@Retention(value=RUNTIME) @Target(value=TYPE) @Documented @Import(value={WebSecurityConfiguration.class,ObjectPostProcessorConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class}) @EnableGlobalAuthentication @Configuration public @interface EnableWebSecurity
@Configuration
class to have the Spring Security
configuration defined in any WebSecurityConfigurer
or more likely by extending the
WebSecurityConfigurerAdapter
base class and overriding individual methods:
@Configuration @EnableWebSecurity public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override public void configure(WebSecurity web) throws Exception { web .ignoring() // Spring Security should completely ignore URLs starting with /resources/ .antMatchers("/resources/**"); } @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/public/**").permitAll() .anyRequest().hasRole("USER") .and() // Possibly more configuration ... .formLogin() // enable form based log in // set permitAll for all URLs associated with Form Login .permitAll(); } @Override protected void configure(AuthenticationManagerBuilder auth) { auth // enable in memory based authentication with a user named "user" and "admin" .inMemoryAuthentication() .withUser("user").password("password").roles("USER").and() .withUser("admin").password("password").roles("USER", "ADMIN"); } // Possibly more overridden methods ... }
WebSecurityConfigurer
,
WebSecurityConfigurerAdapter
Modifier and Type | Optional Element and Description |
---|---|
boolean |
debug
Controls debugging support for Spring Security.
|