SEC-2788: Add @Configuration as meta annotation to @Enable* annotations

config/src/integration-test/groovy/org/springframework/security/config/annotation/authentication/ldap/LdapAuthenticationProviderConfigurerTests.groovy

@@ -45,7 +45,6 @@ class LdapAuthenticationProviderConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class MultiLdapAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
             auth

config/src/integration-test/java/org/springframework/security/config/annotation/authentication/ldap/NamespaceLdapAuthenticationProviderTestsConfigs.java

@@ -28,8 +28,6 @@ import org.springframework.security.ldap.userdetails.PersonContextMapper;
  *
  */
 public class NamespaceLdapAuthenticationProviderTestsConfigs {
-
-    @Configuration
     @EnableWebSecurity
     static class LdapAuthenticationProviderConfig extends WebSecurityConfigurerAdapter {
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -40,7 +38,6 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
         }
     }
 
-    @Configuration
     @EnableWebSecurity
     static class CustomLdapAuthenticationProviderConfig extends WebSecurityConfigurerAdapter {
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -66,7 +63,6 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
         }
     }
 
-    @Configuration
     @EnableWebSecurity
     static class CustomAuthoritiesPopulatorConfig extends WebSecurityConfigurerAdapter {
         static LdapAuthoritiesPopulator LAP;
@@ -78,7 +74,6 @@ public class NamespaceLdapAuthenticationProviderTestsConfigs {
         }
     }
 
-    @Configuration
     @EnableWebSecurity
     static class PasswordCompareLdapConfig extends WebSecurityConfigurerAdapter {
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {

config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java

@@ -19,6 +19,7 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;
 
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -88,4 +89,5 @@ import org.springframework.security.config.annotation.web.servlet.configuration.
 @Target(value={java.lang.annotation.ElementType.TYPE})
 @Documented
 @Import(AuthenticationConfiguration.class)
+@Configuration
 public @interface EnableGlobalAuthentication {}

config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java

@@ -20,6 +20,7 @@ import java.lang.annotation.Retention;
 import java.lang.annotation.Target;
 
 import org.springframework.context.annotation.AdviceMode;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.core.Ordered;
 import org.springframework.security.access.annotation.Secured;
@@ -46,6 +47,7 @@ import org.springframework.security.config.annotation.configuration.ObjectPostPr
 @Documented
 @Import({GlobalMethodSecuritySelector.class,ObjectPostProcessorConfiguration.class})
 @EnableGlobalAuthentication
+@Configuration
 public @interface EnableGlobalMethodSecurity {
 
     /**

config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java

@@ -19,6 +19,7 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;
 
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
 import org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration;
@@ -79,6 +80,7 @@ import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
 @Documented
 @Import({WebSecurityConfiguration.class,ObjectPostProcessorConfiguration.class})
 @EnableGlobalAuthentication
+@Configuration
 public @interface EnableWebSecurity {
 
     /**

config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/EnableWebMvcSecurity.java

@@ -19,6 +19,7 @@ import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;
 
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
 
@@ -35,5 +36,6 @@ import org.springframework.security.config.annotation.authentication.configurati
 @Documented
 @Import(WebMvcSecurityConfiguration.class)
 @EnableGlobalAuthentication
+@Configuration
 public @interface EnableWebMvcSecurity {
 }

config/src/main/java/org/springframework/security/config/annotation/web/servlet/configuration/WebMvcSecurityConfiguration.java

@@ -38,7 +38,6 @@ import org.springframework.web.servlet.support.RequestDataValueProcessor;
  * @author Rob Winch
  * @since 3.2
  */
-@Configuration
 @EnableWebSecurity
 public class WebMvcSecurityConfiguration extends WebMvcConfigurerAdapter {
 

config/src/test/groovy/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.groovy

@@ -76,7 +76,6 @@ class AuthenticationManagerBuilderTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class MultiAuthenticationProvidersConfig extends WebSecurityConfigurerAdapter {
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
             auth

config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationManagerTests.groovy

@@ -46,7 +46,6 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class EraseCredentialsTrueDefaultConfig extends WebSecurityConfigurerAdapter {
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
             auth
@@ -73,7 +72,6 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class EraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
             auth
@@ -101,7 +99,6 @@ class NamespaceAuthenticationManagerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class GlobalEraseCredentialsFalseConfig extends WebSecurityConfigurerAdapter {
         @Autowired
         public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.groovy

@@ -39,7 +39,6 @@ class NamespaceAuthenticationProviderTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class AuthenticationProviderRefConfig extends WebSecurityConfigurerAdapter {
         static DaoAuthenticationProvider expected = new DaoAuthenticationProvider()
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -64,7 +63,6 @@ class NamespaceAuthenticationProviderTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class UserServiceRefConfig extends WebSecurityConfigurerAdapter {
         static InMemoryUserDetailsManager expected = new InMemoryUserDetailsManager([] as Collection)
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {

config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespaceJdbcUserServiceTests.groovy

@@ -49,7 +49,6 @@ class NamespaceJdbcUserServiceTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class JdbcUserServiceConfig extends WebSecurityConfigurerAdapter {
         @Autowired
         private DataSource dataSource;
@@ -79,7 +78,6 @@ class NamespaceJdbcUserServiceTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class JdbcUserServiceInMemorySampleConfig extends WebSecurityConfigurerAdapter {
         @Autowired
         private DataSource dataSource;
@@ -127,7 +125,6 @@ class NamespaceJdbcUserServiceTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class CustomJdbcUserServiceSampleConfig extends WebSecurityConfigurerAdapter {
         @Autowired
         private DataSource dataSource;

config/src/test/groovy/org/springframework/security/config/annotation/authentication/NamespacePasswordEncoderTests.groovy

@@ -51,7 +51,6 @@ class NamespacePasswordEncoderTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class PasswordEncoderWithInMemoryConfig extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -72,7 +71,6 @@ class NamespacePasswordEncoderTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class PasswordEncoderWithJdbcConfig extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -101,7 +99,6 @@ class NamespacePasswordEncoderTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class PasswordEncoderWithUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {

config/src/test/groovy/org/springframework/security/config/annotation/authentication/PasswordEncoderConfigurerConfigs.java

@@ -35,7 +35,6 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 public class PasswordEncoderConfigurerConfigs {
 
     @EnableWebSecurity
-    @Configuration
     static class PasswordEncoderConfig extends WebSecurityConfigurerAdapter {
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
             BCryptPasswordEncoder encoder = passwordEncoder();
@@ -63,7 +62,6 @@ public class PasswordEncoderConfigurerConfigs {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class PasswordEncoderNoAuthManagerLoadsConfig extends WebSecurityConfigurerAdapter {
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
             BCryptPasswordEncoder encoder = passwordEncoder();

config/src/test/groovy/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.groovy

@@ -58,7 +58,6 @@ class AuthenticationConfigurationTests extends BaseSpringSpec {
     @Import([GlobalMethodSecurityAutowiredConfig,ServicesConfig])
     static class GlobalMethodSecurityAutowiredConfigAndServicesConfig {}
 
-    @Configuration
     @EnableGlobalMethodSecurity(securedEnabled = true)
     static class GlobalMethodSecurityAutowiredConfig {
         @Autowired
@@ -80,11 +79,9 @@ class AuthenticationConfigurationTests extends BaseSpringSpec {
     @Import([GlobalMethodSecurityConfig,WebSecurityConfig,ServicesConfig])
     static class GlobalMethodSecurityConfigAndServicesConfig {}
 
-    @Configuration
     @EnableGlobalMethodSecurity(securedEnabled = true)
     static class GlobalMethodSecurityConfig {}
 
-    @Configuration
     @EnableWebSecurity
     static class WebSecurityConfig extends WebSecurityConfigurerAdapter {
         @Autowired
@@ -108,7 +105,6 @@ class AuthenticationConfigurationTests extends BaseSpringSpec {
     @Import([GlobalMethodSecurityConfig,WebMvcSecurityConfig,ServicesConfig])
     static class GlobalMethodSecurityMvcSecurityAndServicesConfig {}
 
-    @Configuration
     @EnableWebMvcSecurity
     static class WebMvcSecurityConfig extends WebSecurityConfigurerAdapter {
         @Autowired

config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfigurationTests.groovy

@@ -65,7 +65,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
             InMemoryAuthWithGlobalMethodSecurityConfig.EVENT.authentication == auth
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true)
     public static class InMemoryAuthWithGlobalMethodSecurityConfig extends GlobalMethodSecurityConfiguration implements ApplicationListener<AuthenticationSuccessEvent> {
         static AuthenticationSuccessEvent EVENT
@@ -96,7 +95,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
             preAdviceVoter.preAdvice.expressionHandler.trustResolver == CustomTrustResolverConfig.TR
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true)
     static class CustomTrustResolverConfig extends GlobalMethodSecurityConfiguration {
         static AuthenticationTrustResolver TR
@@ -130,7 +128,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
             noExceptionThrown()
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
     static class ExpressionHandlerHasBeanResolverSetConfig extends GlobalMethodSecurityConfiguration {
 
@@ -182,7 +179,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
             noExceptionThrown()
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true)
     static class MethodSecurityServiceConfig extends GlobalMethodSecurityConfiguration {
 
