From the DelegatingFilterProxy docs:
Notice that the filter is actually a
DelegatingFilterProxy, and not the
class that will actually implement the
logic of the filter. What
DelegatingFilterProxy does is delegate
the Filter’s methods through to a bean
which is obtained from the Spring
application context. This enables the
bean to benefit from the Spring web
application context lifecycle support
and configuration flexibility. The
bean must implement
javax.servlet.Filter and it must have
the same name as that in the
filter-name element. Read the Javadoc
for DelegatingFilterProxy for more
information
You need to define a bean named springSecurityFilterChain that implements javax.servlet.Filter in your application context.
From Getting Started with Security Namespace Configuration:
If you are familiar with pre-namespace
versions of the framework, you can
probably already guess roughly what’s
going on here. The<http>element is
responsible for creating a
FilterChainProxyand the filter beans
which it uses. Common problems like
incorrect filter ordering are no
longer an issue as the filter
positions are predefined.
So you need at least A Minimal <http> Configuration