Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
SEC-2436: Create EnableWebMvcSecurity #2656
Rather than automatically adding MVC integration an EnableWebMvcSecurity annotation should be created. This allows users to customize the behavior by creating their own Bean definitions if they desire. Java Configuration requires @EnableWebMvcSecurity annotation now
Daniel Fernández said:
Perhaps this should be added to http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#csrf-configure too? It seems that using only @enablewebsecurity as appears in that code sample does not automatically add CSRF support...