Skip to content

Commit 052256d

Browse files
committed
Add WebSecurityConfigurerAdapter Doc Detail
Fixes gh-6809
1 parent f0515a0 commit 052256d

File tree

1 file changed

+16
-5
lines changed

1 file changed

+16
-5
lines changed

docs/manual/src/docs/asciidoc/_includes/servlet/preface/java-configuration.adoc

Lines changed: 16 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -25,10 +25,10 @@ import org.springframework.security.config.annotation.authentication.builders.*;
2525
import org.springframework.security.config.annotation.web.configuration.*;
2626
2727
@EnableWebSecurity
28-
public class WebSecurityConfig implements WebMvcConfigurer {
28+
public class WebSecurityConfig {
2929
3030
@Bean
31-
public UserDetailsService userDetailsService() throws Exception {
31+
public UserDetailsService userDetailsService() {
3232
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
3333
manager.createUser(User.withDefaultPasswordEncoder().username("user").password("password").roles("USER").build());
3434
return manager;
@@ -131,7 +131,10 @@ public class MvcWebApplicationInitializer extends
131131
== HttpSecurity
132132

133133
Thus far our <<jc-hello-wsca,WebSecurityConfig>> only contains information about how to authenticate our users.
134-
How does Spring Security know that we want to require all users to be authenticated? How does Spring Security know we want to support form based authentication? The reason for this is that the `WebSecurityConfigurerAdapter` provides a default configuration in the `configure(HttpSecurity http)` method that looks like:
134+
How does Spring Security know that we want to require all users to be authenticated?
135+
How does Spring Security know we want to support form based authentication?
136+
Actually, there is an configuration class that is being invoked behind the scenes called `WebSecurityConfigurerAdapter`.
137+
It has a method called `configure` with the following default implementation:
135138

136139
[source,java]
137140
----
@@ -168,9 +171,17 @@ You will notice that this configuration is quite similar the XML Namespace confi
168171
You might be wondering where the login form came from when you were prompted to log in, since we made no mention of any HTML files or JSPs.
169172
Since Spring Security's default configuration does not explicitly set a URL for the login page, Spring Security generates one automatically, based on the features that are enabled and using standard values for the URL which processes the submitted login, the default target URL the user will be sent to after logging in and so on.
170173

171-
While the automatically generated log in page is convenient to get up and running quickly, most applications will want to provide their own log in page.
172-
To do so we can update our configuration as seen below:
174+
While the automatically generated log in page is convenient to get up and running quickly, most applications will want to provide their own login page.
175+
When we want to change the default configuration, we can customize the `WebSecurityConfigurerAdapter` that we mentioned earlier by extending it like so:
176+
177+
[source,java]
178+
----
179+
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
180+
// ...
181+
}
182+
----
173183

184+
And then override the `configure` method as seen below:
174185

175186
[source,java]
176187
----

0 commit comments

Comments
 (0)