Annotation Type EnableWebSecurity


  • @Retention(RUNTIME)
    @Target(TYPE)
    @Documented
    @Import({WebSecurityConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class,org.springframework.security.config.annotation.web.configuration.OAuth2ImportSelector.class,org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.class})
    @EnableGlobalAuthentication
    @Configuration
    public @interface EnableWebSecurity
    Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by exposing a SecurityFilterChain bean:
     @Configuration
     @EnableWebSecurity
     public class MyWebSecurityConfiguration {
    
            @Bean
            public WebSecurityCustomizer webSecurityCustomizer() {
                    return (web) -> web.ignoring()
                    // Spring Security should completely ignore URLs starting with /resources/
                                    .requestMatchers("/resources/**");
            }
    
            @Bean
            public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
                    http.authorizeRequests().requestMatchers("/public/**").permitAll().anyRequest()
                                    .hasRole("USER").and()
                                    // Possibly more configuration ...
                                    .formLogin() // enable form based log in
                                    // set permitAll for all URLs associated with Form Login
                                    .permitAll();
                    return http.build();
            }
    
            @Bean
            public UserDetailsService userDetailsService() {
                    UserDetails user = User.withDefaultPasswordEncoder()
                            .username("user")
                            .password("password")
                            .roles("USER")
                            .build();
                    UserDetails admin = User.withDefaultPasswordEncoder()
                            .username("admin")
                            .password("password")
                            .roles("ADMIN", "USER")
                            .build();
                    return new InMemoryUserDetailsManager(user, admin);
            }
    
            // Possibly more bean methods ...
     }
     
    Since:
    3.2
    See Also:
    WebSecurityConfigurer
    • Optional Element Summary

      Optional Elements 
      Modifier and Type Optional Element Description
      boolean debug
      Controls debugging support for Spring Security.
    • Element Detail

      • debug

        boolean debug
        Controls debugging support for Spring Security. Default is false.
        Returns:
        if true, enables debug support with Spring Security
        Default:
        false