SEC-2788: Add @Configuration as meta annotation to @Enable* annotations

2014-12-08 16:06:58 -06:00 · 2014-12-08 16:06:58 -06:00 · 3171cc4364
parent 11116c2b80
commit 3171cc4364
99 changed files with 11 additions and 240 deletions
--- a/config/src/integration-test/groovy/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.groovy
+++ b/config/src/integration-test/groovy/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.groovy
@ -45,7 +45,6 @@ class LdapAuthenticationProviderConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class MultiLdapAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth
--- a/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
+++ b/config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java
@ -28,8 +28,6 @@ import org.springframework.security.ldap.userdetails.PersonContextMapper;
 *
 */
 public class NamespaceLdapAuthenticationProviderTestsConfigs {
-
-    @Configuration
    @EnableWebSecurity
    static class LdapAuthenticationProviderConfig extends WebSecurityConfigurerAdapter {
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@ -40,7 +38,6 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
        }
    }

-    @Configuration
    @EnableWebSecurity
    static class CustomLdapAuthenticationProviderConfig extends WebSecurityConfigurerAdapter {
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@ -66,7 +63,6 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
        }
    }

-    @Configuration
    @EnableWebSecurity
    static class CustomAuthoritiesPopulatorConfig extends WebSecurityConfigurerAdapter {
        static LdapAuthoritiesPopulator LAP;
@ -78,7 +74,6 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
        }
    }

-    @Configuration
    @EnableWebSecurity
    static class PasswordCompareLdapConfig extends WebSecurityConfigurerAdapter {
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java
@ -19,6 +19,7 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;

+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@ -88,4 +89,5 @@ import org.springframework.security.config.annotation.web.servlet.configuration.
@Target(value={java.lang.annotation.ElementType.TYPE})
@Documented
@Import(AuthenticationConfiguration.class)
+@Configuration
 public @interface EnableGlobalAuthentication {}
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
@ -20,6 +20,7 @@ import java.lang.annotation.Retention;
 import java.lang.annotation.Target;

 import org.springframework.context.annotation.AdviceMode;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.core.Ordered;
 import org.springframework.security.access.annotation.Secured;
@ -46,6 +47,7 @@ import org.springframework.security.config.annotation.configuration.ObjectPostPr
@Documented
@Import({GlobalMethodSecuritySelector.class,ObjectPostProcessorConfiguration.class})
@EnableGlobalAuthentication
+@Configuration
 public @interface EnableGlobalMethodSecurity {

    /**
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
@ -19,6 +19,7 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;

+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
 import org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration;
@ -79,6 +80,7 @@ import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
@Documented
@Import({WebSecurityConfiguration.class,ObjectPostProcessorConfiguration.class})
@EnableGlobalAuthentication
+@Configuration
 public @interface EnableWebSecurity {

    /**
--- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java
@ -19,6 +19,7 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;

+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;

@ -35,5 +36,6 @@ import org.springframework.security.config.annotation.authentication.configurati
@Documented
@Import(WebMvcSecurityConfiguration.class)
@EnableGlobalAuthentication
+@Configuration
 public @interface EnableWebMvcSecurity {
 }
--- a/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java
@ -38,7 +38,6 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
 * @author Rob Winch
 * @since 3.2
 */
-@Configuration
@EnableWebSecurity
 public class WebMvcSecurityConfiguration extends WebMvcConfigurerAdapter {

--- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.groovy
@ -76,7 +76,6 @@ class AuthenticationManagerBuilderTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class MultiAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth
--- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.groovy
@ -46,7 +46,6 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class EraseCredentialsTrueDefaultConfig extends WebSecurityConfigurerAdapter {
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth
@ -73,7 +72,6 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class EraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth
@ -101,7 +99,6 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class GlobalEraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.groovy
@ -39,7 +39,6 @@ class NamespaceAuthenticationProviderTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class AuthenticationProviderRefConfig extends WebSecurityConfigurerAdapter {
        static DaoAuthenticationProvider expected = new DaoAuthenticationProvider()
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@ -64,7 +63,6 @@ class NamespaceAuthenticationProviderTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class UserServiceRefConfig extends WebSecurityConfigurerAdapter {
        static InMemoryUserDetailsManager expected = new InMemoryUserDetailsManager([] as Collection)
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.groovy
@ -49,7 +49,6 @@ class NamespaceJdbcUserServiceTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class JdbcUserServiceConfig extends WebSecurityConfigurerAdapter {
        @Autowired
        private DataSource dataSource;
@ -79,7 +78,6 @@ class NamespaceJdbcUserServiceTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class JdbcUserServiceInMemorySampleConfig extends WebSecurityConfigurerAdapter {
        @Autowired
        private DataSource dataSource;
@ -127,7 +125,6 @@ class NamespaceJdbcUserServiceTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class CustomJdbcUserServiceSampleConfig extends WebSecurityConfigurerAdapter {
        @Autowired
        private DataSource dataSource;
--- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.groovy
@ -51,7 +51,6 @@ class NamespacePasswordEncoderTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class PasswordEncoderWithInMemoryConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@ -72,7 +71,6 @@ class NamespacePasswordEncoderTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class PasswordEncoderWithJdbcConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@ -101,7 +99,6 @@ class NamespacePasswordEncoderTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class PasswordEncoderWithUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerConfigs.java
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerConfigs.java
@ -35,7 +35,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 public class PasswordEncoderConfigurerConfigs {

    @EnableWebSecurity
-    @Configuration
    static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            BCryptPasswordEncoder encoder = passwordEncoder();
@ -63,7 +62,6 @@ public class PasswordEncoderConfigurerConfigs {
    }

    @EnableWebSecurity
-    @Configuration
    static class PasswordEncoderNoAuthManagerLoadsConfig extends WebSecurityConfigurerAdapter {
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            BCryptPasswordEncoder encoder = passwordEncoder();
--- a/config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy
@ -58,7 +58,6 @@ class AuthenticationConfigurationTests extends BaseSpringSpec {
    @Import([GlobalMethodSecurityAutowiredConfig,ServicesConfig])
    static class GlobalMethodSecurityAutowiredConfigAndServicesConfig {}

