Implementing Spring Security in the Google Engine

I am trying to integrate spring protection in google engine. But this does not work properly. I want to authenticate the user when he tries to access the page index, and redirect them to the page login. But now I can directly visit the page index.

I followed the spring.io and mkyong tutorial.

here is part of my pom.xml dependencies

<dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
            <version>4.1.5.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.webflow</groupId>
            <artifactId>spring-webflow</artifactId>
            <version>2.4.0.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>3.2.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>3.2.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>jstl</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>

AppConfig the class

@EnableWebMvc
@Configuration
//@ComponentScan({ "com.example.web.*" })
@ComponentScan({ "com.example.web" })
@Import({ SecurityConfig.class })
public class AppConfig {
    @Bean
    public InternalResourceViewResolver viewResolver() {
        InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
        viewResolver.setViewClass(JstlView.class);
        viewResolver.setPrefix("/WEB-INF/jsp/");
        viewResolver.setSuffix(".jsp");
        return viewResolver;
    }
}

SecurityConfig the class

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.inMemoryAuthentication().withUser("user").password("password")
                .roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated().and().formLogin()
                .loginPage("/account/login");
    }
}

SecurityWebApplicationInitializer the class

public class SecurityWebApplicationInitializer extends
        AbstractSecurityWebApplicationInitializer {
}

WebApplicationInitializer the class

public class WebApplicationInitializer extends
        AbstractAnnotationConfigDispatcherServletInitializer {
    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { AppConfig.class };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return null;
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }
}

AccountController the class

@Controller
@RequestMapping("/account")
public class AccountController {

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String Index(Model model) {

        return "login";
    }
}

HomeController the class

@Controller @RequestMapping ("/") Public class HomeController {

@RequestMapping(method = RequestMethod.GET)
public String Index(Model model) {

    model.addAttribute("x", 1);
    model.addAttribute("y", 2);
    model.addAttribute("z", 3);

    return "index";
}

index.jsp page

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<!DOCTYPE html>
.....

login.jsp page

<%@page session="false"%>
<!DOCTYPE html>

What I want to achieve now is to redirect an unauthorized user to the login page. But now it will not work, I can directly visit the homepage.