Fix Add @configuration to @enable*Security Usage

Issue gh-6613

Author: rwinch

config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderBuilderSecurityBuilderTests.java

@@ -189,6 +189,7 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 
 	}
 
+	@Configuration
 	@EnableWebSecurity
 	static class GroupSearchConfig extends BaseLdapProviderConfig {
 

config/src/main/java/org/springframework/security/config/annotation/rsocket/RSocketSecurity.java

@@ -55,6 +55,7 @@
  * A minimal example can be found below:
  *
  * <pre class="code">
+ * &#064;Configuration
  * &#064;EnableRSocketSecurity
  * public class SecurityConfig {
  *     &#064;Bean
@@ -82,6 +83,7 @@
  * A more advanced configuration can be seen below:
  *
  * <pre class="code">
+ * &#064;Configuration
  * &#064;EnableRSocketSecurity
  * public class SecurityConfig {
  *     &#064;Bean

config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java

@@ -22,7 +22,6 @@
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 
-import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
 
@@ -39,7 +38,6 @@
 @Documented
 @Import(WebMvcSecurityConfiguration.class)
 @EnableGlobalAuthentication
-@Configuration
 @Deprecated
 public @interface EnableWebMvcSecurity {
 

config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java

@@ -39,9 +39,9 @@
  * @author Rob Winch
  *
  */
+@Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-@Configuration
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Autowired

config/src/test/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.java

@@ -531,8 +531,8 @@ Authz authz() {
 
 	}
 
-	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@Configuration
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class RoleHierarchyConfig {
 
 		@Bean
@@ -607,8 +607,8 @@ void emptyPrefixRoleUser() {
 
 	}
 
-	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@Configuration
+	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	public static class CustomMetadataSourceBeanProxyEnabledConfig extends GlobalMethodSecurityConfiguration {
 
 	}

config/src/test/java/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.java

@@ -316,8 +316,8 @@ protected AuthenticationManager authenticationManager() {
 
 	}
 
-	@EnableGlobalMethodSecurity(jsr250Enabled = true)
 	@Configuration
+	@EnableGlobalMethodSecurity(jsr250Enabled = true)
 	public static class Jsr250Config {
 
 	}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java

@@ -127,6 +127,7 @@ protected void configure(HttpSecurity http) throws Exception {
 
 	}
 
+	@Configuration
 	@EnableWebSecurity
 	static class AnonymousDisabledInLambdaConfig extends WebSecurityConfigurerAdapter {
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java

@@ -131,6 +131,7 @@ protected void configure(HttpSecurity http) throws Exception {
 
 	}
 
+	@Configuration
 	@EnableWebSecurity
 	static class FormLoginCustomConfig extends WebSecurityConfigurerAdapter {
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java

@@ -26,6 +26,7 @@
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
@@ -151,6 +152,7 @@ private <T extends Certificate> T loadCert(String location) {
 		}
 	}
 
+	@Configuration
 	@EnableWebSecurity
 	static class ObjectPostProcessorConfig extends WebSecurityConfigurerAdapter {
 
@@ -180,6 +182,7 @@ public <O> O postProcess(O object) {
 
 	}
 
+	@Configuration
 	@EnableWebSecurity
 	static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
@@ -205,6 +208,7 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 
 	}
 
+	@Configuration
 	@EnableWebSecurity
 	static class DefaultsInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -227,6 +231,7 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 
 	}
 
+	@Configuration
 	@EnableWebSecurity
 	static class SubjectPrincipalRegexInLambdaConfig extends WebSecurityConfigurerAdapter {
 
@@ -252,6 +257,7 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 
 	}
 
+	@Configuration
 	@EnableWebSecurity
 	static class UserDetailsServiceBeanConfig {
 
@@ -279,6 +285,7 @@ UserDetailsService userDetailsService() {
 
 	}
 
+	@Configuration
 	@EnableWebSecurity
 	static class UserDetailsServiceAndBeanConfig {
 

config/src/test/kotlin/org/springframework/security/config/annotation/method/configuration/KotlinEnableReactiveMethodSecurityTests.kt

@@ -210,8 +210,8 @@ class KotlinEnableReactiveMethodSecurityTests {
         verify { delegate wasNot Called }
     }
 
-    @EnableReactiveMethodSecurity
     @Configuration
+    @EnableReactiveMethodSecurity
     open class Config {
         var delegate = mockk<KotlinReactiveMessageService>()
 

config/src/test/kotlin/org/springframework/security/config/web/server/AuthorizeExchangeDslTests.kt