-    @Configuration
    @EnableGlobalMethodSecurity(securedEnabled = true)
    static class GlobalMethodSecurityAutowiredConfig {
        @Autowired
@ -80,11 +79,9 @@ class AuthenticationConfigurationTests extends BaseSpringSpec {
    @Import([GlobalMethodSecurityConfig,WebSecurityConfig,ServicesConfig])
    static class GlobalMethodSecurityConfigAndServicesConfig {}

-    @Configuration
    @EnableGlobalMethodSecurity(securedEnabled = true)
    static class GlobalMethodSecurityConfig {}

-    @Configuration
    @EnableWebSecurity
    static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        @Autowired
@ -108,7 +105,6 @@ class AuthenticationConfigurationTests extends BaseSpringSpec {
    @Import([GlobalMethodSecurityConfig,WebMvcSecurityConfig,ServicesConfig])
    static class GlobalMethodSecurityMvcSecurityAndServicesConfig {}

-    @Configuration
    @EnableWebMvcSecurity
    static class WebMvcSecurityConfig extends WebSecurityConfigurerAdapter {
        @Autowired
--- a/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy
@ -65,7 +65,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
            InMemoryAuthWithGlobalMethodSecurityConfig.EVENT.authentication == auth
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    public static class InMemoryAuthWithGlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration implements ApplicationListener<AuthenticationSuccessEvent> {
        static AuthenticationSuccessEvent EVENT
@ -96,7 +95,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
            preAdviceVoter.preAdvice.expressionHandler.trustResolver == CustomTrustResolverConfig.TR
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    static class CustomTrustResolverConfig extends GlobalMethodSecurityConfiguration {
        static AuthenticationTrustResolver TR
@ -130,7 +128,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
            noExceptionThrown()
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
    static class ExpressionHandlerHasBeanResolverSetConfig extends GlobalMethodSecurityConfiguration {

@ -182,7 +179,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
            noExceptionThrown()
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    static class MethodSecurityServiceConfig extends GlobalMethodSecurityConfiguration {

@ -217,7 +213,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
            thrown(AccessDeniedException)
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    public static class AutowirePermissionEvaluatorConfig extends GlobalMethodSecurityConfiguration {
        static PermissionEvaluator PE
@ -246,7 +241,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
            noExceptionThrown()
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    public static class MultiPermissionEvaluatorConfig extends GlobalMethodSecurityConfiguration {
        static PermissionEvaluator PE
@ -287,7 +281,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {

    static class ChildConfig extends ParentConfig {}

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    static class ParentConfig {

@ -331,7 +324,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
        }
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    static class Sec2479ChildConfig {
        @Bean
--- a/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.groovy
@ -73,7 +73,6 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests extends BaseSpr
        thrown(AccessDeniedException)
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    public static class CustomAccessDecisionManagerConfig extends GlobalMethodSecurityConfiguration {
        @Override
--- a/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.groovy
@ -78,7 +78,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
            thrown(AccessDeniedException)
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
    public static class CustomAccessDecisionManagerConfig extends GlobalMethodSecurityConfiguration {
        @Override
@ -110,7 +109,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
            thrown(UnsupportedOperationException)
    }

-    @Configuration
    @EnableGlobalMethodSecurity
    public static class CustomAuthenticationConfig extends GlobalMethodSecurityConfiguration {
        @Override
@ -168,7 +166,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
            thrown(AccessDeniedException)
    }

-    @Configuration
    @EnableGlobalMethodSecurity
    public static class CustomMethodSecurityMetadataSourceConfig extends GlobalMethodSecurityConfiguration {
        @Override
@ -195,7 +192,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
            context.getBean(AspectJMethodSecurityInterceptor)
    }

-    @Configuration
    @EnableGlobalMethodSecurity(mode = AdviceMode.ASPECTJ, proxyTargetClass = true)
    public static class AspectJModeConfig extends BaseMethodConfig {
    }
@ -208,7 +204,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
            context.getBean(AspectJMethodSecurityInterceptor)
    }

-    @Configuration
    @EnableGlobalMethodSecurity(mode = AdviceMode.ASPECTJ)
    public static class AspectJModeExtendsGMSCConfig extends GlobalMethodSecurityConfiguration {
    }
@ -223,7 +218,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
            advisor.order == 135
    }

-    @Configuration
    @EnableGlobalMethodSecurity(order = 135)
    public static class CustomOrderConfig extends BaseMethodConfig {
    }
@ -236,7 +230,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
            advisor.order == Ordered.LOWEST_PRECEDENCE
    }

-    @Configuration
    @EnableGlobalMethodSecurity
    public static class DefaultOrderConfig extends BaseMethodConfig {
    }
@ -249,7 +242,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
            advisor.order == Ordered.LOWEST_PRECEDENCE
    }

-    @Configuration
    @EnableGlobalMethodSecurity
    public static class DefaultOrderExtendsMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
    }
@ -331,7 +323,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
            service.runAs().authorities.find { it.authority == "ROLE_RUN_AS_SUPER"}
    }

-    @Configuration
    @EnableGlobalMethodSecurity(securedEnabled = true)
    public static class CustomRunAsManagerConfig extends GlobalMethodSecurityConfiguration {
        @Override
@ -377,7 +368,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
            e.message == "custom AfterInvocationManager"
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    public static class CustomAfterInvocationManagerConfig extends GlobalMethodSecurityConfiguration {
        @Override
--- a/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.groovy
@ -58,7 +58,6 @@ public class SampleEnableGlobalMethodSecurityTests extends BaseSpringSpec {
        thrown(AccessDeniedException)
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled=true)
    public static class SampleWebSecurityConfig {
        @Bean
@ -88,7 +87,6 @@ public class SampleEnableGlobalMethodSecurityTests extends BaseSpringSpec {
        thrown(AccessDeniedException)
    }

-    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled=true)
    public static class CustomPermissionEvaluatorWebSecurityConfig extends GlobalMethodSecurityConfiguration {
        @Bean
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy
@ -87,7 +87,6 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseSpringSpec {
     * </code>
     * @author Rob Winch
     */
-    @Configuration
    @EnableWebSecurity
    public static class HelloWorldWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
        @Override
@ -154,7 +153,6 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseSpringSpec {
     * </code>
     * @author Rob Winch
     */
-    @Configuration
    @EnableWebSecurity
    public static class SampleWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

