java Spring REST安全性

我为我的REST应用程序启用了Spring安全性，但在使用curl时未获得授权

安全。xml

<sec:http use-expressions="true" entry-point-ref="restAuthenticationEntryPoint">
    <sec:intercept-url pattern="/rest/**" access="hasRole('ROLE_USER')" />

    <sec:form-login authentication-success-handler-ref="mySuccessHandler" />

    <sec:logout />
</sec:http>

<beans:bean id="mySuccessHandler" class="net.himalay.security.MySavedRequestAwareAuthenticationSuccessHandler" />

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider>
        <sec:user-service>
            <sec:user name="temporary" password="temporary" authorities="ROLE_ADMIN" />
            <sec:user name="user" password="userPass" authorities="ROLE_USER" />
        </sec:user-service>
    </sec:authentication-provider>
</sec:authentication-manager>

CustomEntryPoint

@Component
public final class RestAuthenticationEntryPoint implements AuthenticationEntryPoint {

    private static final Logger LOG = LoggerFactory.getLogger(RestAuthenticationEntryPoint.class);

    @Override
    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) throws IOException {

        LOG.info("---------RestAuthenticationEntryPoint----------");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
    }

}

控制器

@Controller
@RequestMapping("rest")
public class MultitenantController {

    @Autowired
    private MultitenantService service;

    @RequestMapping(value = "/user/{id}", method = RequestMethod.GET)
    @ResponseBody
    public User getUserInfo(@PathVariable Long id) {
        return service.getUser(id);
    }

    @RequestMapping(value = "/user", method = RequestMethod.GET)
    @ResponseBody
    public List<User> getCustomers() {
        return service.getUsers();
    }

    @RequestMapping(value = "/user/{id}/todo", method = RequestMethod.GET)
    @ResponseBody
    public List<TodoItem> getTransactions(@PathVariable Long id) {
        HttpHeaders headers = addAccessControllAllowOrigin();
        return getUserInfo(id).getTodoItems();
    }
}

$curl-i-X-u用户：userPasshttp://localhost:8080/mt-rest/rest/user/1/todo

curl: (6) Could not resolve host: user
HTTP/1.1 401 Unauthorized
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=ADA11C09484E658C38D8385CABA0CFAE; Path=/mt-rest/; HttpOnly
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 975
Date: Fri, 31 Jan 2014 17:14:45 GMT

在从安全中取出安全模式之后。xml，它很好用。我到底错过了什么