Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the use of @EnableWebSecurity in Spring?

Tags:

java

annotations

spring-boot

spring-security

As per the Spring documantation:

Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by extending the WebSecurityConfigurerAdapter base class and overriding individual methods:

Or As this @EnableWebSecurity depicts, is used to enable SpringSecurity in our project.

But my question is that even if I don't annotate any of my class with @EnableWebSecurity still the application prompting for username and password.(default behaviour)

So I am receiving the same behaviour with @EnableWebSecurity and without @EnableWebSecurity.

Can someone please explain what exactly is this annotation for?

like image 507
Mehraj Malik Avatar asked Jun 21 '17 09:06

Mehraj Malik

People also ask

What is the use of @EnableWebSecurity in Spring boot?

The @EnableWebSecurity is a marker annotation. It allows Spring to find (it's a @Configuration and, therefore, @Component ) and automatically apply the class to the global WebSecurity . If I don't annotate any of my class with @EnableWebSecurity still the application prompting for username and password.

What is the use of WebSecurityConfigurerAdapter?

WebSecurityConfigurerAdapter is a convenience class that allows customization to both WebSecurity and HttpSecurity. We can extend WebSecurityConfigurerAdapter multiple times (in distinct objects) to replicate the behavior of having multiple http elements.

What is the use of AbstractSecurityWebApplicationInitializer?

AbstractSecurityWebApplicationInitializer. Creates a new instance that assumes the Spring Security configuration is loaded by some other means than this class. For example, a user might create a ContextLoaderListener using a subclass of AbstractContextLoaderInitializer .

What is @EnableGlobalMethodSecurity in Spring boot?

EnableGlobalMethodSecurity provides AOP security on methods. Some of the annotations that it provides are PreAuthorize , PostAuthorize . It also has support for JSR-250. There are more parameters in the configuration for you.

1 Answers

The @EnableWebSecurity is a marker annotation. It allows Spring to find (it's a @Configuration and, therefore, @Component) and automatically apply the class to the global WebSecurity.

If I don't annotate any of my class with @EnableWebSecurity still the application prompting for username and password.

Yes, it is the default behavior. If you looked at your classpath, you could find other classes marked with that annotation (depends on your dependencies):

  • SpringBootWebSecurityConfiguration;
  • FallbackWebSecurityAutoConfiguration;
  • WebMvcSecurityConfiguration.

Consider them carefully, turn the needed configuration off, or override its behavior.

like image 55
Andrew Tobilko Avatar answered Sep 28 '22 06:09

Andrew Tobilko
Sign in to Comment

Related questions

Why is shared mutability bad?
How can I implement the Iterable interface?
Is there java.util.concurrent equivalent for WeakHashMap?
Giving multiple conditions in for loop in Java [closed]
How to deploy a node.js app with maven?
Mock private static final field using mockito or Jmockit
Do I need to close InputStream after I close the Reader
How do you turn off swagger-ui in production
Reflection type inference on Java 8 Lambdas
Scope of the Java System Properties
java.lang.NullPointerException is thrown using a method-reference but not a lambda expression
Forming Mockito "grammars"
Mockito: using a method in "thenReturn" to return a mock doesn't work
Why is Java's Class<T> generic?
How to see my Eclipse version? [duplicate]
Rounding necessary with BigDecimal numbers
Is there a difference in removing the curly braces from If statements in java
Is Java 7 WatchService Slow for Anyone Else?
Difference between MBean and MXBean
Alternative to File.deleteOnExit() in Java NIO?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!