@ -272,7 +270,6 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseSpringSpec {
     * </code>
     * @author Rob Winch
     */
-    @Configuration
    @EnableWebSecurity
    public static class SampleMultiHttpSecurityConfig {
        @Autowired
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy
@ -88,7 +88,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class HeadersArePopulatedByDefaultConfig extends WebSecurityConfigurerAdapter {

        @Override
@ -112,7 +111,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class WebAsyncPopulatedByDefaultConfig extends WebSecurityConfigurerAdapter {

        @Override
@ -142,7 +140,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class InMemoryAuthWithWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter implements ApplicationListener<AuthenticationSuccessEvent> {
        static List<AuthenticationSuccessEvent> EVENTS = []
        @Bean
@ -175,7 +172,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class OverrideContentNegotiationStrategySharedObjectConfig extends WebSecurityConfigurerAdapter {
        static ContentNegotiationStrategy CNS

@ -193,7 +189,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class ContentNegotiationStrategyDefaultSharedObjectConfig extends WebSecurityConfigurerAdapter {}

    def "UserDetailsService lazy"() {
@ -217,7 +212,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
        }
    }

-    @Configuration
    @EnableWebSecurity
    static class UserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
        @Autowired
@ -250,7 +244,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
            context.getBean(ApplicationContextSharedObjectConfig).http.getSharedObject(ApplicationContext) == context
    }

-    @Configuration
    @EnableWebSecurity
    static class ApplicationContextSharedObjectConfig extends WebSecurityConfigurerAdapter {

@ -276,7 +269,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
            context.getBean(CustomTrustResolverConfig).http.getSharedObject(AuthenticationTrustResolver) == CustomTrustResolverConfig.TR
    }

-    @Configuration
    @EnableWebSecurity
    static class CustomTrustResolverConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationTrustResolver TR
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTestsConfigs.java
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTestsConfigs.java
@ -35,7 +35,6 @@ import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 public class WebSecurityConfigurerAdapterTestsConfigs {

    // necessary because groovy resolves incorrect method when using generics
-    @Configuration
    @EnableWebSecurity
    static class MessageSourcesPopulatedConfig extends WebSecurityConfigurerAdapter {
        @Override
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/DisableUseExpressionsConfig.java
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/DisableUseExpressionsConfig.java
@ -20,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.BaseWebC
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer;

-@Configuration
@EnableWebSecurity
 public class DisableUseExpressionsConfig extends BaseWebConfig {
    protected void configure(HttpSecurity http) throws Exception {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.groovy
@ -104,7 +104,6 @@ public class HttpSecurityTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class RequestMatcherRegistryConfigs extends BaseWebConfig {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.groovy
@ -478,7 +478,6 @@ public class NamespaceHttpTests extends BaseSpringSpec {
            findFilter(FilterSecurityInterceptor).accessDecisionManager.decisionVoters.collect { it.class } == [WebExpressionVoter]
    }

-    @Configuration
    @EnableWebSecurity
    static class UseExpressionsConfig extends BaseWebConfig {
        protected void configure(HttpSecurity http) throws Exception {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/BaseWebConfig.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/BaseWebConfig.groovy
@ -22,7 +22,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 *
 * @author Rob Winch
 */
-@Configuration
@EnableWebSecurity
 public abstract class BaseWebConfig extends WebSecurityConfigurerAdapter {
    BaseWebConfig(boolean disableDefaults) {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy
@ -42,7 +42,6 @@ class EnableWebSecurityTests extends BaseSpringSpec {


    @EnableWebSecurity
-    @Configuration
    static class SecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@ -79,7 +78,6 @@ class EnableWebSecurityTests extends BaseSpringSpec {
    static class ChildSecurityConfig extends DebugSecurityConfig {
    }

-    @Configuration
    @EnableWebSecurity(debug=true)
    static class DebugSecurityConfig extends WebSecurityConfigurerAdapter {

--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.groovy
@ -36,7 +36,6 @@ public class Sec2515Tests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class StackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
@ -55,7 +54,6 @@ public class Sec2515Tests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class CustomBeanNameStackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
@ -81,7 +79,6 @@ public class Sec2515Tests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class CanLoadWithChildConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationManager AM
        @Bean
@ -98,7 +95,6 @@ public class Sec2515Tests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class SecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy
@ -64,7 +64,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
    }


-    @Configuration
    @EnableWebSecurity
    static class SortedWebSecurityConfigurerAdaptersConfig {
        public AuthenticationManager authenticationManager() throws Exception {
@ -140,7 +139,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
    }


-    @Configuration
    @EnableWebSecurity
    static class DuplicateOrderConfig {
        public AuthenticationManager authenticationManager() throws Exception {
@ -186,7 +184,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class PrivilegeEvaluatorConfigurerAdapterConfig extends WebSecurityConfigurerAdapter {
        static WebInvocationPrivilegeEvaluator PE

@ -210,7 +207,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class WebSecurityExpressionHandlerConfig extends WebSecurityConfigurerAdapter {
        static SecurityExpressionHandler EH

@ -237,7 +233,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class WebSecurityExpressionHandlerDefaultsConfig extends WebSecurityConfigurerAdapter {

        @Override
@ -258,7 +253,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class WebInvocationPrivilegeEvaluatorDefaultsConfig extends WebSecurityConfigurerAdapter {

        @Override
@ -285,7 +279,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class DefaultExpressionHandlerSetsBeanResolverConfig extends WebSecurityConfigurerAdapter {

        @Override
@ -331,7 +324,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class ParentConfig extends WebSecurityConfigurerAdapter {
        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) {
@ -340,7 +332,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class ChildConfig extends WebSecurityConfigurerAdapter { }

    def "SEC-2773: delegatingApplicationListener is static method"() {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java
@ -20,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
-@Configuration
 public class Sec2377AConfig extends WebSecurityConfigurerAdapter {

 }
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java
@ -20,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
-@Configuration
 public class Sec2377BConfig extends WebSecurityConfigurerAdapter {

 }
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.groovy
@ -38,7 +38,6 @@ class AnonymousConfigurerTests extends BaseSpringSpec {
            findFilter(AnonymousAuthenticationFilter).key == "custom"
    }

-    @Configuration
    @EnableWebSecurity
    static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {

--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/AuthorizedRequestsWithPostProcessorConfig.java
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/AuthorizedRequestsWithPostProcessorConfig.java
@ -25,7 +25,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

