-1

In this example there is an @Autowired annotation on the configureGlobal method:

    @EnableWebSecurity
    public class MultiHttpSecurityConfig {
      @Autowired
      public void configureGlobal(AuthenticationManagerBuilder auth) {
          auth
              .inMemoryAuthentication()
                  .withUser("user").password("password").roles("USER").and()
                  .withUser("admin").password("password").roles("USER", "ADMIN");
      }

Is that necessary or does Spring automatically inject the AuthenticationBuilder on methods annotated with @EnableWebSecurity??

The code snippet is pulled from when-to-use-spring-securitys-antmatcher

Ole
  • 41,793
  • 59
  • 191
  • 359

1 Answers1

2

According to Spring documentation @EnableWebSecurity is an annotation that only switches off the default web application security configuration in order to let you add some custom features like the configureGlobal.

configureGlobal should be @Autowired in order to get the AuthenticationManagerBuilder bean and define the authentication type for the application.

In conclusion @EnableWebSecurity doesn't inject beans, it only provides a way to customize the web security application.

@EnableWebSecurity

Ole
  • 41,793
  • 59
  • 191
  • 359
Daniel C.
  • 5,418
  • 3
  • 23
  • 26