diff --git a/articles/building-apps/integration/rest-api.adoc b/articles/building-apps/integration/rest-api.adoc
index b9388176ed..5e06c86677 100644
--- a/articles/building-apps/integration/rest-api.adoc
+++ b/articles/building-apps/integration/rest-api.adoc
@@ -132,10 +132,8 @@ Open the `SecurityConfiguration.java` file and add two additional security confi
----
import static com.vaadin.flow.spring.security.VaadinSecurityConfigurer.vaadin;
-import com.vaadin.flow.spring.security.VaadinAwareSecurityContextHolderStrategyConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -148,7 +146,6 @@ import org.springframework.security.web.authentication.HttpStatusEntryPoint;
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfiguration {
@Bean
diff --git a/articles/building-apps/security/add-login/flow.adoc b/articles/building-apps/security/add-login/flow.adoc
index 4f1df88845..c02c5bad1b 100644
--- a/articles/building-apps/security/add-login/flow.adoc
+++ b/articles/building-apps/security/add-login/flow.adoc
@@ -75,7 +75,6 @@ To instruct Spring Security to use your login view, modify your security configu
----
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfig {
@Bean
@@ -141,12 +140,10 @@ Inside this package, create a [classname]`SecurityConfig` class:
.`SecurityConfig.java`
[source,java]
----
-import com.vaadin.flow.spring.security.VaadinAwareSecurityContextHolderStrategyConfiguration;
import com.vaadin.flow.spring.security.VaadinSecurityConfigurer;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
@@ -156,7 +153,6 @@ import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfig {
@Bean
@@ -253,7 +249,6 @@ Modify [classname]`SecurityConfig` to reference the `LoginView`:
----
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfig {
@Bean
diff --git a/articles/building-apps/security/add-login/hilla.adoc b/articles/building-apps/security/add-login/hilla.adoc
index b37221b29e..c28e8486bb 100644
--- a/articles/building-apps/security/add-login/hilla.adoc
+++ b/articles/building-apps/security/add-login/hilla.adoc
@@ -160,7 +160,6 @@ To instruct Spring Security to use your login view, modify your security configu
----
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfig {
@Bean
diff --git a/articles/building-apps/security/add-login/index.adoc b/articles/building-apps/security/add-login/index.adoc
index 5d19efe480..e067e9426e 100644
--- a/articles/building-apps/security/add-login/index.adoc
+++ b/articles/building-apps/security/add-login/index.adoc
@@ -61,13 +61,12 @@ This is a minimal implementation of a security configuration class:
----
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class) // <1>
class SecurityConfig {
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
// Configure Vaadin's security using VaadinSecurityConfigurer
- http.with(VaadinSecurityConfigurer.vaadin(), configurer -> { // <2>
+ http.with(VaadinSecurityConfigurer.vaadin(), configurer -> { // <1>
// TODO Configure the login view
});
return http.build();
@@ -76,7 +75,7 @@ class SecurityConfig {
@Bean
public UserDetailsManager userDetailsManager() {
LoggerFactory.getLogger(SecurityConfig.class)
- .warn("NOT FOR PRODUCTION: Using in-memory user details manager!"); // <3>
+ .warn("NOT FOR PRODUCTION: Using in-memory user details manager!"); // <2>
var user = User.withUsername("user")
.password("{noop}user")
.roles("USER")
@@ -89,9 +88,8 @@ class SecurityConfig {
}
}
----
-<1> Imports `VaadinAwareSecurityContextHolderStrategyConfiguration`, required for Vaadin security to work with Spring Security.
-<2> Always call with `VaadinSecurityConfigurer.vaadin()` -- this ensures that the application is properly configured.
-<3> *Tip:* Log a warning message whenever using a configuration that shouldn't end up in production.
+<1> Always call with `VaadinSecurityConfigurer.vaadin()` -- this ensures that the application is properly configured.
