@Retention(value=RUNTIME) @Target(value=TYPE) @Documented @Import(value={WebSecurityConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class,org.springframework.security.config.annotation.web.configuration.OAuth2ImportSelector.class}) @EnableGlobalAuthentication @Configuration public @interface EnableWebSecurity
@Configuration
class to have the Spring Security
configuration defined in any WebSecurityConfigurer
or more likely by extending
the WebSecurityConfigurerAdapter
base class and overriding individual methods:
@Configuration @EnableWebSecurity public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override public void configure(WebSecurity web) throws Exception { web.ignoring() // Spring Security should completely ignore URLs starting with /resources/ .antMatchers("/resources/**"); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/public/**").permitAll().anyRequest() .hasRole("USER").and() // Possibly more configuration ... .formLogin() // enable form based log in // set permitAll for all URLs associated with Form Login .permitAll(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth // enable in memory based authentication with a user named "user" and "admin" .inMemoryAuthentication().withUser("user").password("password").roles("USER") .and().withUser("admin").password("password").roles("USER", "ADMIN"); } // Possibly more overridden methods ... }
WebSecurityConfigurer
,
WebSecurityConfigurerAdapter
Modifier and Type | Optional Element and Description |
---|---|
boolean |
debug
Controls debugging support for Spring Security.
|