-@Configuration
@EnableWebSecurity
 public class AuthorizedRequestsWithPostProcessorConfig extends WebSecurityConfigurerAdapter {
    static ApplicationListener<AuthorizedEvent> AL;
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.groovy
@ -64,7 +64,6 @@ class ChannelSecurityConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class DuplicateInvocationsDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {

        @Override
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy
@ -72,7 +72,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            context.getBean(RequestDataValueProcessor)
    }

-    @Configuration
    @EnableWebMvcSecurity
    static class CsrfAppliedDefaultConfig extends WebSecurityConfigurerAdapter {

@ -93,7 +92,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            response.status == HttpServletResponse.SC_OK
    }

-    @Configuration
    @EnableWebSecurity
    static class DisableCsrfConfig extends WebSecurityConfigurerAdapter {

@ -125,7 +123,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            response.redirectedUrl == 'http://localhost/tosave'
    }

-    @Configuration
    @EnableWebSecurity
    static class DisableCsrfEnablesRequestCacheConfig extends WebSecurityConfigurerAdapter {

@ -166,7 +163,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            response.status == HttpServletResponse.SC_FORBIDDEN
    }

-    @Configuration
    @EnableWebSecurity
    static class InvalidSessionUrlConfig extends WebSecurityConfigurerAdapter {
        @Override
@ -194,7 +190,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            response.status == HttpServletResponse.SC_FORBIDDEN
    }

-    @Configuration
    @EnableWebSecurity
    static class RequireCsrfProtectionMatcherConfig extends WebSecurityConfigurerAdapter {
        static RequestMatcher matcher
@ -250,7 +245,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            (1.._) *  CsrfTokenRepositoryConfig.repo.saveToken(null, _, _)
    }

-    @Configuration
    @EnableWebSecurity
    static class CsrfTokenRepositoryConfig extends WebSecurityConfigurerAdapter {
        static CsrfTokenRepository repo
@ -284,7 +278,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            response.status == HttpServletResponse.SC_OK
    }

-    @Configuration
    @EnableWebSecurity
    static class AccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter {
        static AccessDeniedHandler deniedHandler
@ -312,7 +305,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            currentAuthentication == null
    }

-    @Configuration
    @EnableWebSecurity
    static class FormLoginConfig extends WebSecurityConfigurerAdapter {
        static AccessDeniedHandler deniedHandler
@ -350,7 +342,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            currentAuthentication != null
    }

-    @Configuration
    @EnableWebSecurity
    static class LogoutConfig extends WebSecurityConfigurerAdapter {
        static AccessDeniedHandler deniedHandler
@ -374,7 +365,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            currentAuthentication == null
    }

-    @Configuration
    @EnableWebSecurity
    static class LogoutAllowsGetConfig extends WebSecurityConfigurerAdapter {
        static AccessDeniedHandler deniedHandler
@ -440,7 +430,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
            response.redirectedUrl == "http://localhost/some-url"
    }

-    @Configuration
    @EnableWebSecurity
    static class CsrfDisablesPostRequestFromRequestCacheConfig extends WebSecurityConfigurerAdapter {
        static CsrfTokenRepository repo
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.groovy
@ -60,7 +60,6 @@ class DefaultFiltersTests extends BaseSpringSpec {
        e.message.contains missingConfigMessage
    }

-    @Configuration
    @EnableWebSecurity
    static class FilterChainProxyBuilderMissingConfig { }

@ -72,7 +71,6 @@ class DefaultFiltersTests extends BaseSpringSpec {
        e.message.contains missingConfigMessage
    }

-    @Configuration
    @EnableWebSecurity
    static class FilterChainProxyBuilderNoSecurityFilterBuildersConfig {
        @Bean
@ -94,7 +92,6 @@ class DefaultFiltersTests extends BaseSpringSpec {
        filterChains[0].filters.find { it instanceof UsernamePasswordAuthenticationFilter }
    }

-    @Configuration
    @EnableWebSecurity
    static class NullWebInvocationPrivilegeEvaluatorConfig extends BaseWebConfig {
        NullWebInvocationPrivilegeEvaluatorConfig() {
@ -121,7 +118,6 @@ class DefaultFiltersTests extends BaseSpringSpec {
                     ExceptionTranslationFilter, FilterSecurityInterceptor ]
    }

-    @Configuration
    @EnableWebSecurity
    static class FilterChainProxyBuilderIgnoringConfig extends BaseWebConfig {
        @Override
@ -152,7 +148,6 @@ class DefaultFiltersTests extends BaseSpringSpec {
            "/logout" | null
    }

-    @Configuration
    @EnableWebSecurity
    static class DefaultFiltersConfigPermitAll extends BaseWebConfig {
        protected void configure(HttpSecurity http) {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.groovy
@ -95,7 +95,6 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class HttpBasicAndFormLoginEntryPointsConfig extends WebSecurityConfigurerAdapter {

        @Override
@ -137,7 +136,6 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class OverrideContentNegotiationStrategySharedObjectConfig extends WebSecurityConfigurerAdapter {
        static ContentNegotiationStrategy CNS

@ -155,7 +153,6 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class DefaultHttpConf extends WebSecurityConfigurerAdapter {
    }

@ -167,7 +164,6 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class BasicAuthenticationEntryPointBeforeFormLoginConf extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
@ -188,7 +184,6 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationEntryPoint AEP
        @Override
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerConfigs.java
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerConfigs.java
@ -47,7 +47,6 @@ public class ExpressionUrlAuthorizationConfigurerConfigs {
     * Ensure that All additional properties properly compile and chain properly
     */
    @EnableWebSecurity
-    @Configuration
    static class AllPropertiesWorkConfig extends WebSecurityConfigurerAdapter {

        @SuppressWarnings("rawtypes")
@ -69,7 +68,6 @@ public class ExpressionUrlAuthorizationConfigurerConfigs {
    }

    @EnableWebSecurity
-    @Configuration
    static class UseBeansInExpressions extends WebSecurityConfigurerAdapter {

        @Autowired
@ -102,7 +100,6 @@ public class ExpressionUrlAuthorizationConfigurerConfigs {
    }

    @EnableWebSecurity
-    @Configuration
    static class CustomExpressionRootConfig extends WebSecurityConfigurerAdapter {