@@ -217,7 +213,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
             thrown(AccessDeniedException)
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true)
     public static class AutowirePermissionEvaluatorConfig extends GlobalMethodSecurityConfiguration {
         static PermissionEvaluator PE
@@ -246,7 +241,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
             noExceptionThrown()
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true)
     public static class MultiPermissionEvaluatorConfig extends GlobalMethodSecurityConfiguration {
         static PermissionEvaluator PE
@@ -287,7 +281,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
 
     static class ChildConfig extends ParentConfig {}
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true)
     static class ParentConfig {
 
@@ -331,7 +324,6 @@ public class GlobalMethodSecurityConfigurationTests extends BaseSpringSpec {
         }
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true)
     static class Sec2479ChildConfig {
         @Bean

config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityExpressionHandlerTests.groovy

@@ -73,7 +73,6 @@ public class NamespaceGlobalMethodSecurityExpressionHandlerTests extends BaseSpr
         thrown(AccessDeniedException)
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true)
     public static class CustomAccessDecisionManagerConfig extends GlobalMethodSecurityConfiguration {
         @Override

config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/NamespaceGlobalMethodSecurityTests.groovy

@@ -78,7 +78,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
             thrown(AccessDeniedException)
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
     public static class CustomAccessDecisionManagerConfig extends GlobalMethodSecurityConfiguration {
         @Override
@@ -110,7 +109,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
             thrown(UnsupportedOperationException)
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity
     public static class CustomAuthenticationConfig extends GlobalMethodSecurityConfiguration {
         @Override
@@ -168,7 +166,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
             thrown(AccessDeniedException)
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity
     public static class CustomMethodSecurityMetadataSourceConfig extends GlobalMethodSecurityConfiguration {
         @Override
@@ -195,7 +192,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
             context.getBean(AspectJMethodSecurityInterceptor)
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(mode = AdviceMode.ASPECTJ, proxyTargetClass = true)
     public static class AspectJModeConfig extends BaseMethodConfig {
     }
@@ -208,7 +204,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
             context.getBean(AspectJMethodSecurityInterceptor)
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(mode = AdviceMode.ASPECTJ)
     public static class AspectJModeExtendsGMSCConfig extends GlobalMethodSecurityConfiguration {
     }
@@ -223,7 +218,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
             advisor.order == 135
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(order = 135)
     public static class CustomOrderConfig extends BaseMethodConfig {
     }
@@ -236,7 +230,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
             advisor.order == Ordered.LOWEST_PRECEDENCE
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity
     public static class DefaultOrderConfig extends BaseMethodConfig {
     }
@@ -249,7 +242,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
             advisor.order == Ordered.LOWEST_PRECEDENCE
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity
     public static class DefaultOrderExtendsMethodSecurityConfig extends GlobalMethodSecurityConfiguration {
     }
@@ -331,7 +323,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
             service.runAs().authorities.find { it.authority == "ROLE_RUN_AS_SUPER"}
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(securedEnabled = true)
     public static class CustomRunAsManagerConfig extends GlobalMethodSecurityConfiguration {
         @Override
@@ -377,7 +368,6 @@ public class NamespaceGlobalMethodSecurityTests extends BaseSpringSpec {
             e.message == "custom AfterInvocationManager"
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled = true)
     public static class CustomAfterInvocationManagerConfig extends GlobalMethodSecurityConfiguration {
         @Override

config/src/test/groovy/org/springframework/security/config/annotation/method/configuration/SampleEnableGlobalMethodSecurityTests.groovy

@@ -58,7 +58,6 @@ public class SampleEnableGlobalMethodSecurityTests extends BaseSpringSpec {
         thrown(AccessDeniedException)
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled=true)
     public static class SampleWebSecurityConfig {
         @Bean
@@ -88,7 +87,6 @@ public class SampleEnableGlobalMethodSecurityTests extends BaseSpringSpec {
         thrown(AccessDeniedException)
     }
 
-    @Configuration
     @EnableGlobalMethodSecurity(prePostEnabled=true)
     public static class CustomPermissionEvaluatorWebSecurityConfig extends GlobalMethodSecurityConfiguration {
         @Bean

config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy

@@ -87,7 +87,6 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseSpringSpec {
      * </code>
      * @author Rob Winch
      */
-    @Configuration
     @EnableWebSecurity
     public static class HelloWorldWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
         @Override
@@ -154,7 +153,6 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseSpringSpec {
      * </code>
      * @author Rob Winch
      */
-    @Configuration
     @EnableWebSecurity
     public static class SampleWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
 
@@ -272,7 +270,6 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseSpringSpec {
      * </code>
      * @author Rob Winch
      */
-    @Configuration
     @EnableWebSecurity
     public static class SampleMultiHttpSecurityConfig {
         @Autowired

config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTests.groovy

@@ -88,7 +88,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class HeadersArePopulatedByDefaultConfig extends WebSecurityConfigurerAdapter {
 
