Package org.springframework.security.config.annotation.web.configuration

Annotation Interface EnableWebSecurity

@Retention(RUNTIME) @Target(TYPE) @Documented @Import({WebSecurityConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class,org.springframework.security.config.annotation.web.configuration.OAuth2ImportSelector.class,org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.class}) @EnableGlobalAuthentication @Configuration public @interface EnableWebSecurity
Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by extending the WebSecurityConfigurerAdapter base class and overriding individual methods: 
 @Configuration
 @EnableWebSecurity
 public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter {

        @Override
        public void configure(WebSecurity web) throws Exception {
                web.ignoring()
                // Spring Security should completely ignore URLs starting with /resources/
                                .antMatchers("/resources/**");
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
                http.authorizeRequests().antMatchers("/public/**").permitAll().anyRequest()
                                .hasRole("USER").and()
                                // Possibly more configuration ...
                                .formLogin() // enable form based log in
                                // set permitAll for all URLs associated with Form Login
                                .permitAll();
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                auth
                // enable in memory based authentication with a user named "user" and "admin"
                .inMemoryAuthentication().withUser("user").password("password").roles("USER")
                                .and().withUser("admin").password("password").roles("USER", "ADMIN");
        }

        // Possibly more overridden methods ...
 }
Since:
3.2
See Also:

  • Optional Element Summary

    Optional Elements
    Modifier and Type
    Optional Element
    Description
    boolean
    debug
    Controls debugging support for Spring Security.

  • Element Details

    • debug

      boolean debug
      Controls debugging support for Spring Security. Default is false.
      Returns:
      if true, enables debug support with Spring Security
      Default:
      false