Annotation Interface EnableWebSecurity


@Retention(RUNTIME) @Target(TYPE) @Documented @Import({WebSecurityConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class,org.springframework.security.config.annotation.web.configuration.OAuth2ImportSelector.class,org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.class,org.springframework.security.config.annotation.web.configuration.ObservationImportSelector.class}) @EnableGlobalAuthentication public @interface EnableWebSecurity
Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by exposing a SecurityFilterChain bean:
 @Configuration
 @EnableWebSecurity
 public class MyWebSecurityConfiguration {

        @Bean
        public WebSecurityCustomizer webSecurityCustomizer() {
                return (web) -> web.ignoring()
                // Spring Security should completely ignore URLs starting with /resources/
                                .requestMatchers("/resources/**");
        }

        @Bean
        public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
                http.authorizeHttpRequests().requestMatchers("/public/**").permitAll().anyRequest()
                                .hasRole("USER").and()
                                // Possibly more configuration ...
                                .formLogin() // enable form based log in
                                // set permitAll for all URLs associated with Form Login
                                .permitAll();
                return http.build();
        }

        @Bean
        public UserDetailsService userDetailsService() {
                UserDetails user = User.withDefaultPasswordEncoder()
                        .username("user")
                        .password("password")
                        .roles("USER")
                        .build();
                UserDetails admin = User.withDefaultPasswordEncoder()
                        .username("admin")
                        .password("password")
                        .roles("ADMIN", "USER")
                        .build();
                return new InMemoryUserDetailsManager(user, admin);
        }

        // Possibly more bean methods ...
 }
 
Since:
3.2
See Also:
  • Optional Element Summary

    Optional Elements
    Modifier and Type
    Optional Element
    Description
    boolean
    Controls debugging support for Spring Security.
  • Element Details

    • debug

      boolean debug
      Controls debugging support for Spring Security. Default is false.
      Returns:
      if true, enables debug support with Spring Security
      Default:
      false