|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: REQUIRED | OPTIONAL | DETAIL: ELEMENT | ||||||||
@Retention(value=RUNTIME)
@Target(value=TYPE)
@Documented
@Import(value={WebSecurityConfiguration.class,ObjectPostProcessorConfiguration.class,AuthenticationConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class})
public @interface EnableWebSecurity
Add this annotation to an @Configuration class to have the Spring Security
configuration defined in any WebSecurityConfigurer or more likely by extending the
WebSecurityConfigurerAdapter base class and overriding individual methods:
@Configuration
@EnableWebSecurity
public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web
.ignoring()
// Spring Security should completely ignore URLs starting with /resources/
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/public/**").permitAll()
.anyRequest().hasRole("USER")
.and()
// Possibly more configuration ...
.formLogin() // enable form based log in
// set permitAll for all URLs associated with Form Login
.permitAll();
}
@Override
protected void registerAuthentication(AuthenticationManagerBuilder auth) {
auth
// enable in memory based authentication with a user named "user" and "admin"
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER").and()
.withUser("admin").password("password").roles("USER", "ADMIN");
}
// Possibly more overridden methods ...
}
WebSecurityConfigurer,
WebSecurityConfigurerAdapter| Optional Element Summary | |
|---|---|
boolean |
debug
Controls debugging support for Spring Security. |
public abstract boolean debug
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: REQUIRED | OPTIONAL | DETAIL: ELEMENT | ||||||||