diff --git a/docs/manual/src/asciidoc/index.adoc b/docs/manual/src/asciidoc/index.adoc index 9743464811..2e729aa62e 100644 --- a/docs/manual/src/asciidoc/index.adoc +++ b/docs/manual/src/asciidoc/index.adoc @@ -5873,10 +5873,26 @@ Refer to the Javadoc for additional integrations with both the Java concurrent A Spring Security provides a number of optional integrations with Spring MVC. This section covers the integration in further detail. +[[mvc-enablewebmvcsecurity]] +=== @EnableWebMvcSecurity + +To enable Spring Security integration with Spring MVC add the `@EnableWebMvcSecurity` annotation to your configuration. A typical example will look something like this: + +[source,java] +---- +@Configuration +@EnableWebMvcSecurity +public class SecurityConfig { + // ... +} +---- + [[mvc-authentication-principal]] === @AuthenticationPrincipal -Spring Security provides ability to automatically resolve the current `Authentication.getPrincipal()` for Spring MVC arguments. This means that you can be entirely decoupled from Spring Security in your Spring MVC layer. +Spring Security provides `AuthenticationPrincipalArgumentResolver` which can automatically resolve the current `Authentication.getPrincipal()` for Spring MVC arguments. By using <> you will automatically have this added to your Spring MVC configuration. If you use XML based configuraiton, you must add this yourself. + +Once `AuthenticationPrincipalArgumentResolver` is properly configured, you can be entirely decoupled from Spring Security in your Spring MVC layer. Consider a situation where a custom `UserDetailsService` that returns an `Object` that implements `UserDetails` and your own `CustomUser` `Object`. The `CustomUser` of the currently authenticated user could be accessed using the following code: