Annotation Interface EnableWebSecurity
@Retention(RUNTIME)
@Target(TYPE)
@Documented
@Import({WebSecurityConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class,org.springframework.security.config.annotation.web.configuration.OAuth2ImportSelector.class,org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.class})
@EnableGlobalAuthentication
public @interface EnableWebSecurity
Add this annotation to an
@Configuration
class to have the Spring Security
configuration defined in any WebSecurityConfigurer
or more likely by exposing a
SecurityFilterChain
bean:
@Configuration @EnableWebSecurity public class MyWebSecurityConfiguration { @Bean public WebSecurityCustomizer webSecurityCustomizer() { return (web) -> web.ignoring() // Spring Security should completely ignore URLs starting with /resources/ .requestMatchers("/resources/**"); } @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http.authorizeHttpRequests().requestMatchers("/public/**").permitAll().anyRequest() .hasRole("USER").and() // Possibly more configuration ... .formLogin() // enable form based log in // set permitAll for all URLs associated with Form Login .permitAll(); return http.build(); } @Bean public UserDetailsService userDetailsService() { UserDetails user = User.withDefaultPasswordEncoder() .username("user") .password("password") .roles("USER") .build(); UserDetails admin = User.withDefaultPasswordEncoder() .username("admin") .password("password") .roles("ADMIN", "USER") .build(); return new InMemoryUserDetailsManager(user, admin); } // Possibly more bean methods ... }
- Since:
- 3.2
- See Also:
-
Optional Element Summary
Modifier and TypeOptional ElementDescriptionboolean
Controls debugging support for Spring Security.
-
Element Details
-
debug
boolean debugControls debugging support for Spring Security. Default is false.- Returns:
- if true, enables debug support with Spring Security
- Default:
- false
-