为什么 类 扩展 WebSecurityConfigurerAdapter 而不声明任何 bean 都带有配置注释?

Why classes extending WebSecurityConfigurerAdapter and not declaring any bean are annotated with configuration?

根据@Configuration documentation

Indicates that a class declares one or more @Bean methods and may be processed by the Spring container to generate bean definitions and service requests for those beans at runtime, for example:

@Configuration  
public class AppConfig {  
  @Bean  
  public MyBean myBean() {  
    //instantiate, configure and return bean ...  
  }  
}

我一直记得我遇到过 类 扩展 WebSecurityConfigurerAdapter,它不包含任何 @Bean 方法,并用 @Configuration 注释。 它甚至在官方博客和一些示例中,请参见: https://spring.io/blog/2013/07/03/spring-security-java-config-preview-web-security

@Configuration
@EnableWebSecurity
public class HelloWebSecurityConfiguration
   extends WebSecurityConfigurerAdapter {

  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) {
    auth
      .inMemoryAuthentication()
        .withUser("user").password("password").roles("USER");
  }
}

或此处:https://docs.spring.io/spring-security/site/docs/current/reference/html/jc.html

    @Order(1)                                                        2
    public static class ApiWebSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
        protected void configure(HttpSecurity http) throws Exception {
            http
                .antMatcher("/api/**")                               3
                .authorizeRequests(authorizeRequests ->
                    authorizeRequests
                        .anyRequest().hasRole("ADMIN")
                )
                .httpBasic(withDefaults());
        }
    }

为什么这个 类 用 @Configuration 注释,即使没有 @Bean 方法?

豆子imported using the secondary "@Enable" annotation

Spring features such as asynchronous method execution, scheduled task execution, annotation driven transaction management, and even Spring MVC can be enabled and configured from @Configuration classes using their respective "@Enable" annotations. See @EnableAsync, @EnableScheduling, @EnableTransactionManagement, @EnableAspectJAutoProxy, and @EnableWebMvc for details.

来自 EnableWebSecurity:

Add this annotation to an @Configuration class to have the Spring Security configuration defined in any WebSecurityConfigurer or more likely by extending the WebSecurityConfigurerAdapter base class and overriding individual methods: