Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Confusing example - WebMvcConfigurer vs WebSecurityConfigurerAdapter #6809

Closed
adamzimny opened this issue Apr 22, 2019 · 3 comments
Closed

Confusing example - WebMvcConfigurer vs WebSecurityConfigurerAdapter #6809

adamzimny opened this issue Apr 22, 2019 · 3 comments
Labels
in: docs An issue in Documentation or samples status: backported An issue that has been backported to maintenance branches type: bug A general bug

Comments

@adamzimny
Copy link

Summary

In Spring Security documentation in the hello-web example here:
https://docs.spring.io/spring-security/site/docs/5.1.5.RELEASE/reference/htmlsingle/#hello-web-security-java-configuration
the code is:

@EnableWebSecurity
public class WebSecurityConfig implements WebMvcConfigurer {

This suggests that custom implementation of WebMvcConfigurer interface is the standard way of Spring Security configuration.

Further down in the documentation usage of WebSecurityConfigurerAdapter is mentioned and multiple examples of void configure(HttpSecurity http) customization are given.

This raises confusion about the role of WebMvcConfigurer in Spring Security and the use cases for WebMvcConfigurer vs WebSecurityConfigurerAdapter.

Most likely the intention in the example was:

@EnableWebSecurity
public class WebSecurityConfig implements WebSecurityConfigurerAdapter {

instead of

@EnableWebSecurity
public class WebSecurityConfig implements WebMvcConfigurer {

Version

5.1.5

Sample

Not only I got confused, Stackoverflow discussing the same:
https://stackoverflow.com/questions/53894649/difference-between-webmvcconfigurer-and-websecurityconfigureradapter
@jzheaux
Copy link
Contributor

jzheaux commented Apr 25, 2019

@adamzimny I agree with your analysis, thanks for the report. Would you be able to submit a PR with the needed change?

adamzimny added a commit to adamzimny/spring-security that referenced this issue Apr 27, 2019
@adamzimny
Documentation: fix Hello Web Security example
92c83a0 
Fixes spring-projectsgh-6809
@adamzimny adamzimny mentioned this issue Apr 27, 2019
Closed
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label May 7, 2019
@pthorson
Copy link

pthorson commented May 8, 2019

Can same be checked in for 5.1.x branch? Thank you.

adamzimny added a commit to adamzimny/spring-security that referenced this issue May 8, 2019
@adamzimny
Documentation: fix Hello Web Security example
fd3f23e 
Fixes spring-projectsgh-6809
@adamzimny adamzimny mentioned this issue May 8, 2019
Closed
@rwinch rwinch added in: docs An issue in Documentation or samples type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels May 13, 2019
@jzheaux
Copy link
Contributor

jzheaux commented Aug 22, 2019

Actually, I'm thinking that it's not quite as simple as switching out the class reference.

The issue here is that the documentation states:

You can find the most basic example of a Spring Security Java Configuration below:

And if we add the extends WebSecurityConfigurerAdapter, then that's actually a false statement as the simplest configuration requires no extends at all. I had originally missed this when I recommended this for a PR.

I agree with @rwinch here that the best fix would be to remove the implements WebMvcConfigurer and update the way WebSecurityConfigurerAdapter is introduced in the documentation. This could likely be done by changing only a couple of sentences.

jzheaux added a commit that referenced this issue Aug 22, 2019
@jzheaux
Add WebSecurityConfigurerAdapter Doc Detail
362356d 
Fixes gh-6809
@spring-projects-issues spring-projects-issues added the status: backported An issue that has been backported to maintenance branches label Aug 22, 2019
Closed
kostya05983 pushed a commit to kostya05983/spring-security that referenced this issue Aug 26, 2019
@jzheaux @kostya05983
Add WebSecurityConfigurerAdapter Doc Detail
9709438 
Fixes spring-projectsgh-6809
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
in: docs An issue in Documentation or samples status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove Invalid WebMvcConfigurer from Sample Documentation adamzimny/spring-security
5 participants
@rwinch @pthorson @adamzimny @jzheaux @spring-projects-issues