Spring security supports securing multiple subsites. The configuration depends a bit on your subsites, whether they use separate host names or not.
When your subsites run under the same host name, you can configure it like this:
<http pattern="/vop/**" ... >
...
</http>
<http pattern="/erop/**" ... >
...
</http>
However, if your subsites run on different host names, it could be that the url patterns overlap. In this case you need to filter by host name, something like:
<bean id="vopMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
<constructor-arg value="hasHeader('host','vop.com')"/>
</bean>
<bean id="eropMatcher" class="org.springframework.security.web.util.ELRequestMatcher">
<constructor-arg value="hasHeader('host','erop.com')"/>
</bean>
<http request-matcher-ref ="vopMatcher" ... >
...
</http>
<http request-matcher-ref ="eropMatcher" ... >
...
</http>