Merge 16d5577936 into 0137d0254c

config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,7 +26,6 @@ import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
 /**
  * The {@link EnableGlobalAuthentication} annotation signals that the annotated class can
@@ -87,14 +86,12 @@ import org.springframework.security.config.annotation.web.servlet.configuration.
  *
  * <ul>
  * <li>{@link EnableWebSecurity}</li>
- * <li>{@link EnableWebMvcSecurity}</li>
  * <li>{@link EnableGlobalMethodSecurity}</li>
  * </ul>
  *
  * Configuring {@link AuthenticationManagerBuilder} in a class without the
  * {@link EnableGlobalAuthentication} annotation has unpredictable results.
  *
- * @see EnableWebMvcSecurity
  * @see EnableWebSecurity
  * @see EnableGlobalMethodSecurity
  * @author Rob Winch

config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java

@@ -1,45 +0,0 @@
-/*
- * Copyright 2002-2013 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.springframework.security.config.annotation.web.servlet.configuration;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-import org.springframework.context.annotation.Import;
-import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
-
-/**
- * Add this annotation to an {@code @Configuration} class to have the Spring Security
- * configuration integrate with Spring MVC.
- *
- * @deprecated Use EnableWebSecurity instead which will automatically add the Spring MVC
- * related Security items.
- * @author Rob Winch
- * @since 3.2
- */
-@Retention(RetentionPolicy.RUNTIME)
-@Target(ElementType.TYPE)
-@Documented
-@Import(WebMvcSecurityConfiguration.class)
-@EnableGlobalAuthentication
-@Deprecated
-public @interface EnableWebMvcSecurity {
-
-}

config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,7 +48,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 import org.springframework.security.config.test.SpringTestContext;
 import org.springframework.security.config.test.SpringTestContextExtension;
 import org.springframework.security.config.users.AuthenticationTestConfiguration;
@@ -110,17 +109,6 @@ public class AuthenticationConfigurationTests {
 		this.service.run();
 	}
 
-	@Test
-	public void orderingAutowiredOnEnableWebMvcSecurity() {
-		this.spring
-			.register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class,
-					GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class)
-			.autowire();
-		SecurityContextHolder.getContext()
-			.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
-		this.service.run();
-	}
-
 	@Test
 	public void getAuthenticationManagerWhenNoAuthenticationThenNull() throws Exception {
 		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire();
@@ -358,12 +346,6 @@ public class AuthenticationConfigurationTests {
 
 	}
 
-	@Configuration
-	@EnableWebMvcSecurity
-	static class WebMvcSecurityConfig {
-
-	}
-
 	@Configuration
 	static class NoOpGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
 

docs/modules/ROOT/pages/servlet/integrations/mvc.adoc

@@ -4,14 +4,8 @@
 Spring Security provides a number of optional integrations with Spring MVC.
 This section covers the integration in further detail.
 
-[[mvc-enablewebmvcsecurity]]
+[[mvc-enablewebsecurity]]
-== @EnableWebMvcSecurity
+== @EnableWebSecurity
-
-[NOTE]
-====
-As of Spring Security 4.0, `@EnableWebMvcSecurity` is deprecated.
-The replacement is `@EnableWebSecurity`, which adds the Spring MVC features, based upon the classpath.
-====
 
 To enable Spring Security integration with Spring MVC, add the `@EnableWebSecurity` annotation to your configuration.