        @Autowired
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationsTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationsTests.groovy
@ -81,7 +81,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class NoSpecificAccessDecessionManagerConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -99,7 +98,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class NoRequestsConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -116,7 +114,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class IncompleteMappingConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -148,7 +145,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class HasAuthorityConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -187,7 +183,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class HasAnyAuthorityConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -215,7 +210,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class HasIpAddressConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -242,7 +236,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class AnonymousConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -269,7 +262,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class RememberMeConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -305,7 +297,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class DenyAllConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -332,7 +323,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class NotDenyAllConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -365,7 +355,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class FullyAuthenticatedConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -408,7 +397,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class AccessConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -440,7 +428,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class InvokeTwiceDoesNotResetConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy
@ -91,7 +91,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
            response.redirectedUrl == "http://localhost/login"
    }

-    @Configuration
    @EnableWebSecurity
    static class FormLoginConfig extends BaseWebConfig {
        @Override
@ -131,7 +130,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
            "/login" | "GET" | "error" | null
    }

-    @Configuration
    @EnableWebSecurity
    static class FormLoginConfigPermitAll extends BaseWebConfig {

@ -167,7 +165,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
            "/authenticate" | "GET"  | "logout"| null
    }

-    @Configuration
    @EnableWebSecurity
    static class FormLoginDefaultsConfig extends BaseWebConfig {

@ -199,7 +196,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
            response.redirectedUrl == "/"
    }

-    @Configuration
    @EnableWebSecurity
    static class FormLoginLoginProcessingUrlConfig extends BaseWebConfig {

@ -233,7 +229,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
            findFilter(ExceptionTranslationFilter).authenticationEntryPoint.portMapper == FormLoginUsesPortMapperConfig.PORT_MAPPER
    }

-    @Configuration
    @EnableWebSecurity
    static class FormLoginUsesPortMapperConfig extends BaseWebConfig {
        static PortMapper PORT_MAPPER
@ -266,7 +261,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class PermitAllIgnoresFailureHandlerConfig extends BaseWebConfig {
        static AuthenticationFailureHandler FAILURE_HANDLER

@ -292,7 +286,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class DuplicateInvocationsDoesNotOverrideConfig extends BaseWebConfig {
        static AuthenticationFailureHandler FAILURE_HANDLER

--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy
@ -54,7 +54,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
                         'X-XSS-Protection' : '1; mode=block']
    }

-    @Configuration
    @EnableWebSecurity
    static class HeadersConfig extends WebSecurityConfigurerAdapter {

@ -73,7 +72,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
            responseHeaders == ['X-Content-Type-Options':'nosniff']
    }

-    @Configuration
    @EnableWebSecurity
    static class ContentTypeOptionsConfig extends WebSecurityConfigurerAdapter {

@ -92,7 +90,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
            responseHeaders == ['X-Frame-Options':'DENY']
    }

-    @Configuration
    @EnableWebSecurity
    static class FrameOptionsConfig extends WebSecurityConfigurerAdapter {

@ -112,7 +109,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
            responseHeaders == ['Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains']
    }

-    @Configuration
    @EnableWebSecurity
    static class HstsConfig extends WebSecurityConfigurerAdapter {

@ -133,7 +129,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
                         'Pragma':'no-cache']
    }

-    @Configuration
    @EnableWebSecurity
    static class CacheControlConfig extends WebSecurityConfigurerAdapter {

@ -152,7 +147,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
            responseHeaders == ['X-XSS-Protection' : '1; mode=block']
    }

-    @Configuration
    @EnableWebSecurity
    static class XssProtectionConfig extends WebSecurityConfigurerAdapter {

--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.groovy
@ -58,7 +58,6 @@ class HttpBasicConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class DefaultsEntryPointConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
@ -86,7 +85,6 @@ class HttpBasicConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class CustomAuthenticationEntryPointConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationEntryPoint ENTRY_POINT

@ -114,7 +112,6 @@ class HttpBasicConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationEntryPoint ENTRY_POINT

--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/Issue55Tests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/Issue55Tests.groovy
@ -46,7 +46,6 @@ class Issue55Tests extends BaseSpringSpec {
            findFilter(FilterSecurityInterceptor).authenticationManager.authenticate(token) == CustomAuthenticationManager.RESULT
     }

-    @Configuration
    @EnableWebSecurity
    static class WebSecurityConfigurerAdapterDefaultsAuthManagerConfig {
        @Component
@ -79,7 +78,6 @@ class Issue55Tests extends BaseSpringSpec {
            findFilter(FilterSecurityInterceptor,1).authenticationManager.authenticate(token) == CustomAuthenticationManager.RESULT
     }

-    @Configuration
    @EnableWebSecurity
    static class MultiWebSecurityConfigurerAdapterDefaultsAuthManagerConfig {
        @Component
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.groovy
@ -54,7 +54,6 @@ class JeeConfigurerTests extends BaseSpringSpec {
            findFilter(J2eePreAuthenticatedProcessingFilter).authenticationDetailsSource.j2eeMappableRoles == ["ROLE_USER"] as Set
    }

-    @Configuration
    @EnableWebSecurity
    static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
        @Override
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.groovy
@ -54,7 +54,6 @@ class LogoutConfigurerTests extends BaseSpringSpec {
            response.redirectedUrl == "/login?logout"
    }

-    @Configuration
    @EnableWebSecurity
    static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {

@ -78,7 +77,6 @@ class LogoutConfigurerTests extends BaseSpringSpec {
            response.redirectedUrl == "/login?logout"
    }

-    @Configuration
    @EnableWebSecurity
    static class CsrfDisabledConfig extends WebSecurityConfigurerAdapter {

@ -101,7 +99,6 @@ class LogoutConfigurerTests extends BaseSpringSpec {
            response.redirectedUrl == "/login?logout"
    }

-    @Configuration
    @EnableWebSecurity
    static class CsrfDisabledCustomLogoutUrlConfig extends WebSecurityConfigurerAdapter {

--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.groovy
@ -71,7 +71,6 @@ public class NamespaceDebugTests extends BaseSpringSpec {
            context.getBean("springSecurityFilterChain").class == DebugFilter
    }

