@ConditionalOnProperty(prefix="security.basic",
name="enabled",
havingValue="false")
@ConditionalOnBean(org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class)
@ConditionalOnClass(org.springframework.security.config.annotation.web.configuration.EnableWebSecurity.class)
@ConditionalOnMissingBean(org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.class)
@ConditionalOnWebApplication
@EnableWebSecurity
public class FallbackWebSecurityAutoConfiguration
extends Object
If the user explicitly disables the basic security features and forgets to @EnableWebSecurity
, and yet still wants a bean of type WebSecurityConfigurerAdapter, he is trying to use a custom security setup. The app would fail in a confusing way without this shim configuration, which just helpfully defines an empty @EnableWebSecurity
.