Spring Security Config - One Minute Overview
The common way to configure Spring Security is by extending WebSecurityConfigurerAdapter and annotating with @Configuration. e.g., from the Java docs: @Configuration class SimpleSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/**").hasRole("USER").and().formLogin() .and() .logout().deleteCookies("remove").invalidateHttpSession(false) .logoutUrl("/custom-logout").logoutSuccessUrl("/logout-success"); } } If you need to have multiple configurations, for instance, for different paths, then you can either http.antMatchers(...), or you can provide multiple configurations. But these achieve different things, and this distinction needs to be understood. ...