-    @Configuration
    @EnableWebSecurity(debug=true)
    static class DebugWebSecurity extends WebSecurityConfigurerAdapter {
    }
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.groovy
@ -137,7 +137,6 @@ public class NamespaceHttpCustomFilterTests extends BaseSpringSpec {
        filterChain().filters[0].class == CustomFilter
    }

-    @Configuration
    @EnableWebSecurity
    static class NoAuthenticationManagerInHtppConfigurationConfig extends WebSecurityConfigurerAdapter {
        NoAuthenticationManagerInHtppConfigurationConfig() {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.groovy
@ -40,7 +40,6 @@ public class NamespaceHttpExpressionHandlerTests extends BaseSpringSpec {
            noExceptionThrown()
    }

-    @Configuration
    @EnableWebSecurity
    static class ExpressionHandlerConfig extends BaseWebConfig {
        static EXPRESSION_HANDLER;
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.groovy
@ -131,7 +131,6 @@ public class NamespaceHttpInterceptUrlTests extends BaseSpringSpec {
            response.redirectedUrl == "http://localhost/user"
    }

-    @Configuration
    @EnableWebSecurity
    static class HttpInterceptUrlConfig extends WebSecurityConfigurerAdapter {

--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.groovy
@ -92,7 +92,6 @@ public class NamespaceHttpJeeTests extends BaseSpringSpec {
            authenticationManager.providers.find { it instanceof PreAuthenticatedAuthenticationProvider }.preAuthenticatedUserDetailsService.class == PreAuthenticatedGrantedAuthoritiesUserDetailsService
    }

-    @Configuration
    @EnableWebSecurity
    public static class JeeMappableRolesConfig extends WebSecurityConfigurerAdapter {

@ -119,7 +118,6 @@ public class NamespaceHttpJeeTests extends BaseSpringSpec {
            authenticationManager.providers.find { it instanceof PreAuthenticatedAuthenticationProvider }.preAuthenticatedUserDetailsService.class == CustomUserService
    }

-    @Configuration
    @EnableWebSecurity
    public static class JeeUserServiceRefConfig extends WebSecurityConfigurerAdapter {

--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.groovy
@ -81,7 +81,6 @@ public class NamespaceHttpPortMappingsTests extends BaseSpringSpec {
            response.redirectedUrl == "http://localhost:9080/user"
    }

-    @Configuration
    @EnableWebSecurity
    static class HttpInterceptUrlWithPortMapperConfig extends WebSecurityConfigurerAdapter {

--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.groovy
@ -78,7 +78,6 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
            authenticationManager.providers.find { it instanceof PreAuthenticatedAuthenticationProvider }.preAuthenticatedUserDetailsService.class == UserDetailsByNameServiceWrapper
    }

-    @Configuration
    @EnableWebSecurity
    public static class X509Config extends WebSecurityConfigurerAdapter {
        @Override
@ -111,7 +110,6 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
            authenticationManager.providers.find { it instanceof PreAuthenticatedAuthenticationProvider }.preAuthenticatedUserDetailsService.class == UserDetailsByNameServiceWrapper
    }

-    @Configuration
    @EnableWebSecurity
    public static class AuthenticationDetailsSourceRefConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> AUTHENTICATION_DETAILS_SOURCE
@ -144,7 +142,6 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
            authentication().name == 'rod'
    }

-    @Configuration
    @EnableWebSecurity
    public static class SubjectPrincipalRegexConfig extends WebSecurityConfigurerAdapter {
        @Override
@ -177,7 +174,6 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
            authentication().name == 'customuser'
    }

-    @Configuration
    @EnableWebSecurity
    public static class UserDetailsServiceRefConfig extends WebSecurityConfigurerAdapter {
        @Override
@ -210,7 +206,6 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
            authentication().name == 'customuser'
    }

-    @Configuration
    @EnableWebSecurity
    public static class AuthenticationUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> AUTHENTICATION_DETAILS_SOURCE
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy
@ -291,7 +291,6 @@ public class NamespaceRememberMeTests extends BaseSpringSpec {
           1 * DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE.loadUserByUsername("user")
    }

-    @Configuration
    @EnableWebSecurity
    static class DefaultsUserDetailsServiceWithDaoConfig extends WebSecurityConfigurerAdapter {
        static UserDetailsService USERDETAILS_SERVICE
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.groovy
@ -45,7 +45,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class SessionManagementConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
@ -69,7 +68,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class CustomSessionManagementConfig extends WebSecurityConfigurerAdapter {
        static SessionRegistry SR
        @Override
@ -95,7 +93,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class RefsSessionManagementConfig extends WebSecurityConfigurerAdapter {
        static SessionAuthenticationStrategy SAS
        @Override
@ -114,7 +111,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class SFPNoneSessionManagementConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
@ -132,7 +128,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class SFPMigrateSessionManagementConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
@ -153,7 +148,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class SFPNewSessionSessionManagementConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.groovy
@ -51,7 +51,6 @@ class PermitAllSupportTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class NoAuthorizedUrlsConfig extends WebSecurityConfigurerAdapter {

        @Override
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.groovy
@ -46,7 +46,6 @@ class PortMapperConfigurerTests extends BaseSpringSpec {
            response.redirectedUrl == "https://localhost:123"
    }

-    @Configuration
    @EnableWebSecurity
    static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
        @Override
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy
@ -60,7 +60,6 @@ public class RememberMeConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class NullUserDetailsConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
@ -158,7 +157,6 @@ public class RememberMeConfigurerTests extends BaseSpringSpec {
            response.getRedirectedUrl() == "http://localhost/login"
    }

-    @Configuration
    @EnableWebSecurity
    static class RememberMeConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.groovy
@ -162,7 +162,6 @@ class RequestCacheConfigurerTests extends BaseSpringSpec {

    }

-    @Configuration
    @EnableWebSecurity
    static class RequestCacheDefautlsConfig extends WebSecurityConfigurerAdapter {

--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.groovy
@ -54,7 +54,6 @@ class SecurityContextConfigurerTests extends BaseSpringSpec {
            findFilter(SecurityContextPersistenceFilter).repo == InvokeTwiceDoesNotOverrideConfig.SCR
    }

-    @Configuration
    @EnableWebSecurity
    static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
        static SecurityContextRepository SCR
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.groovy
@ -66,7 +66,6 @@ class ServletApiConfigurerTests extends BaseSpringSpec {