+<2> *Tip:* Log a warning message whenever using a configuration that shouldn't end up in production.
The [classname]`VaadinSecurityConfigurer` class provides essential security configurations out of the box, including:
diff --git a/articles/building-apps/security/add-logout/flow.adoc b/articles/building-apps/security/add-logout/flow.adoc
index 4b2db6399b..c9adb3d4d8 100644
--- a/articles/building-apps/security/add-logout/flow.adoc
+++ b/articles/building-apps/security/add-logout/flow.adoc
@@ -45,7 +45,6 @@ By default, users are redirected to the root URL (`/`) after logging out. To cha
----
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfig {
@Bean
diff --git a/articles/building-apps/security/add-logout/hilla.adoc b/articles/building-apps/security/add-logout/hilla.adoc
index 2c24c97f38..ab45443c8f 100644
--- a/articles/building-apps/security/add-logout/hilla.adoc
+++ b/articles/building-apps/security/add-logout/hilla.adoc
@@ -46,7 +46,6 @@ By default, users are redirected to the root URL (`/`) after logging out. To cha
----
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfig {
@Bean
diff --git a/articles/building-apps/security/protect-services/flow.adoc b/articles/building-apps/security/protect-services/flow.adoc
index 3bede285d2..a9c02b9599 100644
--- a/articles/building-apps/security/protect-services/flow.adoc
+++ b/articles/building-apps/security/protect-services/flow.adoc
@@ -37,7 +37,6 @@ To enable method security, add [annotationname]`@EnableMethodSecurity` to your s
@EnableMethodSecurity
// end::snippet[]
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfig {
@Bean
@@ -113,7 +112,6 @@ Add [annotationname]`@EnableMethodSecurity` to [classname]`SecurityConfig`:
@EnableMethodSecurity
// end::snippet[]
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfig {
...
}
diff --git a/articles/building-apps/security/protect-views/flow.adoc b/articles/building-apps/security/protect-views/flow.adoc
index 31a5f5a98f..f693e61552 100644
--- a/articles/building-apps/security/protect-views/flow.adoc
+++ b/articles/building-apps/security/protect-views/flow.adoc
@@ -145,7 +145,6 @@ To enable a custom [interfacename]`NavigationAccessChecker`, create a new [class
----
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfig {
@Bean
@@ -292,7 +291,6 @@ Then update the [methodname]`userDetailsManager()` method of the [classname]`Sec
----
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfig {
...
diff --git a/articles/flow/integrations/spring/oauth2.adoc b/articles/flow/integrations/spring/oauth2.adoc
index c08815d88c..f6c32449a4 100644
--- a/articles/flow/integrations/spring/oauth2.adoc
+++ b/articles/flow/integrations/spring/oauth2.adoc
@@ -94,7 +94,6 @@ The post logout redirect URI can be expressed as a relative or absolute URI, or
----
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
class SecurityConfiguration {
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
diff --git a/articles/flow/security/advanced-topics/navigation-access-control.adoc b/articles/flow/security/advanced-topics/navigation-access-control.adoc
index c392265070..8987237f94 100644
--- a/articles/flow/security/advanced-topics/navigation-access-control.adoc
+++ b/articles/flow/security/advanced-topics/navigation-access-control.adoc
@@ -66,7 +66,6 @@ public class HomeView extends Div { }
@Configuration
@EnableWebSecurity
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Bean
diff --git a/articles/flow/security/enabling-security.adoc b/articles/flow/security/enabling-security.adoc
index b77353e738..d73e7ff10a 100644
--- a/articles/flow/security/enabling-security.adoc
+++ b/articles/flow/security/enabling-security.adoc
@@ -213,7 +213,6 @@ This is a minimal implementation of such a class:
@EnableWebSecurity // <1>
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class) // <2>
public class SecurityConfiguration {
@Bean
@@ -258,7 +257,7 @@ public class SecurityConfiguration {
}
----
-Notice the including of [annotationname]`@EnableWebSecurity`, [annotationname]`@Configuration`, and [annotationname]`@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)` annotations on top of the above class. As their names imply, they instruct Spring to enable its security features and configure the Vaadin-aware security context holder strategy.
+Notice the including of [annotationname]`@EnableWebSecurity` and [annotationname]`@Configuration` annotations on top of the above class. As their names imply, they instruct Spring to enable its security features.
[classname]`VaadinSecurityConfigurer` is a helper class that configures the common Vaadin-related Spring Security settings. By using it, the view-based access control mechanism is enabled automatically, and no further configuration is needed.
@@ -565,7 +564,7 @@ To add impersonation for a Vaadin application, create the [classname]`SwitchUser
[source,java]
----
@Bean
- public SwitchUserFilter switchUserFilter(VaadinAwareSecurityContextHolderStrategy strategy) {
+ public SwitchUserFilter switchUserFilter(SecurityContextHolderStrategy strategy) {
SwitchUserFilter filter = new SwitchUserFilter();
filter.setSecurityContextHolderStrategy(strategy);
filter.setUserDetailsService(userDetailsService());
@@ -576,9 +575,6 @@ To add impersonation for a Vaadin application, create the [classname]`SwitchUser
}
----
-[NOTE]
-The bean should use `VaadinSecurityContextHolderStrategy` bean to work properly. If the [classname]`SwitchUserFilter` is initialized differently, the wrong security holder is used and the feature won't work. Make sure to add `@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)` on top of your security configuration class.
-
To secure the impersonation endpoints, configure the HttpSecurity object with the appropriate matchers like so:
[source,java]
diff --git a/articles/flow/security/vaadin-security-configurer.adoc b/articles/flow/security/vaadin-security-configurer.adoc
index d562f6c94c..24b61fba68 100644
--- a/articles/flow/security/vaadin-security-configurer.adoc
+++ b/articles/flow/security/vaadin-security-configurer.adoc
@@ -23,7 +23,6 @@ The `VaadinSecurityConfigurer` can be used in a Spring Security configuration cl
----
@Configuration
@EnableWebSecurity
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Bean
@@ -35,8 +34,6 @@ public class SecurityConfig {
}
----
-The `VaadinAwareSecurityContextHolderStrategyConfiguration` is imported manually to ensure that the [classname]`VaadinSession`-based security context holder is initialized.
-
==== Applied Configurers
The `VaadinSecurityConfigurer` applies several other Spring Security configurers to set up the security filter chain:
@@ -194,7 +191,6 @@ Creates and returns a composite `RequestMatcher` for identifying requests that s
----
@Configuration
@EnableWebSecurity
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Bean
@@ -216,7 +212,6 @@ To configure multiple filter chains, use `@Order` annotation to specify the orde
----
@Configuration
@EnableWebSecurity
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Order(1)
@@ -283,7 +278,6 @@ public class SecurityConfigurationAPI {
@Configuration
@EnableWebSecurity
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Order(1)
@@ -315,7 +309,6 @@ Vaadin uses annotations to control access to views at the navigation level, whil
----
@Configuration
@EnableWebSecurity
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Bean
@@ -380,7 +373,6 @@ safest option.
----
@Configuration
@EnableWebSecurity
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Bean
@@ -393,3 +385,6 @@ public class SecurityConfig {
}
}
----
+
+
+[discussion-id]`164DDBB1-3DC0-4E30-B8B9-D280BB83341F`
diff --git a/articles/hilla/lit/guides/security/spring-login.adoc b/articles/hilla/lit/guides/security/spring-login.adoc
index 1af551a3d7..a542fbcf35 100644
--- a/articles/hilla/lit/guides/security/spring-login.adoc
+++ b/articles/hilla/lit/guides/security/spring-login.adoc
@@ -43,7 +43,6 @@ To implement your own security configuration, create a new configuration class t
----
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Bean
@@ -509,7 +508,6 @@ The following example demonstrates how to access an SQL database with tables for
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
//...
@@ -541,7 +539,6 @@ This next example shows how to configure authentication by using an LDAP reposit
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
//...
diff --git a/articles/hilla/lit/guides/security/spring-stateless.adoc b/articles/hilla/lit/guides/security/spring-stateless.adoc
index bd08e70011..f4864d708f 100644
--- a/articles/hilla/lit/guides/security/spring-stateless.adoc
+++ b/articles/hilla/lit/guides/security/spring-stateless.adoc
@@ -120,7 +120,6 @@ By default, the JWT and cookies expire thirty minutes after the last server requ
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
diff --git a/articles/upgrading/index.adoc b/articles/upgrading/index.adoc
index 19021433a8..d8be6d730d 100644
--- a/articles/upgrading/index.adoc
+++ b/articles/upgrading/index.adoc
@@ -739,7 +739,6 @@ The deprecated [classname]`VaadinWebSecurity` class has been removed from Vaadin
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Bean
@@ -924,7 +923,6 @@ public SecurityFilterChain vaadinSecurityFilterChain(HttpSecurity http) throws E
----
@EnableWebSecurity // should be already present
@Configuration // should be already present
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfiguration {
}
----
diff --git a/src/main/java/com/vaadin/demo/SecurityConfig.java b/src/main/java/com/vaadin/demo/SecurityConfig.java
index 8042b12c2e..0e59902855 100644
--- a/src/main/java/com/vaadin/demo/SecurityConfig.java
+++ b/src/main/java/com/vaadin/demo/SecurityConfig.java
@@ -1,10 +1,7 @@
package com.vaadin.demo;
-import com.vaadin.flow.spring.security.VaadinAwareSecurityContextHolderStrategyConfiguration;
-
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -12,7 +9,6 @@
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfig {
@Bean
diff --git a/src/main/java/com/vaadin/demo/fusion/security/authentication/SecurityConfigDemo.java b/src/main/java/com/vaadin/demo/fusion/security/authentication/SecurityConfigDemo.java
index 488b27aa37..1d56c9ac67 100644
--- a/src/main/java/com/vaadin/demo/fusion/security/authentication/SecurityConfigDemo.java
+++ b/src/main/java/com/vaadin/demo/fusion/security/authentication/SecurityConfigDemo.java
@@ -1,11 +1,9 @@
package com.vaadin.demo.fusion.security.authentication;
-import com.vaadin.flow.spring.security.VaadinAwareSecurityContextHolderStrategyConfiguration;
import com.vaadin.flow.spring.security.VaadinSecurityConfigurer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
@@ -19,7 +17,6 @@
*/
//@EnableWebSecurity
//@Configuration
-//@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
public class SecurityConfigDemo {
@Bean
diff --git a/src/main/java/com/vaadin/demo/fusion/security/stateless/SecurityConfigurer.java b/src/main/java/com/vaadin/demo/fusion/security/stateless/SecurityConfigurer.java
index cd8fd73d32..9939b63c08 100644
--- a/src/main/java/com/vaadin/demo/fusion/security/stateless/SecurityConfigurer.java
+++ b/src/main/java/com/vaadin/demo/fusion/security/stateless/SecurityConfigurer.java
@@ -6,7 +6,6 @@
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -14,14 +13,12 @@
import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
import org.springframework.security.web.SecurityFilterChain;
-import com.vaadin.flow.spring.security.VaadinAwareSecurityContextHolderStrategyConfiguration;
import com.vaadin.flow.spring.security.VaadinSecurityConfigurer;
import com.vaadin.flow.spring.security.stateless.VaadinStatelessSecurityConfigurer;
// tag::stateless-configure[]
@EnableWebSecurity
@Configuration
-@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)
@Profile("this-is-just-a-demo-class") // hidden-source-line
public class SecurityConfigurer {