         @Override
@@ -112,7 +111,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class WebAsyncPopulatedByDefaultConfig extends WebSecurityConfigurerAdapter {
 
         @Override
@@ -142,7 +140,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class InMemoryAuthWithWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter implements ApplicationListener<AuthenticationSuccessEvent> {
         static List<AuthenticationSuccessEvent> EVENTS = []
         @Bean
@@ -175,7 +172,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class OverrideContentNegotiationStrategySharedObjectConfig extends WebSecurityConfigurerAdapter {
         static ContentNegotiationStrategy CNS
 
@@ -193,7 +189,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class ContentNegotiationStrategyDefaultSharedObjectConfig extends WebSecurityConfigurerAdapter {}
 
     def "UserDetailsService lazy"() {
@@ -217,7 +212,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
         }
     }
 
-    @Configuration
     @EnableWebSecurity
     static class UserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
         @Autowired
@@ -250,7 +244,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
             context.getBean(ApplicationContextSharedObjectConfig).http.getSharedObject(ApplicationContext) == context
     }
 
-    @Configuration
     @EnableWebSecurity
     static class ApplicationContextSharedObjectConfig extends WebSecurityConfigurerAdapter {
 
@@ -276,7 +269,6 @@ class WebSecurityConfigurerAdapterTests extends BaseSpringSpec {
             context.getBean(CustomTrustResolverConfig).http.getSharedObject(AuthenticationTrustResolver) == CustomTrustResolverConfig.TR
     }
 
-    @Configuration
     @EnableWebSecurity
     static class CustomTrustResolverConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationTrustResolver TR

config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTestsConfigs.java

@@ -35,7 +35,6 @@ import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
 public class WebSecurityConfigurerAdapterTestsConfigs {
 
     // necessary because groovy resolves incorrect method when using generics
-    @Configuration
     @EnableWebSecurity
     static class MessageSourcesPopulatedConfig extends WebSecurityConfigurerAdapter {
         @Override

config/src/test/groovy/org/springframework/security/config/annotation/web/builders/DisableUseExpressionsConfig.java

@@ -20,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.BaseWebC
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer;
 
-@Configuration
 @EnableWebSecurity
 public class DisableUseExpressionsConfig extends BaseWebConfig {
     protected void configure(HttpSecurity http) throws Exception {

config/src/test/groovy/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.groovy

@@ -104,7 +104,6 @@ public class HttpSecurityTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class RequestMatcherRegistryConfigs extends BaseWebConfig {
         @Override
         protected void configure(HttpSecurity http) throws Exception {

config/src/test/groovy/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.groovy

@@ -478,7 +478,6 @@ public class NamespaceHttpTests extends BaseSpringSpec {
             findFilter(FilterSecurityInterceptor).accessDecisionManager.decisionVoters.collect { it.class } == [WebExpressionVoter]
     }
 
-    @Configuration
     @EnableWebSecurity
     static class UseExpressionsConfig extends BaseWebConfig {
         protected void configure(HttpSecurity http) throws Exception {

config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/BaseWebConfig.groovy

@@ -22,7 +22,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
  *
  * @author Rob Winch
  */
-@Configuration
 @EnableWebSecurity
 public abstract class BaseWebConfig extends WebSecurityConfigurerAdapter {
     BaseWebConfig(boolean disableDefaults) {

config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy

@@ -42,7 +42,6 @@ class EnableWebSecurityTests extends BaseSpringSpec {
 
 
     @EnableWebSecurity
-    @Configuration
     static class SecurityConfig extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(AuthenticationManagerBuilder auth) throws Exception {
@@ -79,7 +78,6 @@ class EnableWebSecurityTests extends BaseSpringSpec {
     static class ChildSecurityConfig extends DebugSecurityConfig {
     }
 
-    @Configuration
     @EnableWebSecurity(debug=true)
     static class DebugSecurityConfig extends WebSecurityConfigurerAdapter {
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/Sec2515Tests.groovy

@@ -36,7 +36,6 @@ public class Sec2515Tests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class StackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {
 
         @Override
@@ -55,7 +54,6 @@ public class Sec2515Tests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class CustomBeanNameStackOverflowSecurityConfig extends WebSecurityConfigurerAdapter {
 
         @Override
@@ -81,7 +79,6 @@ public class Sec2515Tests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class CanLoadWithChildConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationManager AM
         @Bean
@@ -98,7 +95,6 @@ public class Sec2515Tests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class SecurityConfig extends WebSecurityConfigurerAdapter {
 
