Remove @Configuration from @Enable* Annotations

This removes `@Configuration` from all `@Enable` Annotations and explicitly adds `@Configuration` to wherever the `@Enable*` Annotations are used. Closes gh-11653
2026-05-22 21:33:16 +00:00 · 2022-08-09 17:00:24 -05:00
parent 24bb83e2c7 a5069d7e35
commit 425b3501b7
243 changed files with 1379 additions and 20 deletions
@@ -71,6 +71,7 @@ The following minimal method security configures method security in reactive app
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableReactiveMethodSecurity
 public class SecurityConfig {
 	@Bean
@@ -92,6 +93,7 @@ public class SecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableReactiveMethodSecurity
 class SecurityConfig {
 	@Bean
@@ -168,6 +170,7 @@ When integrating with xref:reactive/configuration/webflux.adoc#jc-webflux[WebFlu
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
 public class SecurityConfig {
@@ -203,6 +206,7 @@ public class SecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
@EnableReactiveMethodSecurity
 class SecurityConfig {
@@ -18,7 +18,7 @@ The following listing shows a minimal WebFlux Security configuration:
 .Java
 [source,java,role="primary"]
 -----
-
+@Configuration
@EnableWebFluxSecurity
 public class HelloWebfluxSecurityConfig {

@@ -37,6 +37,7 @@ public class HelloWebfluxSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 -----
+@Configuration
@EnableWebFluxSecurity
 class HelloWebfluxSecurityConfig {

@@ -115,6 +115,7 @@ The following example shows how to configure the `DefaultServerOAuth2Authorizati
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginSecurityConfig {

@@ -157,6 +158,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class SecurityConfig {

@@ -262,6 +264,7 @@ If you have a custom implementation of `ServerAuthorizationRequestRepository`, y
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2ClientSecurityConfig {

@@ -280,6 +283,7 @@ public class OAuth2ClientSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2ClientSecurityConfig {

@@ -335,6 +339,7 @@ Whether you customize `WebClientReactiveAuthorizationCodeTokenResponseClient` or
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2ClientSecurityConfig {

@@ -361,6 +366,7 @@ public class OAuth2ClientSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2ClientSecurityConfig {

@@ -28,6 +28,7 @@ The following code shows the complete configuration options provided by the `Ser
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2ClientSecurityConfig {

@@ -50,6 +51,7 @@ public class OAuth2ClientSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2ClientSecurityConfig {

@@ -27,6 +27,7 @@ The following code shows the complete configuration options available for the `o
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginSecurityConfig {

@@ -55,6 +56,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginSecurityConfig {

@@ -121,6 +123,7 @@ The following listing shows an example:
 .Java
 [source,java,role="primary",subs="-attributes"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginSecurityConfig {

@@ -153,6 +156,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary",subs="-attributes"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginSecurityConfig {

@@ -220,6 +224,7 @@ If you would like to customize the Authorization Response redirection endpoint,
 .Java
 [source,java,role="primary",subs="-attributes"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginSecurityConfig {

@@ -238,6 +243,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary",subs="-attributes"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginSecurityConfig {

@@ -317,6 +323,7 @@ Register a `GrantedAuthoritiesMapper` `@Bean` to have it automatically applied t
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginSecurityConfig {

@@ -364,6 +371,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginSecurityConfig {

@@ -413,6 +421,7 @@ The following example shows how to implement and configure a delegation-based st
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginSecurityConfig {

@@ -453,6 +462,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginSecurityConfig {

@@ -509,6 +519,7 @@ Whether you customize `DefaultReactiveOAuth2UserService` or provide your own imp
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginSecurityConfig {

@@ -531,6 +542,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginSecurityConfig {

@@ -567,6 +579,7 @@ Whether you customize `OidcReactiveOAuth2UserService` or provide your own implem
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginSecurityConfig {

@@ -589,6 +602,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginSecurityConfig {

@@ -686,6 +700,7 @@ spring:
 .Java
 [source,java,role="primary",subs="-attributes"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginSecurityConfig {

@@ -722,6 +737,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary",subs="-attributes"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginSecurityConfig {

@@ -325,6 +325,7 @@ The following example shows how to register a `SecurityWebFilterChain` `@Bean` w
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginSecurityConfig {

@@ -344,6 +345,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginSecurityConfig {

@@ -373,6 +375,7 @@ The following example shows how to completely override the auto-configuration by
 .Java
 [source,java,role="primary",attrs="-attributes"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginConfig {

@@ -414,6 +417,7 @@ public class OAuth2LoginConfig {
 .Kotlin
 [source,kotlin,role="secondary",attrs="-attributes"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginConfig {

@@ -465,6 +469,7 @@ If you are not able to use Spring Boot 2.x and would like to configure one of th
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class OAuth2LoginConfig {

@@ -508,6 +513,7 @@ public class OAuth2LoginConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 class OAuth2LoginConfig {

@@ -204,6 +204,7 @@ You can replace it by exposing the bean within the application:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class MyCustomSecurityConfiguration {
    @Bean
@@ -282,6 +283,7 @@ You can configure an authorization server's Introspection URI <<webflux-oauth2re
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class DirectlyConfiguredIntrospectionUri {
    @Bean
@@ -332,6 +334,7 @@ Using `introspectionUri()` takes precedence over any configuration property.
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class DirectlyConfiguredIntrospector {
    @Bean
@@ -416,6 +419,7 @@ This means that, to protect an endpoint or method with a scope derived from an O
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebFluxSecurity
 public class MappedAuthorities {
    @Bean
@@ -1,3 +1,4 @@
+
 [[jc-method]]
 = Method Security

@@ -32,6 +33,7 @@ For example, the following would enable Spring Security's `@PreAuthorize` annota
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableMethodSecurity
 public class MethodSecurityConfig {
 	// ...
@@ -41,6 +43,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableMethodSecurity
 class MethodSecurityConfig {
 	// ...
@@ -98,6 +101,7 @@ You can enable support for Spring Security's `@Secured` annotation using:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableMethodSecurity(securedEnabled = true)
 public class MethodSecurityConfig {
 	// ...
@@ -107,6 +111,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableMethodSecurity(securedEnabled = true)
 class MethodSecurityConfig {
 	// ...
@@ -127,6 +132,7 @@ or JSR-250 using:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableMethodSecurity(jsr250Enabled = true)
 public class MethodSecurityConfig {
 	// ...
@@ -136,6 +142,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableMethodSecurity(jsr250Enabled = true)
 class MethodSecurityConfig {
 	// ...
@@ -264,6 +271,7 @@ To recreate what adding `@EnableMethodSecurity` does by default, you would publi
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableMethodSecurity(prePostEnabled = false)
 class MethodSecurityConfig {
 	@Bean
@@ -295,6 +303,7 @@ class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableMethodSecurity(prePostEnabled = false)
 class MethodSecurityConfig {
 	@Bean
@@ -392,6 +401,7 @@ You may want to only support `@PreAuthorize` in your application, in which case
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableMethodSecurity(prePostEnabled = false)
 class MethodSecurityConfig {
 	@Bean
@@ -405,6 +415,7 @@ class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableMethodSecurity(prePostEnabled = false)
 class MethodSecurityConfig {
 	@Bean
@@ -440,6 +451,7 @@ Thus, you can configure Spring Security to invoke your `AuthorizationManager` in
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableMethodSecurity
 class MethodSecurityConfig {
 	@Bean
@@ -458,6 +470,7 @@ class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableMethodSecurity
 class MethodSecurityConfig {
 	@Bean
@@ -542,6 +555,7 @@ For example, if you have your own custom annotation, you can configure it like s
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableMethodSecurity
 class MethodSecurityConfig {
 	@Bean
@@ -558,6 +572,7 @@ class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableMethodSecurity
 class MethodSecurityConfig {
 	@Bean
@@ -607,6 +622,7 @@ The following example enables Spring Security's `@Secured` annotation:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
 public class MethodSecurityConfig {
 // ...
@@ -616,6 +632,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
 open class MethodSecurityConfig {
 	// ...
@@ -666,6 +683,7 @@ Support for JSR-250 annotations can be enabled by using:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableGlobalMethodSecurity(jsr250Enabled = true)
 public class MethodSecurityConfig {
 // ...
@@ -675,6 +693,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableGlobalMethodSecurity(jsr250Enabled = true)
 open class MethodSecurityConfig {
 	// ...
@@ -689,6 +708,7 @@ To use the new expression-based syntax, you would use:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class MethodSecurityConfig {
 // ...
@@ -698,6 +718,7 @@ public class MethodSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
 open class MethodSecurityConfig {
 	// ...
@@ -750,6 +771,7 @@ For example, if you wanted to provide a custom `MethodSecurityExpressionHandler`
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
 	@Override
@@ -763,6 +785,7 @@ public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
 open class MethodSecurityConfig : GlobalMethodSecurityConfiguration() {
    override fun createExpressionHandler(): MethodSecurityExpressionHandler {
@@ -28,6 +28,7 @@ import org.springframework.context.annotation.*;
 import org.springframework.security.config.annotation.authentication.builders.*;
 import org.springframework.security.config.annotation.web.configuration.*;

+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -191,6 +192,7 @@ The following example has a different configuration for URL's that start with `/
 ====
 [source,java]
 ----
+@Configuration
@EnableWebSecurity
 public class MultiHttpSecurityConfig {
 	@Bean                                                             <1>
@@ -284,6 +286,7 @@ You can then use the custom DSL:
 ====
 [source,java]
 ----
+@Configuration
@EnableWebSecurity
 public class Config {
 	@Bean
@@ -321,6 +324,7 @@ You can also explicit disable the default:
 ====
 [source,java]
 ----
+@Configuration
@EnableWebSecurity
 public class Config {
 	@Bean
@@ -62,6 +62,7 @@ The following example has a different configuration for URL's that start with `/
 ====
 [source,kotlin]
 ----
+@Configuration
@EnableWebSecurity
 class MultiHttpSecurityConfig {
    @Bean                                                            <1>
@@ -64,6 +64,7 @@ You can configure `CookieCsrfTokenRepository` in Java or Kotlin configuration by
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -81,6 +82,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -332,6 +334,7 @@ For example, the following Java Configuration logs out when the `/logout` URL is
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -349,6 +352,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -20,6 +20,7 @@ You can do so with the following configuration:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -52,6 +53,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {
    @Bean
@@ -80,6 +82,7 @@ If you use Spring Security's configuration, the following adds only xref:feature
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -112,6 +115,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {
    @Bean
@@ -138,6 +142,7 @@ If necessary, you can disable all of the HTTP Security response headers with the
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -164,6 +169,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {
    @Bean
@@ -229,6 +235,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -289,6 +296,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -319,6 +327,7 @@ The following example explicitly provides HSTS:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -356,6 +365,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -387,6 +397,7 @@ You can enable HPKP headers with the following configuration:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -427,6 +438,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -460,6 +472,7 @@ For example, the following configuration specifies that Spring Security should n
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -494,6 +507,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -524,6 +538,7 @@ For example, the following configuration specifies that Spring Security should n
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -556,6 +571,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -598,6 +614,7 @@ Given the preceding security policy, you can enable the CSP header:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -631,6 +648,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -657,6 +675,7 @@ To enable the CSP `report-only` header, provide the following configuration:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -692,6 +711,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -723,6 +743,7 @@ You can enable the Referrer Policy header by using the configuration:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -755,6 +776,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -795,6 +817,7 @@ You can enable the preceding feature policy header by using the following config
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -825,6 +848,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -863,6 +887,7 @@ You can enable the preceding permissions policy header using the following confi
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -895,6 +920,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -934,6 +960,7 @@ You can send the preceding header on log out with the following configuration:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -952,6 +979,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -991,6 +1019,7 @@ Given the preceding header, you could add the headers to the response by using t
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -1021,6 +1050,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -1050,6 +1080,7 @@ If you wanted to explicitly configure <<servlet-headers-frame-options>>, you cou
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -1086,6 +1117,7 @@ See https://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsi
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -1117,6 +1149,7 @@ The following configuration example uses `DelegatingRequestMatcherHeaderWriter`:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -1164,6 +1197,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -12,6 +12,7 @@ Users can integrate the `CorsFilter` with Spring Security by providing a `CorsCo
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -39,6 +40,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 open class WebSecurityConfig {
    @Bean
@@ -85,6 +87,7 @@ If you use Spring MVC's CORS support, you can omit specifying the `CorsConfigura
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -103,6 +106,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 open class WebSecurityConfig {
    @Bean
@@ -514,6 +514,7 @@ Similarly, you can customize frame options to use the same origin within Java Co
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class WebSecurityConfig {