    @CompileStatic
    @EnableWebSecurity
-    @Configuration
    static class ServletApiConfig extends WebSecurityConfigurerAdapter {

        @Override
@ -87,7 +86,6 @@ class ServletApiConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class CustomEntryPointConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationEntryPoint ENTRYPOINT

@ -117,7 +115,6 @@ class ServletApiConfigurerTests extends BaseSpringSpec {
            findFilter(SecurityContextHolderAwareRequestFilter).authenticationEntryPoint == InvokeTwiceDoesNotOverrideConfig.ENTRYPOINT
    }

-    @Configuration
    @EnableWebSecurity
    static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationEntryPoint ENTRYPOINT
@ -141,7 +138,6 @@ class ServletApiConfigurerTests extends BaseSpringSpec {
            findFilter(SecurityContextHolderAwareRequestFilter).trustResolver == SharedTrustResolverConfig.TR
    }

-    @Configuration
    @EnableWebSecurity
    static class SharedTrustResolverConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationTrustResolver TR
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.groovy
@ -58,7 +58,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class SessionManagementDoesNotOverrideExplicitRequestCacheConfig extends WebSecurityConfigurerAdapter {
        static RequestCache REQUEST_CACHE

@ -83,7 +82,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
            findFilter(SecurityContextPersistenceFilter).repo == SessionManagementDoesNotOverrideExplicitSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO
    }

-    @Configuration
    @EnableWebSecurity
    static class SessionManagementDoesNotOverrideExplicitSecurityContextRepositoryConfig extends WebSecurityConfigurerAdapter {
        static SecurityContextRepository SECURITY_CONTEXT_REPO
@ -107,7 +105,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
            findFilter(SecurityContextPersistenceFilter).repo.class == NullSecurityContextRepository
    }

-    @Configuration
    @EnableWebSecurity
    static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
        @Override
@ -134,7 +131,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class DisableSessionFixationEnableConcurrencyControlConfig extends WebSecurityConfigurerAdapter {
        @Override
        public void configure(HttpSecurity http) {
@ -191,7 +187,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class ConcurrencyControlConfig extends WebSecurityConfigurerAdapter {
        @Override
        public void configure(HttpSecurity http) {
@ -244,7 +239,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
            findFilter(SessionManagementFilter).trustResolver == SharedTrustResolverConfig.TR
    }

-    @Configuration
    @EnableWebSecurity
    static class SharedTrustResolverConfig extends WebSecurityConfigurerAdapter {
        static AuthenticationTrustResolver TR
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.groovy
@ -68,7 +68,6 @@ public class UrlAuthorizationsTests extends BaseSpringSpec {
    }

    @EnableWebSecurity
-    @Configuration
    static class NoSpecificAccessDecessionManagerConfig extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
--- a/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.groovy
@ -62,7 +62,6 @@ class OpenIDLoginConfigurerTests extends BaseSpringSpec {

    }

-    @Configuration
    @EnableWebSecurity
    static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {

--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java
@ -56,7 +56,6 @@ public class CsrfConfigurerNoWebMvcTests {
    }

    @EnableWebSecurity
-    @Configuration
    static class EnableWebConfig extends WebSecurityConfigurerAdapter {

        @Override
@ -65,7 +64,6 @@ public class CsrfConfigurerNoWebMvcTests {
    }

    @EnableWebMvcSecurity
-    @Configuration
    static class EnableWebMvcConfig extends WebSecurityConfigurerAdapter {

        @Override
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java
@ -110,7 +110,6 @@ public class SessionManagementConfigurerServlet31Tests {
    }

    @EnableWebSecurity
-    @Configuration
    static class SessionManagementDefaultSessionFixationServlet31Config extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
--- a/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc
+++ b/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc
@ -55,7 +55,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.*;

-@Configuration
@EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

--- a/docs/guides/src/asciidoc/form.asc
+++ b/docs/guides/src/asciidoc/form.asc
@ -54,7 +54,6 @@ We will want to ensure we compensate for overriding these defaults in our update

 import org.springframework.security.config.annotation.web.builders.HttpSecurity;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

@ -101,7 +100,6 @@ To fix this we need to instruct Spring Security to allow anyone to access the */
 ----
 // ...

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

@ -212,7 +210,6 @@ We need to update our configuration to allow anyone to access our resources and
 ----
 // ...

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

--- a/docs/guides/src/asciidoc/hellomvc.asc
+++ b/docs/guides/src/asciidoc/hellomvc.asc
@ -118,7 +118,6 @@ If you try to log out right now the request will fail. The reason is that Spring
 ----
 import org.springframework.security.config.annotation.web.servlet.configuration.*;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 ----
--- a/docs/manual/src/docs/asciidoc/index.adoc
+++ b/docs/manual/src/docs/asciidoc/index.adoc
@ -418,7 +418,6 @@ import org.springframework.context.annotation.*;
 import org.springframework.security.config.annotation.authentication.builders.*;
 import org.springframework.security.config.annotation.web.configuration.*;

-@Configuration
@EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

@ -756,7 +755,6 @@ We can configure multiple HttpSecurity instances just as we can have multiple `<

 [source,java]
 ----
-@Configuration
@EnableWebSecurity
 public class MultiHttpSecurityConfig {
    @Autowired
@ -812,7 +810,6 @@ We can enable annotation-based security using the `@EnableGlobalMethodSecurity`

 [source,java]
 ----
-@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
 public class MethodSecurityConfig {
   // ...
@ -840,7 +837,6 @@ Support for JSR-250 annotations can be enabled using

 [source,java]
 ----
-@Configuration
@EnableGlobalMethodSecurity(jsr250Enabled = true)
 public class MethodSecurityConfig {
   // ...
@ -851,7 +847,6 @@ These are standards-based and allow simple role-based constraints to be applied

 [source,java]
 ----
-@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class MethodSecurityConfig {
   // ...
@ -881,7 +876,6 @@ Sometimes you may need to perform operations that are more complicated than are

 [source,java]
 ----
-@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
 public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
    @Override
@ -3097,7 +3091,6 @@ CSRF protection is enabled by default with Java configuration. If you would like
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3217,7 +3210,6 @@ If you really want to use HTTP GET with logout you can do so, but remember this
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3352,7 +3344,6 @@ If you are using Spring Security's Java configuration, all of the default securi
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3370,7 +3361,6 @@ As soon as you specify any headers that should be included, then only those head
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3414,7 +3404,6 @@ Similarly, you can enable only cache control within Java Configuration with the
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3485,7 +3474,6 @@ The X-Content-Type-Options header is added by default with Spring Security Java
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3537,7 +3525,6 @@ Similarly, you can enable only HSTS headers with Java Configuration:
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3587,7 +3574,6 @@ Similarly, you can enable only frame options within Java Configuration with the
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3632,7 +3618,6 @@ Similarly, you can enable only xss protection within Java Configuration with the
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3679,7 +3664,6 @@ Similarly, the headers could be added to the response using Java Configuration a
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3724,7 +3708,6 @@ We could also restrict framing of content to the same origin with Java configura
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -3775,7 +3758,6 @@ We could also prevent framing of content to the log in page using java configura
 [source,java]
 ----
@EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
   WebSecurityConfigurerAdapter {

@ -5969,7 +5951,6 @@ To enable Spring Security integration with Spring MVC add the `@EnableWebMvcSecu

 [source,java]
 ----
-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig {
    // ...
--- a/samples/aspectj-jc/src/main/java/sample/aspectj/AspectjSecurityConfig.java
+++ b/samples/aspectj-jc/src/main/java/sample/aspectj/AspectjSecurityConfig.java
@ -25,7 +25,6 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 /**
 * @author Rob Winch
 */
-@Configuration
@EnableGlobalMethodSecurity(mode = AdviceMode.ASPECTJ,securedEnabled = true)
 public class AspectjSecurityConfig {
 	@Bean
--- a/samples/concurrency-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/concurrency-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -8,7 +8,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

-@Configuration
@EnableWebMvcSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
--- a/samples/form-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/form-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -7,7 +7,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

--- a/samples/hellojs-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/hellojs-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

--- a/samples/hellomvc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/hellomvc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

--- a/samples/helloworld-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/helloworld-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -5,7 +5,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.*	;
 import org.springframework.security.config.annotation.web.configuration.*;

-@Configuration
@EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

--- a/samples/inmemory-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/inmemory-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

--- a/samples/jdbc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/jdbc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -9,7 +9,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
--- a/samples/ldap-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/ldap-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
--- a/samples/openid-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/openid-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 import org.springframework.security.samples.security.CustomUserDetailsService;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
--- a/samples/preauth-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/preauth-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -5,7 +5,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

--- a/samples/rememberme-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/rememberme-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -7,7 +7,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

--- a/samples/x509-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
+++ b/samples/x509-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java
@ -7,7 +7,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;

-@Configuration
@EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java
@ -67,7 +67,6 @@ public class WithMockUserTests {
 		assertThat(message).contains("admin").contains("ROLE_USER").contains("ROLE_ADMIN");
 	}

-	@Configuration
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {
--- a/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
+++ b/test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java
@ -67,7 +67,6 @@ public class WithUserDetailsTests {
 		assertThat(getPrincipal()).isInstanceOf(CustomUserDetails.class);
 	}

-	@Configuration
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java
@ -42,7 +42,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration
+@ContextConfiguration(classes=SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.Config.class)
@WebAppConfiguration
 public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {

@ -69,7 +69,6 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
          .andExpect(status().is2xxSuccessful());
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java
@ -44,7 +44,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration
+@ContextConfiguration(classes = SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.Config.class)
@WebAppConfiguration
 public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests {

@ -73,7 +73,6 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
          .andExpect(status().is2xxSuccessful());
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java
@ -23,7 +23,7 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;

@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration
+@ContextConfiguration(classes = SecurityMockMvcResultMatchersTests.Config.class)
@WebAppConfiguration
 public class SecurityMockMvcResultMatchersTests {
    @Autowired
@ -52,7 +52,6 @@ public class SecurityMockMvcResultMatchersTests {
            .andExpect(authenticated().withRoles("USER"));
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java
@ -77,7 +77,6 @@ public class CsrfShowcaseTests {
            .andExpect(status().isForbidden());
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java
@ -75,7 +75,6 @@ public class CustomCsrfShowcaseTests {
        .andExpect(status().isNotFound());
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java
@ -69,7 +69,6 @@ public class DefaultCsrfShowcaseTests {
            .andExpect(status().isNotFound());
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java
@ -89,7 +89,6 @@ public class AuthenticationTests {
            .andExpect(unauthenticated());
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java
@ -90,7 +90,6 @@ public class CustomConfigAuthenticationTests {
            .andExpect(unauthenticated());
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java
@ -81,7 +81,6 @@ public class CustomLoginRequestBuilderAuthenticationTests {
                    .passwordParam("pass");
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java
@ -82,7 +82,6 @@ public class DefaultfSecurityRequestsTests {
            .andExpect(authenticated().withUsername("user"));
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java
@ -106,7 +106,6 @@ public class SecurityRequestsTests {
            .andExpect(authenticated().withAuthentication(authentication));
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java
@ -78,7 +78,6 @@ public class WithUserAuthenticationTests {
            .andExpect(authenticated().withUsername("user").withRoles("ADMIN"));
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java
@ -77,7 +77,6 @@ public class WithUserClassLevelAuthenticationTests {
            .andExpect(authenticated().withUsername("user").withRoles("ADMIN"));
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java
@ -80,7 +80,6 @@ public class WithUserDetailsAuthenticationTests {
            .andExpect(authenticated().withUsername("admin").withRoles("ADMIN","USER"));
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java
@ -79,7 +79,6 @@ public class WithUserDetailsClassLevelAuthenticationTests {
            .andExpect(authenticated().withUsername("admin").withRoles("ADMIN","USER"));
    }

-    @Configuration
    @EnableWebMvcSecurity
    @EnableWebMvc
    static class Config extends WebSecurityConfigurerAdapter {
--- a/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
+++ b/test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java
@ -123,7 +123,6 @@ public class WebTestUtilsTests {
    @Configuration
    static class Config {}

-    @Configuration
    @EnableWebSecurity
    static class SecurityNoCsrfConfig extends WebSecurityConfigurerAdapter {

@ -133,7 +132,6 @@ public class WebTestUtilsTests {
        }
    }

-    @Configuration
    @EnableWebSecurity
    static class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
        static CsrfTokenRepository CSRF_REPO;