java.lang.Object
- org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration

All Implemented Interfaces:

org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanClassLoaderAware, org.springframework.context.annotation.ImportAware
```
@Configuration(proxyBeanMethods=false)
public class WebSecurityConfiguration
extends java.lang.Object
implements org.springframework.context.annotation.ImportAware, org.springframework.beans.factory.BeanClassLoaderAware
```
Uses a WebSecurity to create the FilterChainProxy that performs the web based security for Spring Security. It then exports the necessary beans. Customizations can be made to WebSecurity by extending WebSecurityConfigurerAdapter and exposing it as a Configuration or implementing WebSecurityConfigurer and exposing it as a Configuration. This configuration is imported when using EnableWebSecurity.

Since:

3.2

See Also:

EnableWebSecurity, WebSecurity

Constructor Summary

Constructors
Constructor Description

WebSecurityConfiguration()

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`static AutowiredWebSecurityConfigurersIgnoreParents`	`autowiredWebSecurityConfigurersIgnoreParents(org.springframework.beans.factory.config.ConfigurableListableBeanFactory beanFactory)`
`static org.springframework.beans.factory.config.BeanFactoryPostProcessor`	`conversionServicePostProcessor()`
`static org.springframework.security.context.DelegatingApplicationListener`	`delegatingApplicationListener()`
`org.springframework.security.web.access.WebInvocationPrivilegeEvaluator`	`privilegeEvaluator()`	Creates the `WebInvocationPrivilegeEvaluator` that is necessary to evaluate privileges for a given web URI
`void`	`setBeanClassLoader(java.lang.ClassLoader classLoader)`
`void`	`setFilterChainProxySecurityConfigurer(ObjectPostProcessor<java.lang.Object> objectPostProcessor, java.util.List<SecurityConfigurer<javax.servlet.Filter,WebSecurity>> webSecurityConfigurers)`	Sets the `<SecurityConfigurer<FilterChainProxy, WebSecurityBuilder>` instances used to create the web configuration.
`void`	`setImportMetadata(org.springframework.core.type.AnnotationMetadata importMetadata)`
`javax.servlet.Filter`	`springSecurityFilterChain()`	Creates the Spring Security Filter Chain
`org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.FilterInvocation>`	`webSecurityExpressionHandler()`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail
- WebSecurityConfiguration
```
public WebSecurityConfiguration()
```

Method Detail

delegatingApplicationListener

@Bean
public static org.springframework.security.context.DelegatingApplicationListener delegatingApplicationListener()

webSecurityExpressionHandler

@Bean
@DependsOn("springSecurityFilterChain")
public org.springframework.security.access.expression.SecurityExpressionHandler<org.springframework.security.web.FilterInvocation> webSecurityExpressionHandler()

springSecurityFilterChain

@Bean(name="springSecurityFilterChain")
public javax.servlet.Filter springSecurityFilterChain()
                                               throws java.lang.Exception

Creates the Spring Security Filter Chain

Returns:: the Filter that represents the security filter chain
Throws:: java.lang.Exception

privilegeEvaluator
```
@Bean
@DependsOn("springSecurityFilterChain")
public org.springframework.security.web.access.WebInvocationPrivilegeEvaluator privilegeEvaluator()
```
Creates the WebInvocationPrivilegeEvaluator that is necessary to evaluate privileges for a given web URI

Returns:

the WebInvocationPrivilegeEvaluator

setFilterChainProxySecurityConfigurer

@Autowired(required=false)
public void setFilterChainProxySecurityConfigurer(ObjectPostProcessor<java.lang.Object> objectPostProcessor,
                                                  @Value("#{@autowiredWebSecurityConfigurersIgnoreParents.getWebSecurityConfigurers()}")
                                                  java.util.List<SecurityConfigurer<javax.servlet.Filter,WebSecurity>> webSecurityConfigurers)
                                           throws java.lang.Exception

Sets the <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder> instances used to create the web configuration.

Parameters:: objectPostProcessor - the ObjectPostProcessor used to create a WebSecurity instance; webSecurityConfigurers - the <SecurityConfigurer<FilterChainProxy, WebSecurityBuilder> instances used to create the web configuration
Throws:: java.lang.Exception

conversionServicePostProcessor

@Bean
public static org.springframework.beans.factory.config.BeanFactoryPostProcessor conversionServicePostProcessor()

autowiredWebSecurityConfigurersIgnoreParents

@Bean
public static AutowiredWebSecurityConfigurersIgnoreParents autowiredWebSecurityConfigurersIgnoreParents(org.springframework.beans.factory.config.ConfigurableListableBeanFactory beanFactory)

setImportMetadata
```
public void setImportMetadata(org.springframework.core.type.AnnotationMetadata importMetadata)
```
Specified by:

setImportMetadata in interface org.springframework.context.annotation.ImportAware

setBeanClassLoader
```
public void setBeanClassLoader(java.lang.ClassLoader classLoader)
```
Specified by:

setBeanClassLoader in interface org.springframework.beans.factory.BeanClassLoaderAware

Class WebSecurityConfiguration

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

WebSecurityConfiguration

Method Detail

delegatingApplicationListener

webSecurityExpressionHandler

springSecurityFilterChain

privilegeEvaluator

setFilterChainProxySecurityConfigurer

conversionServicePostProcessor

autowiredWebSecurityConfigurersIgnoreParents

setImportMetadata

setBeanClassLoader