images/**" security="none" />
-	<http pattern="/favicon.ico" security="none" />
-	<http pattern="/controller/web/css/**" security="none" />
-	<http pattern="/controller/web/js/**" security="none" />
-	<http pattern="/controller/web/images/**" security="none" />
-
-
-	<http auto-config="false" authentication-manager-ref="authenticationManager"
-		security-context-repository-ref="securityContextRepo" entry-point-ref="loginUrlAuthenticationEntryPoint">
-		<intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-		<intercept-url pattern="/logout*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
-
-
-		<intercept-url pattern="/**"
-			access="ROLE_SYSTEM-ADMIN, ROLE_NETWORK-ADMIN, ROLE_NETWORK-OPERATOR, ROLE_CONTAINER-USER" />
-		<custom-filter ref="authenticationFilter" position="FORM_LOGIN_FILTER" />
-		<custom-filter position="LOGOUT_FILTER" ref="logoutFilter" />
-		<custom-filter position="LAST" ref="controllerFilter" />
-		<remember-me services-ref="rememberMeServices" key="SDN" />
-	</http>
-	
-	<beans:bean id="controllerFilter"
-		class="org.opendaylight.controller.web.ControllerCustomFilter" />
-
-	<authentication-manager id="authenticationManager">
-		<authentication-provider ref="authenticationProviderWrapper" />
-	</authentication-manager>
-
-	<beans:bean id="authenticationFilter"
-		class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
-		<beans:property name="authenticationManager" ref="authenticationManager" />
-		<beans:property name="authenticationFailureHandler"
-			ref="authenticationFailureHandler" />
-		<beans:property name="authenticationSuccessHandler">
-			<beans:bean
-				class="org.opendaylight.controller.web.ControllerAuthenticationSuccessHandler">
-				<beans:property name="targetUrlParameter" value="x-page-url" />
-				<beans:property name="defaultTargetUrl" value="/" />
-			</beans:bean>
-		</beans:property>
-		<beans:property name="rememberMeServices" ref="rememberMeServices" />
-	</beans:bean>
-
-	<beans:bean id="securityContextRepo"
-		class="org.opendaylight.controller.web.ControllerWebSecurityContextRepository" />
-
-	<beans:bean id="authenticationFailureHandler"
-		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
-		<beans:property name="useForward" value="false" />
-		<beans:property name="defaultFailureUrl" value="/login" />		
-	</beans:bean>
-
-	<beans:bean id="loginUrlAuthenticationEntryPoint"
-		class="org.opendaylight.controller.web.ControllerLoginUrlAuthEntryPoint">
-		<beans:property name="loginFormUrl" value="/login" />
-	</beans:bean>
-
-	<beans:bean id="authenticationProviderWrapper"
-		class="org.opendaylight.controller.web.AuthenticationProviderWrapper" />
-
-    <!-- logout related -->
-    
-    <beans:bean id="logoutHandler"
-        class="org.opendaylight.controller.web.ControllerLogoutHandler" />
-        
-    <beans:bean id="securityContextLogoutHandler"
-        class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />    
-        
-            
-    <beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
-        <!-- if logout succeed then this is the URL -->
-        <beans:constructor-arg value="/login" />
-        <beans:constructor-arg>
-            <beans:list>
-                <beans:ref bean="logoutHandler"/>
-                <beans:ref bean="rememberMeServices"/>
-                <beans:ref bean="securityContextLogoutHandler"/>
-            </beans:list>
-        </beans:constructor-arg>
-        <beans:property name="filterProcessesUrl" value="/logout" />
-    </beans:bean>       
-        
-
-
-
-	<!-- remember me related -->
-	<beans:bean id="rememberMeFilter"
-		class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
-		<beans:property name="rememberMeServices" ref="rememberMeServices" />
-		<beans:property name="authenticationManager" ref="authenticationManager" />
-	</beans:bean>
-
-	<beans:bean id="rememberMeServices"
-		class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
-		<beans:property name="userDetailsService" ref="userDetailsServiceRef" />
-		<beans:property name="key" value="SDN" />
-		<beans:property name="alwaysRemember" value="true"></beans:property>
-		<beans:property name="tokenValiditySeconds" value="3600" />
-		<beans:property name="cookieName" value="SDN-Controller" />
-	</beans:bean>
-
-	<beans:bean id="userDetailsServiceRef" class="org.opendaylight.controller.web.ControllerUserDetailsService" />
-
-
-	<beans:bean id="rememberMeAuthenticationProvider"
-		class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
-		<beans:property name="key" value="SDN" />
-	</beans:bean>
-	
-</beans:beans>
diff --git a/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/web.xml b/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/web.xml
index 80d00410e5..b83df23cb0 100644
--- a/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/web.xml
+++ b/opendaylight/web/troubleshoot/src/main/resources/WEB-INF/web.xml
@@ -1,18 +1,7 @@
 <?xml version="1.0" encoding="ISO-8859-1"?>
-<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
-http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
-	version="2.4">
-
-	<context-param>
-		<param-name>contextConfigLocation</param-name>
-		<param-value>/WEB-INF/spring/*.xml</param-value>
-	</context-param>
-
-	<listener>
-		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
-	</listener>
-
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
 
 	<servlet>
 		<servlet-name>Troubleshoot</servlet-name>
@@ -26,17 +15,65 @@ http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
 	</servlet-mapping>
 
 
-	<filter>
-		<filter-name>springSecurityFilterChain</filter-name>
-		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-	</filter>
 
-	<filter-mapping>
-		<filter-name>springSecurityFilterChain</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
+	<security-constraint>
+		<web-resource-collection>
+			<web-resource-name>free access</web-resource-name>
+			<url-pattern>/js/*</url-pattern>
+			<url-pattern>/images/*</url-pattern>
+			<url-pattern>/css/*</url-pattern>
+			<url-pattern>/favicon.ico</url-pattern>
+		</web-resource-collection>
+	</security-constraint>
+
+	<security-constraint>
+		<display-name>TroubleShootApp</display-name>
+		<web-resource-collection>
+			<web-resource-name>TroubleShootGUI</web-resource-name>
+			<url-pattern>/*</url-pattern>
+		</web-resource-collection>
+		<auth-constraint>
+			<role-name>System-Admin</role-name>
+			<role-name>Network-Admin</role-name>
+			<role-name>Network-Operator</role-name>
+			<role-name>Container-User</role-name>
+		</auth-constraint>
+	</security-constraint>
+
+	<security-role>
+		<role-name>System-Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Network-Admin</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Network-Operator</role-name>
+	</security-role>
+	<security-role>
+		<role-name>Container-User</role-name>
+	</security-role>
+
+
+	<login-config>
+		<auth-method>FORM</auth-method>
+		<form-login-config>
+			<form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
+			<form-error-page>/WEB-INF/jsp/error.jsp</form-error-page>
+		</form-login-config>
+	</login-config>
+
+
 
 	<listener>
 		<listener-class>org.opendaylight.controller.web.ControllerUISessionManager</listener-class>
 	</listener>
+
+	<session-config>
+		<cookie-config>
+			<path>/</path>
+		</cookie-config>
+	</session-config>
+
+
+
 </web-app>
-- 
2.36.6