Sunday, January 4, 2015

@EnableWebSecurity vs. @EnableWebMvcSecurity

What is the difference between @EnableWebSecurity and @EnableWebMvcSecurity?

@EnableWebMvcSecurity provides @EnableWebSecurity's functions

and integration with Spring MVC

like automatic CSRF (Cross Site Request Forgery) token inclusion.

Since Spring Security 4.0.0.RC1, @EnableWebMvcSecurity is deprecated.

You can use @EnableWebSecurity instead for the same purpose since the version.

References:
http://stackoverflow.com/questions/21195615/upgrading-spring-security-to-3-2-0-release-no-longer-provides-csrf-token-in-spri
http://docs.spring.io/spring-security/site/docs/3.2.x/guides/hellomvc.html#logging-out
https://jira.spring.io/browse/SEC-2436
https://jira.spring.io/browse/SEC-2463
https://jira.spring.io/browse/SEC-2790

No comments:

Post a Comment