         @Override

config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy

@@ -64,7 +64,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
     }
 
 
-    @Configuration
     @EnableWebSecurity
     static class SortedWebSecurityConfigurerAdaptersConfig {
         public AuthenticationManager authenticationManager() throws Exception {
@@ -140,7 +139,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
     }
 
 
-    @Configuration
     @EnableWebSecurity
     static class DuplicateOrderConfig {
         public AuthenticationManager authenticationManager() throws Exception {
@@ -186,7 +184,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class PrivilegeEvaluatorConfigurerAdapterConfig extends WebSecurityConfigurerAdapter {
         static WebInvocationPrivilegeEvaluator PE
 
@@ -210,7 +207,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class WebSecurityExpressionHandlerConfig extends WebSecurityConfigurerAdapter {
         static SecurityExpressionHandler EH
 
@@ -237,7 +233,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class WebSecurityExpressionHandlerDefaultsConfig extends WebSecurityConfigurerAdapter {
 
         @Override
@@ -258,7 +253,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class WebInvocationPrivilegeEvaluatorDefaultsConfig extends WebSecurityConfigurerAdapter {
 
         @Override
@@ -285,7 +279,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class DefaultExpressionHandlerSetsBeanResolverConfig extends WebSecurityConfigurerAdapter {
 
         @Override
@@ -331,7 +324,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class ParentConfig extends WebSecurityConfigurerAdapter {
         @Autowired
         public void configureGlobal(AuthenticationManagerBuilder auth) {
@@ -340,7 +332,6 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class ChildConfig extends WebSecurityConfigurerAdapter { }
 
     def "SEC-2773: delegatingApplicationListener is static method"() {

config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/a/Sec2377AConfig.java

@@ -20,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @EnableWebSecurity
-@Configuration
 public class Sec2377AConfig extends WebSecurityConfigurerAdapter {
 
 }

config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/sec2377/b/Sec2377BConfig.java

@@ -20,7 +20,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @EnableWebSecurity
-@Configuration
 public class Sec2377BConfig extends WebSecurityConfigurerAdapter {
 
 }

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.groovy

@@ -38,7 +38,6 @@ class AnonymousConfigurerTests extends BaseSpringSpec {
             findFilter(AnonymousAuthenticationFilter).key == "custom"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/AuthorizedRequestsWithPostProcessorConfig.java

@@ -25,7 +25,6 @@ import org.springframework.security.config.annotation.web.configuration.EnableWe
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 
-@Configuration
 @EnableWebSecurity
 public class AuthorizedRequestsWithPostProcessorConfig extends WebSecurityConfigurerAdapter {
     static ApplicationListener<AuthorizedEvent> AL;

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.groovy

@@ -64,7 +64,6 @@ class ChannelSecurityConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class DuplicateInvocationsDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 
         @Override

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.groovy

@@ -72,7 +72,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             context.getBean(RequestDataValueProcessor)
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     static class CsrfAppliedDefaultConfig extends WebSecurityConfigurerAdapter {
 
@@ -93,7 +92,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             response.status == HttpServletResponse.SC_OK
     }
 
-    @Configuration
     @EnableWebSecurity
     static class DisableCsrfConfig extends WebSecurityConfigurerAdapter {
 
@@ -125,7 +123,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             response.redirectedUrl == 'http://localhost/tosave'
     }
 
-    @Configuration
     @EnableWebSecurity
     static class DisableCsrfEnablesRequestCacheConfig extends WebSecurityConfigurerAdapter {
 
@@ -166,7 +163,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             response.status == HttpServletResponse.SC_FORBIDDEN
     }
 
-    @Configuration
     @EnableWebSecurity
     static class InvalidSessionUrlConfig extends WebSecurityConfigurerAdapter {
         @Override
@@ -194,7 +190,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             response.status == HttpServletResponse.SC_FORBIDDEN
     }
 
-    @Configuration
     @EnableWebSecurity
     static class RequireCsrfProtectionMatcherConfig extends WebSecurityConfigurerAdapter {
         static RequestMatcher matcher
@@ -250,7 +245,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             (1.._) *  CsrfTokenRepositoryConfig.repo.saveToken(null, _, _)
     }
 
-    @Configuration
     @EnableWebSecurity
     static class CsrfTokenRepositoryConfig extends WebSecurityConfigurerAdapter {
         static CsrfTokenRepository repo
@@ -284,7 +278,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             response.status == HttpServletResponse.SC_OK
     }
 
-    @Configuration
     @EnableWebSecurity
     static class AccessDeniedHandlerConfig extends WebSecurityConfigurerAdapter {
         static AccessDeniedHandler deniedHandler
@@ -312,7 +305,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             currentAuthentication == null
     }
 
-    @Configuration
     @EnableWebSecurity
     static class FormLoginConfig extends WebSecurityConfigurerAdapter {
         static AccessDeniedHandler deniedHandler
@@ -350,7 +342,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             currentAuthentication != null
     }
 
