What is the difference between @EnableWebSecurity and @EnableWebMvcSecurity?
@EnableWebMvcSecurity provides @EnableWebSecurity's functions
and integration with Spring MVC
like automatic CSRF (Cross Site Request Forgery) token inclusion.
Since Spring Security 4.0.0.RC1, @EnableWebMvcSecurity is deprecated.
You can use @EnableWebSecurity instead for the same purpose since the version.
References:
http://stackoverflow.com/questions/21195615/upgrading-spring-security-to-3-2-0-release-no-longer-provides-csrf-token-in-spri
http://docs.spring.io/spring-security/site/docs/3.2.x/guides/hellomvc.html#logging-out
https://jira.spring.io/browse/SEC-2436
https://jira.spring.io/browse/SEC-2463
https://jira.spring.io/browse/SEC-2790
No comments:
Post a Comment