@@ -534,6 +535,7 @@ public class WebSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 open class WebSecurityConfig {
    @Bean
@@ -132,6 +132,7 @@ The following example shows how to configure the `DefaultOAuth2AuthorizationRequ
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -176,6 +177,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class SecurityConfig {

@@ -288,6 +290,7 @@ If you have a custom implementation of `AuthorizationRequestRepository`, you can
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2ClientSecurityConfig {

@@ -308,6 +311,7 @@ public class OAuth2ClientSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2ClientSecurityConfig {

@@ -411,6 +415,7 @@ Whether you customize `DefaultAuthorizationCodeTokenResponseClient` or provide y
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2ClientSecurityConfig {

@@ -431,6 +436,7 @@ public class OAuth2ClientSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2ClientSecurityConfig {

@@ -29,6 +29,7 @@ The following code shows the complete configuration options provided by the `Htt
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2ClientSecurityConfig {

@@ -53,6 +54,7 @@ public class OAuth2ClientSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2ClientSecurityConfig {

@@ -13,6 +13,7 @@ The following code shows an example:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -41,6 +42,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig {

@@ -94,6 +96,7 @@ The following code shows the complete configuration options available for the `o
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -130,6 +133,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig {

@@ -235,6 +239,7 @@ The following listing shows an example:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -257,6 +262,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig {

@@ -326,6 +332,7 @@ If you would like to customize the Authorization Response `baseUri`, configure i
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -346,6 +353,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig {

@@ -438,6 +446,7 @@ Provide an implementation of `GrantedAuthoritiesMapper` and configure it, as fol
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -487,6 +496,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig {

@@ -541,6 +551,7 @@ Alternatively, you can register a `GrantedAuthoritiesMapper` `@Bean` to have it
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -561,6 +572,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig {

@@ -594,6 +606,7 @@ The following example shows how to implement and configure a delegation-based st
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -635,6 +648,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig  {

@@ -720,6 +734,7 @@ Whether you customize `DefaultOAuth2UserService` or provide your own implementat
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -744,6 +759,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig {

@@ -783,6 +799,7 @@ Whether you customize `OidcUserService` or provide your own implementation of `O
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -807,6 +824,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig {

@@ -913,6 +931,7 @@ Also, you can configure `OidcClientInitiatedLogoutSuccessHandler`, which impleme
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -948,6 +967,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig {
    @Autowired
@@ -328,6 +328,7 @@ The following example shows how to register a `SecurityFilterChain` `@Bean` with
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginSecurityConfig {

@@ -346,6 +347,7 @@ public class OAuth2LoginSecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class OAuth2LoginSecurityConfig {

@@ -463,6 +465,7 @@ If you are not able to use Spring Boot 2.x and would like to configure one of th
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class OAuth2LoginConfig {

@@ -505,6 +508,7 @@ public class OAuth2LoginConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 open class OAuth2LoginConfig {
    @Bean
@@ -182,6 +182,7 @@ Replacing this is as simple as exposing the bean within the application:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class MyCustomSecurityConfiguration {
    @Bean
@@ -204,6 +205,7 @@ public class MyCustomSecurityConfiguration {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class MyCustomSecurityConfiguration {
    @Bean
@@ -303,6 +305,7 @@ An authorization server's JWK Set Uri can be configured <<oauth2resourceserver-j
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class DirectlyConfiguredJwkSetUri {
    @Bean
@@ -324,6 +327,7 @@ public class DirectlyConfiguredJwkSetUri {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class DirectlyConfiguredJwkSetUri {
    @Bean
@@ -367,6 +371,7 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class DirectlyConfiguredJwtDecoder {
    @Bean
@@ -388,6 +393,7 @@ public class DirectlyConfiguredJwtDecoder {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class DirectlyConfiguredJwtDecoder {
    @Bean
@@ -731,6 +737,7 @@ This means that to protect an endpoint or method with a scope derived from a JWT
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class DirectlyConfiguredJwkSetUri {
    @Bean
@@ -750,6 +757,7 @@ public class DirectlyConfiguredJwkSetUri {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class DirectlyConfiguredJwkSetUri {
    @Bean
@@ -942,6 +950,7 @@ static class CustomAuthenticationConverter implements Converter<Jwt, AbstractAut

 // ...

+@Configuration
@EnableWebSecurity
 public class CustomAuthenticationConverterConfig {
    @Bean
@@ -971,6 +980,7 @@ internal class CustomAuthenticationConverter : Converter<Jwt, AbstractAuthentica

 // ...

+@Configuration
@EnableWebSecurity
 class CustomAuthenticationConverterConfig {
    @Bean
@@ -225,6 +225,7 @@ Replacing this is as simple as exposing the bean within the application:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class MyCustomSecurityConfiguration {
    @Bean
@@ -247,6 +248,7 @@ public class MyCustomSecurityConfiguration {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class MyCustomSecurityConfiguration {
    @Bean
@@ -343,6 +345,7 @@ An authorization server's Introspection Uri can be configured <<oauth2resourcese
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class DirectlyConfiguredIntrospectionUri {
    @Bean
@@ -365,6 +368,7 @@ public class DirectlyConfiguredIntrospectionUri {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class DirectlyConfiguredIntrospectionUri {
    @Bean
@@ -409,6 +413,7 @@ More powerful than `introspectionUri()` is `introspector()`, which will complete
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class DirectlyConfiguredIntrospector {
    @Bean
@@ -430,6 +435,7 @@ public class DirectlyConfiguredIntrospector {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class DirectlyConfiguredIntrospector {
    @Bean
@@ -492,6 +498,7 @@ This means that to protect an endpoint or method with a scope derived from an Op
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class MappedAuthorities {
    @Bean
@@ -511,6 +518,7 @@ public class MappedAuthorities {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class MappedAuthorities {
    @Bean
@@ -22,6 +22,7 @@ For that reason, you can configure `OpenSaml4AuthenticationProvider` 's default
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class SecurityConfig {

@@ -52,6 +53,7 @@ public class SecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 open class SecurityConfig {
    @Bean
@@ -90,6 +92,7 @@ In that case, the response authentication converter can come in handy, as can be
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class SecurityConfig {
    @Autowired
@@ -123,6 +126,7 @@ public class SecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 open class SecurityConfig {
    @Autowired
@@ -309,6 +313,7 @@ This authentication manager should expect a `Saml2AuthenticationToken` object co
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class SecurityConfig {

@@ -331,6 +336,7 @@ public class SecurityConfig {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 open class SecurityConfig {
    @Bean
@@ -341,6 +341,7 @@ You can replace this by exposing the bean within the application:
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class MyCustomSecurityConfiguration {
    @Bean
@@ -359,6 +360,7 @@ public class MyCustomSecurityConfiguration {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class MyCustomSecurityConfiguration {
    @Bean
@@ -495,6 +497,7 @@ Alternatively, you can directly wire up the repository by using the DSL, which a
 .Java
 [source,java,role="primary"]
 ----
+@Configuration
@EnableWebSecurity
 public class MyCustomSecurityConfiguration {
    @Bean
@@ -515,6 +518,7 @@ public class MyCustomSecurityConfiguration {
 .Kotlin
 [source,kotlin,role="secondary"]
 ----
+@Configuration
@EnableWebSecurity
 class MyCustomSecurityConfiguration {
    @Bean