Add a @EnableWebSecurity if it looks like the user needs one
If the user explicitly disables the basic security features and forgets to @EnableWebSecurity, and yet still wants a bean of type WebSecurityConfigurerAdapter, he is trying to use a custom security setup and the app would fail in a confusing way without this change. Fixes gh-568
This commit is contained in:
@@ -35,7 +35,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter
|
||||
@EnableAutoConfiguration
|
||||
@ComponentScan
|
||||
@Controller
|
||||
public class SampleSecureApplication extends WebMvcConfigurerAdapter {
|
||||
public class SampleWebSecureApplication extends WebMvcConfigurerAdapter {
|
||||
|
||||
@RequestMapping("/")
|
||||
public String home(Map<String, Object> model) {
|
||||
@@ -52,7 +52,7 @@ public class SampleSecureApplication extends WebMvcConfigurerAdapter {
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
// Set user password to "password" for demo purposes only
|
||||
new SpringApplicationBuilder(SampleSecureApplication.class).properties("security.user.password=password").run(
|
||||
new SpringApplicationBuilder(SampleWebSecureApplication.class).properties("security.user.password=password").run(
|
||||
args);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user