SEC-2436: Create EnableWebMvcSecurity #2656

Closed
spring-issuemaster opened this Issue Dec 11, 2013 · 2 comments

Comments

Projects
None yet
2 participants
@spring-issuemaster

Rob Winch (Migrated from SEC-2436) said:

Rather than automatically adding MVC integration an EnableWebMvcSecurity annotation should be created. This allows users to customize the behavior by creating their own Bean definitions if they desire. Java Configuration requires @EnableWebMvcSecurity annotation now

@spring-issuemaster

This comment has been minimized.

Show comment Hide comment
@spring-issuemaster

spring-issuemaster Jan 16, 2014

Daniel Fernández said:

Perhaps this should be added to http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#csrf-configure too? It seems that using only @enablewebsecurity as appears in that code sample does not automatically add CSRF support...

Daniel Fernández said:

Perhaps this should be added to http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#csrf-configure too? It seems that using only @enablewebsecurity as appears in that code sample does not automatically add CSRF support...

@spring-issuemaster

This comment has been minimized.

Show comment Hide comment
@spring-issuemaster

spring-issuemaster Jan 16, 2014

Rob Winch said:

Very good point. I created SEC-2463 to address this. Thanks!

Rob Winch said:

Very good point. I created SEC-2463 to address this. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment