Skip to content

Confusing example - WebMvcConfigurer vs WebSecurityConfigurerAdapter #6809

New issue
New issue
Closed
Closed
Confusing example - WebMvcConfigurer vs WebSecurityConfigurerAdapter#6809
Labels
in: docsAn issue in Documentation or samplesstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug
@adamzimny

Description

@adamzimny
adamzimny
opened on Apr 22, 2019

Summary

In Spring Security documentation in the hello-web example here:
https://docs.spring.io/spring-security/site/docs/5.1.5.RELEASE/reference/htmlsingle/#hello-web-security-java-configuration
the code is:

@EnableWebSecurity
public class WebSecurityConfig implements WebMvcConfigurer {

This suggests that custom implementation of WebMvcConfigurer interface is the standard way of Spring Security configuration.

Further down in the documentation usage of WebSecurityConfigurerAdapter is mentioned and multiple examples of void configure(HttpSecurity http) customization are given.

This raises confusion about the role of WebMvcConfigurer in Spring Security and the use cases for WebMvcConfigurer vs WebSecurityConfigurerAdapter.

Most likely the intention in the example was:

@EnableWebSecurity
public class WebSecurityConfig implements WebSecurityConfigurerAdapter {

instead of

@EnableWebSecurity
public class WebSecurityConfig implements WebMvcConfigurer {

Version

5.1.5

Sample

Not only I got confused, Stackoverflow discussing the same:
https://stackoverflow.com/questions/53894649/difference-between-webmvcconfigurer-and-websecurityconfigureradapter

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: docsAn issue in Documentation or samplesstatus: backportedAn issue that has been backported to maintenance branchestype: bugA general bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions