Basic Configuration

What Is Basic Configuration?

Basic configuration means.Creating our own security rules instead of using Spring Security’s default rules.

We do this by creating a SecurityConfig class.

Creating SecurityConfig

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@EnableWebSecurity
public class SecurityConfig {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(auth -> auth
            .anyRequest().authenticated()
        )
        .formLogin();
        return http.build();
    }
}

What Is @Configuration?

@Configuration tells Spring

“This class contains configuration code.”

Spring will:

• Scan this class
• Load it at startup
• Use the beans defined inside it

Without @Configuration, Spring will ignore this class.

What Is @EnableWebSecurity?

@EnableWebSecurity tells Spring:

“Enable Spring Security and use my rules.”

This annotation:

• Activates Spring Security
• Allows custom security configuration

Without it:

• Spring may use default security
• Your custom rules may not apply

What Is SecurityFilterChain?

SecurityFilterChain is a bean that defines security rules.

It controls:

• Which requests are allowed
• Which requests need authentication
• How security is applied

.anyRequest().authenticated();

• Every request must be authenticated.

HttpSecurity Object

HttpSecurity is the main configuration object.represents

• Authentication rules
• Authorization rules
• CSRF rules
• Session rules
• Login methods

.anyRequest().authenticated();

• Every request must be authenticated.

How Spring Reads SecurityFilterChain

Request → SecurityFilterChain → Controller