New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SEC-2436: Create EnableWebMvcSecurity #2656

Closed
spring-issuemaster opened this Issue Dec 11, 2013 · 2 comments

Comments

Projects
None yet
2 participants
@spring-issuemaster

spring-issuemaster commented Dec 11, 2013

Rob Winch (Migrated from SEC-2436) said:

Rather than automatically adding MVC integration an EnableWebMvcSecurity annotation should be created. This allows users to customize the behavior by creating their own Bean definitions if they desire. Java Configuration requires @EnableWebMvcSecurity annotation now

@spring-issuemaster

This comment has been minimized.

Show comment
Hide comment
@spring-issuemaster

spring-issuemaster Jan 16, 2014

Daniel Fernández said:

Perhaps this should be added to http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#csrf-configure too? It seems that using only @EnableWebSecurity as appears in that code sample does not automatically add CSRF support...

spring-issuemaster commented Jan 16, 2014

Daniel Fernández said:

Perhaps this should be added to http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#csrf-configure too? It seems that using only @EnableWebSecurity as appears in that code sample does not automatically add CSRF support...

@spring-issuemaster

This comment has been minimized.

Show comment
Hide comment
@spring-issuemaster

spring-issuemaster Jan 16, 2014

Rob Winch said:

Very good point. I created SEC-2463 to address this. Thanks!

spring-issuemaster commented Jan 16, 2014

Rob Winch said:

Very good point. I created SEC-2463 to address this. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment