英文:
Why @Configuration annotation is removed from @EnableWebSecurity class in Spring Security 6
问题
我最近将我的Spring Boot应用程序从Spring Security 5迁移到Spring Security 6。
通常,我们在配置类中使用@EnableWebSecurity注解来启用Web安全性。在Spring Security 6中,我注意到一个有趣的变化是他们从@EnableWebSecurity类中移除了@Configuration注解。
我已经为您提供了Spring Security 5和Spring Security 6中@EnableWebSecurity的源代码以供参考。
// Spring Security 5
@Retention(RUNTIME)
@Target(TYPE)
@Documented
@Import({WebSecurityConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class,org.springframework.security.config.annotation.web.configuration.OAuth2ImportSelector.class,org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.class})
@EnableGlobalAuthentication
@Configuration
public @interface EnableWebSecurity
// Spring Security 6
@Retention(RUNTIME)
@Target(TYPE)
@Documented
@Import({WebSecurityConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class,org.springframework.security.config.annotation.web.configuration.OAuth2ImportSelector.class,org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.class})
@EnableGlobalAuthentication
public @interface EnableWebSecurity
我好奇的是,Spring Security 6中移除@Configuration注解的原因是什么?
编辑:我看到GitHub上的这个问题提到了不再需要在@Enable*注解中使用@Configuration注解。但无论如何,在Spring Security 6中已将其移除。
英文:
I have recently migrated my Spring Boot application from Spring Security 5 to Spring Security 6.
Usually, we use the @EnableWebSecurity annotation in the configuration class to enable web security. An interesting thing I have noticed in Spring Security 6 is they have removed the @Configuration annotation from the @EnableWebSecurity class.
I've added the source code for the @EnableWebSecurity from Spring Security 5 and Spring Security 6 for ease of reference.
// Spring Security 5
@Retention(RUNTIME)
@Target(TYPE)
@Documented
@Import({WebSecurityConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class,org.springframework.security.config.annotation.web.configuration.OAuth2ImportSelector.class,org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.class})
@EnableGlobalAuthentication
@Configuration
public @interface EnableWebSecurity
// Spring Security 6
@Retention(RUNTIME)
@Target(TYPE)
@Documented
@Import({WebSecurityConfiguration.class,org.springframework.security.config.annotation.web.configuration.SpringWebMvcImportSelector.class,org.springframework.security.config.annotation.web.configuration.OAuth2ImportSelector.class,org.springframework.security.config.annotation.web.configuration.HttpSecurityConfiguration.class})
@EnableGlobalAuthentication
public @interface EnableWebSecurity
What I'm curious about is, what would be the reason behind removing the @Configuration annotation in Spring Security 6?
Edit: I have seen this issue on GitHub mentioning @Configuration annotation is no longer needed for @Enable* annotations. But anyways, it's removed in Spring Security 6.
答案1
得分: 5
因为其他@Enable*注解都没有包含@Configuration。这个注解是个例外。所以现在它与所有其他@Enable*注解一致,您自己需要添加@Configuration来标记一个配置类。
英文:
Because non of the other @Enable* annotations included @Configuration. This one was the odd one out. So now it is aligned with all other @Enable* annotations again and you yourself need to add @Configuration to mark a configuration class.
See als this issue related to the remove containing the reason why. The PR for this contains the changes.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论