I've stripped this back to the simplest security config :

In my security-context.xml file
Code:
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER" />
</security:http>
In my web.xml
Code:
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
 </filter-mapping>
In Apache do a rewrite in Apache so that http://localhost/myapp appears at http://localhost using this

Code:
# Remove double "myapp" in url
RewriteRule ^/myapp/(.*) /$1

# Check to see if content can be served locally - rewrite back if not
RewriteCond /dir/to/static/content -f
RewriteRule ^/(.*) /myapp/$1 [PT]

JkMount /myapp/* loadbalancer

However, logging in using the built in Spring Security I get this
Reason: Authentication method not supported: GET

This is with version 3.0.6 of Spring Security and the rewriting works fine as a standard Spring app without security.

Any help or advice as I've been struggling with this for ages.