-    @Configuration
     @EnableWebSecurity
     static class LogoutConfig extends WebSecurityConfigurerAdapter {
         static AccessDeniedHandler deniedHandler
@@ -374,7 +365,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             currentAuthentication == null
     }
 
-    @Configuration
     @EnableWebSecurity
     static class LogoutAllowsGetConfig extends WebSecurityConfigurerAdapter {
         static AccessDeniedHandler deniedHandler
@@ -440,7 +430,6 @@ class CsrfConfigurerTests extends BaseSpringSpec {
             response.redirectedUrl == "http://localhost/some-url"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class CsrfDisablesPostRequestFromRequestCacheConfig extends WebSecurityConfigurerAdapter {
         static CsrfTokenRepository repo

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.groovy

@@ -60,7 +60,6 @@ class DefaultFiltersTests extends BaseSpringSpec {
         e.message.contains missingConfigMessage
     }
 
-    @Configuration
     @EnableWebSecurity
     static class FilterChainProxyBuilderMissingConfig { }
 
@@ -72,7 +71,6 @@ class DefaultFiltersTests extends BaseSpringSpec {
         e.message.contains missingConfigMessage
     }
 
-    @Configuration
     @EnableWebSecurity
     static class FilterChainProxyBuilderNoSecurityFilterBuildersConfig {
         @Bean
@@ -94,7 +92,6 @@ class DefaultFiltersTests extends BaseSpringSpec {
         filterChains[0].filters.find { it instanceof UsernamePasswordAuthenticationFilter }
     }
 
-    @Configuration
     @EnableWebSecurity
     static class NullWebInvocationPrivilegeEvaluatorConfig extends BaseWebConfig {
         NullWebInvocationPrivilegeEvaluatorConfig() {
@@ -121,7 +118,6 @@ class DefaultFiltersTests extends BaseSpringSpec {
                      ExceptionTranslationFilter, FilterSecurityInterceptor ]
     }
 
-    @Configuration
     @EnableWebSecurity
     static class FilterChainProxyBuilderIgnoringConfig extends BaseWebConfig {
         @Override
@@ -152,7 +148,6 @@ class DefaultFiltersTests extends BaseSpringSpec {
             "/logout" | null
     }
 
-    @Configuration
     @EnableWebSecurity
     static class DefaultFiltersConfigPermitAll extends BaseWebConfig {
         protected void configure(HttpSecurity http) {

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.groovy

@@ -95,7 +95,6 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class HttpBasicAndFormLoginEntryPointsConfig extends WebSecurityConfigurerAdapter {
 
         @Override
@@ -137,7 +136,6 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class OverrideContentNegotiationStrategySharedObjectConfig extends WebSecurityConfigurerAdapter {
         static ContentNegotiationStrategy CNS
 
@@ -155,7 +153,6 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class DefaultHttpConf extends WebSecurityConfigurerAdapter {
     }
 
@@ -167,7 +164,6 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class BasicAuthenticationEntryPointBeforeFormLoginConf extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
@@ -188,7 +184,6 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationEntryPoint AEP
         @Override

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerConfigs.java

@@ -47,7 +47,6 @@ public class ExpressionUrlAuthorizationConfigurerConfigs {
      * Ensure that All additional properties properly compile and chain properly
      */
     @EnableWebSecurity
-    @Configuration
     static class AllPropertiesWorkConfig extends WebSecurityConfigurerAdapter {
 
         @SuppressWarnings("rawtypes")
@@ -69,7 +68,6 @@ public class ExpressionUrlAuthorizationConfigurerConfigs {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class UseBeansInExpressions extends WebSecurityConfigurerAdapter {
 
         @Autowired
@@ -102,7 +100,6 @@ public class ExpressionUrlAuthorizationConfigurerConfigs {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class CustomExpressionRootConfig extends WebSecurityConfigurerAdapter {
 
         @Autowired

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationsTests.groovy

@@ -81,7 +81,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class NoSpecificAccessDecessionManagerConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -99,7 +98,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class NoRequestsConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -116,7 +114,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class IncompleteMappingConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -148,7 +145,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class HasAuthorityConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -187,7 +183,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class HasAnyAuthorityConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -215,7 +210,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class HasIpAddressConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -242,7 +236,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class AnonymousConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -269,7 +262,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class RememberMeConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -305,7 +297,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class DenyAllConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -332,7 +323,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class NotDenyAllConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -365,7 +355,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class FullyAuthenticatedConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -408,7 +397,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class AccessConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -440,7 +428,6 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class InvokeTwiceDoesNotResetConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy

