Configure HTTP Security without extending WebSecurityConfigurerAdapter #8804
Description
Expected Behavior
Similar to the WebFlux security configuration, we should add the capability to configure HTTP Security by registering a SecurityFilterChain bean, in Servlet applications.
@Bean
SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http
.antMatcher("/**")
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
)
.build();
}
Current Behavior
The equivalent configuration by extending the WebSecurityConfigurerAdapter looks like this
@Configuration
static class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.antMatcher("/**")
.authorizeRequests(authorize -> authorize
.anyRequest().authenticated()
);
}
}