@@ -32,7 +32,7 @@ import org.springframework.test.web.reactive.server.WebTestClient
 import org.springframework.web.bind.annotation.RequestMapping
 import org.springframework.web.bind.annotation.RestController
 import org.springframework.web.reactive.config.EnableWebFlux
-import java.util.*
+import java.util.Base64
 
 /**
  * Tests for [AuthorizeExchangeDsl]

docs/modules/ROOT/pages/servlet/authorization/method-security.adoc

@@ -1,3 +1,4 @@
+
 [[jc-method]]
 = Method Security
 
@@ -32,6 +33,7 @@ For example, the following would enable Spring Security's `@PreAuthorize` annota
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableMethodSecurity
 public class MethodSecurityConfig {
 	// ...
@@ -41,6 +43,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableMethodSecurity
 class MethodSecurityConfig {
 	// ...
@@ -98,6 +101,7 @@ You can enable support for Spring Security's `@Secured` annotation using:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableMethodSecurity(securedEnabled = true)
 public class MethodSecurityConfig {
 	// ...
@@ -107,6 +111,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableMethodSecurity(securedEnabled = true)
 class MethodSecurityConfig {
 	// ...
@@ -127,6 +132,7 @@ or JSR-250 using:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableMethodSecurity(jsr250Enabled = true)
 public class MethodSecurityConfig {
 	// ...
@@ -136,6 +142,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableMethodSecurity(jsr250Enabled = true)
 class MethodSecurityConfig {
 	// ...
@@ -264,6 +271,7 @@ To recreate what adding `@EnableMethodSecurity` does by default, you would publi
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableMethodSecurity(prePostEnabled = false)
 class MethodSecurityConfig {
 	@Bean
@@ -295,6 +303,7 @@ class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableMethodSecurity(prePostEnabled = false)
 class MethodSecurityConfig {
 	@Bean
@@ -392,6 +401,7 @@ You may want to only support `@PreAuthorize` in your application, in which case
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableMethodSecurity(prePostEnabled = false)
 class MethodSecurityConfig {
 	@Bean
@@ -405,6 +415,7 @@ class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableMethodSecurity(prePostEnabled = false)
 class MethodSecurityConfig {
 	@Bean
@@ -440,6 +451,7 @@ Thus, you can configure Spring Security to invoke your `AuthorizationManager` in
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableMethodSecurity
 class MethodSecurityConfig {
 	@Bean
@@ -458,6 +470,7 @@ class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableMethodSecurity
 class MethodSecurityConfig {
 	@Bean
@@ -542,6 +555,7 @@ For example, if you have your own custom annotation, you can configure it like s
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableMethodSecurity
 class MethodSecurityConfig {
 	@Bean
@@ -558,6 +572,7 @@ class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableMethodSecurity
 class MethodSecurityConfig {
 	@Bean
@@ -607,6 +622,7 @@ The following example enables Spring Security's `@Secured` annotation:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableGlobalMethodSecurity(securedEnabled = true)
 public class MethodSecurityConfig {
 // ...
@@ -616,6 +632,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableGlobalMethodSecurity(securedEnabled = true)
 open class MethodSecurityConfig {
 	// ...
@@ -666,6 +683,7 @@ Support for JSR-250 annotations can be enabled by using:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableGlobalMethodSecurity(jsr250Enabled = true)
 public class MethodSecurityConfig {
 // ...
@@ -675,6 +693,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableGlobalMethodSecurity(jsr250Enabled = true)
 open class MethodSecurityConfig {
 	// ...
@@ -689,6 +708,7 @@ To use the new expression-based syntax, you would use:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class MethodSecurityConfig {
 // ...
@@ -698,6 +718,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 open class MethodSecurityConfig {
 	// ...
@@ -750,6 +771,7 @@ For example, if you wanted to provide a custom `MethodSecurityExpressionHandler`
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
 	@Override
@@ -763,6 +785,7 @@ public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 open class MethodSecurityConfig : GlobalMethodSecurityConfiguration() {
     override fun createExpressionHandler(): MethodSecurityExpressionHandler {

docs/modules/ROOT/pages/servlet/configuration/java.adoc

@@ -324,6 +324,7 @@ You can also explicit disable the default:
 ====
 [source,java]
 ----
+@Configuration
 @EnableWebSecurity
 public class Config {
 	@Bean