diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java index a8eb793f556..0f4990f2468 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,7 +26,6 @@ import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; /** * The {@link EnableGlobalAuthentication} annotation signals that the annotated class can @@ -87,14 +86,12 @@ * * * * Configuring {@link AuthenticationManagerBuilder} in a class without the * {@link EnableGlobalAuthentication} annotation has unpredictable results. * - * @see EnableWebMvcSecurity * @see EnableWebSecurity * @see EnableGlobalMethodSecurity * @author Rob Winch diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java deleted file mode 100644 index 68d65fb08b4..00000000000 --- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2002-2013 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.security.config.annotation.web.servlet.configuration; - -import java.lang.annotation.Documented; -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -import org.springframework.context.annotation.Import; -import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication; - -/** - * Add this annotation to an {@code @Configuration} class to have the Spring Security - * configuration integrate with Spring MVC. - * - * @deprecated Use EnableWebSecurity instead which will automatically add the Spring MVC - * related Security items. - * @author Rob Winch - * @since 3.2 - */ -@Retention(RetentionPolicy.RUNTIME) -@Target(ElementType.TYPE) -@Documented -@Import(WebMvcSecurityConfiguration.class) -@EnableGlobalAuthentication -@Deprecated -public @interface EnableWebMvcSecurity { - -} diff --git a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java index a25e121073b..d26c2f43e7d 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -48,7 +48,6 @@ import org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity; import org.springframework.security.config.test.SpringTestContext; import org.springframework.security.config.test.SpringTestContextExtension; import org.springframework.security.config.users.AuthenticationTestConfiguration; @@ -110,17 +109,6 @@ public void orderingAutowiredOnEnableWebSecurity() { this.service.run(); } - @Test - public void orderingAutowiredOnEnableWebMvcSecurity() { - this.spring - .register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class, - GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class) - .autowire(); - SecurityContextHolder.getContext() - .setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER")); - this.service.run(); - } - @Test public void getAuthenticationManagerWhenNoAuthenticationThenNull() throws Exception { this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire(); @@ -358,12 +346,6 @@ static class WebSecurityConfig { } - @Configuration - @EnableWebMvcSecurity - static class WebMvcSecurityConfig { - - } - @Configuration static class NoOpGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter { diff --git a/docs/modules/ROOT/pages/servlet/integrations/mvc.adoc b/docs/modules/ROOT/pages/servlet/integrations/mvc.adoc index 89b2c45aca2..fdf33f55d53 100644 --- a/docs/modules/ROOT/pages/servlet/integrations/mvc.adoc +++ b/docs/modules/ROOT/pages/servlet/integrations/mvc.adoc @@ -4,14 +4,8 @@ Spring Security provides a number of optional integrations with Spring MVC. This section covers the integration in further detail. -[[mvc-enablewebmvcsecurity]] -== @EnableWebMvcSecurity - -[NOTE] -==== -As of Spring Security 4.0, `@EnableWebMvcSecurity` is deprecated. -The replacement is `@EnableWebSecurity`, which adds the Spring MVC features, based upon the classpath. -==== +[[mvc-enablewebsecurity]] +== @EnableWebSecurity To enable Spring Security integration with Spring MVC, add the `@EnableWebSecurity` annotation to your configuration.