@Retention(value=RUNTIME) @Target(value=TYPE) @Documented @Import(value={WebSecurityConfiguration.class,ObjectPostProcessorConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class}) @EnableGlobalAuthentication @Configuration public @interface EnableWebSecurity
@Configuration class to have the Spring Security
configuration defined in any WebSecurityConfigurer or more likely by extending
the WebSecurityConfigurerAdapter base class and overriding individual methods:
@Configuration
@EnableWebSecurity
public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
// Spring Security should completely ignore URLs starting with /resources/
.antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/public/**").permitAll().anyRequest()
.hasRole("USER").and()
// Possibly more configuration ...
.formLogin() // enable form based log in
// set permitAll for all URLs associated with Form Login
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth
// enable in memory based authentication with a user named "user" and "admin"
.inMemoryAuthentication().withUser("user").password("password").roles("USER")
.and().withUser("admin").password("password").roles("USER", "ADMIN");
}
// Possibly more overridden methods ...
}
WebSecurityConfigurer,
WebSecurityConfigurerAdapter| Modifier and Type | Optional Element and Description |
|---|---|
boolean |
debug
Controls debugging support for Spring Security.
|