@@ -91,7 +91,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
             response.redirectedUrl == "http://localhost/login"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class FormLoginConfig extends BaseWebConfig {
         @Override
@@ -131,7 +130,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
             "/login" | "GET" | "error" | null
     }
 
-    @Configuration
     @EnableWebSecurity
     static class FormLoginConfigPermitAll extends BaseWebConfig {
 
@@ -167,7 +165,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
             "/authenticate" | "GET"  | "logout"| null
     }
 
-    @Configuration
     @EnableWebSecurity
     static class FormLoginDefaultsConfig extends BaseWebConfig {
 
@@ -199,7 +196,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
             response.redirectedUrl == "/"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class FormLoginLoginProcessingUrlConfig extends BaseWebConfig {
 
@@ -233,7 +229,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
             findFilter(ExceptionTranslationFilter).authenticationEntryPoint.portMapper == FormLoginUsesPortMapperConfig.PORT_MAPPER
     }
 
-    @Configuration
     @EnableWebSecurity
     static class FormLoginUsesPortMapperConfig extends BaseWebConfig {
         static PortMapper PORT_MAPPER
@@ -266,7 +261,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class PermitAllIgnoresFailureHandlerConfig extends BaseWebConfig {
         static AuthenticationFailureHandler FAILURE_HANDLER
 
@@ -292,7 +286,6 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class DuplicateInvocationsDoesNotOverrideConfig extends BaseWebConfig {
         static AuthenticationFailureHandler FAILURE_HANDLER
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.groovy

@@ -54,7 +54,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
                          'X-XSS-Protection' : '1; mode=block']
     }
 
-    @Configuration
     @EnableWebSecurity
     static class HeadersConfig extends WebSecurityConfigurerAdapter {
 
@@ -73,7 +72,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
             responseHeaders == ['X-Content-Type-Options':'nosniff']
     }
 
-    @Configuration
     @EnableWebSecurity
     static class ContentTypeOptionsConfig extends WebSecurityConfigurerAdapter {
 
@@ -92,7 +90,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
             responseHeaders == ['X-Frame-Options':'DENY']
     }
 
-    @Configuration
     @EnableWebSecurity
     static class FrameOptionsConfig extends WebSecurityConfigurerAdapter {
 
@@ -112,7 +109,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
             responseHeaders == ['Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains']
     }
 
-    @Configuration
     @EnableWebSecurity
     static class HstsConfig extends WebSecurityConfigurerAdapter {
 
@@ -133,7 +129,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
                          'Pragma':'no-cache']
     }
 
-    @Configuration
     @EnableWebSecurity
     static class CacheControlConfig extends WebSecurityConfigurerAdapter {
 
@@ -152,7 +147,6 @@ class HeadersConfigurerTests extends BaseSpringSpec {
             responseHeaders == ['X-XSS-Protection' : '1; mode=block']
     }
 
-    @Configuration
     @EnableWebSecurity
     static class XssProtectionConfig extends WebSecurityConfigurerAdapter {
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.groovy

@@ -58,7 +58,6 @@ class HttpBasicConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class DefaultsEntryPointConfig extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
@@ -86,7 +85,6 @@ class HttpBasicConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class CustomAuthenticationEntryPointConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationEntryPoint ENTRY_POINT
 
@@ -114,7 +112,6 @@ class HttpBasicConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class DuplicateDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationEntryPoint ENTRY_POINT
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/Issue55Tests.groovy

@@ -46,7 +46,6 @@ class Issue55Tests extends BaseSpringSpec {
             findFilter(FilterSecurityInterceptor).authenticationManager.authenticate(token) == CustomAuthenticationManager.RESULT
      }
 
-    @Configuration
     @EnableWebSecurity
     static class WebSecurityConfigurerAdapterDefaultsAuthManagerConfig {
         @Component
@@ -79,7 +78,6 @@ class Issue55Tests extends BaseSpringSpec {
             findFilter(FilterSecurityInterceptor,1).authenticationManager.authenticate(token) == CustomAuthenticationManager.RESULT
      }
 
-    @Configuration
     @EnableWebSecurity
     static class MultiWebSecurityConfigurerAdapterDefaultsAuthManagerConfig {
         @Component

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.groovy

@@ -54,7 +54,6 @@ class JeeConfigurerTests extends BaseSpringSpec {
             findFilter(J2eePreAuthenticatedProcessingFilter).authenticationDetailsSource.j2eeMappableRoles == ["ROLE_USER"] as Set
     }
 
-    @Configuration
     @EnableWebSecurity
     static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
         @Override

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.groovy

@@ -54,7 +54,6 @@ class LogoutConfigurerTests extends BaseSpringSpec {
             response.redirectedUrl == "/login?logout"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
 
@@ -78,7 +77,6 @@ class LogoutConfigurerTests extends BaseSpringSpec {
             response.redirectedUrl == "/login?logout"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class CsrfDisabledConfig extends WebSecurityConfigurerAdapter {
 
@@ -101,7 +99,6 @@ class LogoutConfigurerTests extends BaseSpringSpec {
             response.redirectedUrl == "/login?logout"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class CsrfDisabledCustomLogoutUrlConfig extends WebSecurityConfigurerAdapter {
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceDebugTests.groovy

@@ -71,7 +71,6 @@ public class NamespaceDebugTests extends BaseSpringSpec {
             context.getBean("springSecurityFilterChain").class == DebugFilter
     }
 
-    @Configuration
     @EnableWebSecurity(debug=true)
     static class DebugWebSecurity extends WebSecurityConfigurerAdapter {
     }

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.groovy

@@ -137,7 +137,6 @@ public class NamespaceHttpCustomFilterTests extends BaseSpringSpec {
         filterChain().filters[0].class == CustomFilter
     }
 
-    @Configuration
     @EnableWebSecurity
     static class NoAuthenticationManagerInHtppConfigurationConfig extends WebSecurityConfigurerAdapter {
         NoAuthenticationManagerInHtppConfigurationConfig() {

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.groovy

@@ -40,7 +40,6 @@ public class NamespaceHttpExpressionHandlerTests extends BaseSpringSpec {
             noExceptionThrown()
     }
 
-    @Configuration
     @EnableWebSecurity
     static class ExpressionHandlerConfig extends BaseWebConfig {
         static EXPRESSION_HANDLER;

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.groovy

@@ -131,7 +131,6 @@ public class NamespaceHttpInterceptUrlTests extends BaseSpringSpec {
             response.redirectedUrl == "http://localhost/user"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class HttpInterceptUrlConfig extends WebSecurityConfigurerAdapter {
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.groovy

@@ -92,7 +92,6 @@ public class NamespaceHttpJeeTests extends BaseSpringSpec {
             authenticationManager.providers.find { it instanceof PreAuthenticatedAuthenticationProvider }.preAuthenticatedUserDetailsService.class == PreAuthenticatedGrantedAuthoritiesUserDetailsService
     }
 
-    @Configuration
     @EnableWebSecurity
     public static class JeeMappableRolesConfig extends WebSecurityConfigurerAdapter {
 
@@ -119,7 +118,6 @@ public class NamespaceHttpJeeTests extends BaseSpringSpec {
             authenticationManager.providers.find { it instanceof PreAuthenticatedAuthenticationProvider }.preAuthenticatedUserDetailsService.class == CustomUserService
     }
 
-    @Configuration
     @EnableWebSecurity
     public static class JeeUserServiceRefConfig extends WebSecurityConfigurerAdapter {
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.groovy

@@ -81,7 +81,6 @@ public class NamespaceHttpPortMappingsTests extends BaseSpringSpec {
             response.redirectedUrl == "http://localhost:9080/user"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class HttpInterceptUrlWithPortMapperConfig extends WebSecurityConfigurerAdapter {
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.groovy

@@ -78,7 +78,6 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
             authenticationManager.providers.find { it instanceof PreAuthenticatedAuthenticationProvider }.preAuthenticatedUserDetailsService.class == UserDetailsByNameServiceWrapper
     }
 
-    @Configuration
     @EnableWebSecurity
     public static class X509Config extends WebSecurityConfigurerAdapter {
         @Override
@@ -111,7 +110,6 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
             authenticationManager.providers.find { it instanceof PreAuthenticatedAuthenticationProvider }.preAuthenticatedUserDetailsService.class == UserDetailsByNameServiceWrapper
     }
 
-    @Configuration
     @EnableWebSecurity
     public static class AuthenticationDetailsSourceRefConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> AUTHENTICATION_DETAILS_SOURCE
@@ -144,7 +142,6 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
             authentication().name == 'rod'
     }
 
-    @Configuration
     @EnableWebSecurity
     public static class SubjectPrincipalRegexConfig extends WebSecurityConfigurerAdapter {
         @Override
@@ -177,7 +174,6 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
             authentication().name == 'customuser'
     }
 
-    @Configuration
     @EnableWebSecurity
     public static class UserDetailsServiceRefConfig extends WebSecurityConfigurerAdapter {
         @Override
@@ -210,7 +206,6 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
             authentication().name == 'customuser'
     }
 
-    @Configuration
     @EnableWebSecurity
     public static class AuthenticationUserDetailsServiceConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> AUTHENTICATION_DETAILS_SOURCE

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy

@@ -291,7 +291,6 @@ public class NamespaceRememberMeTests extends BaseSpringSpec {
            1 * DefaultsUserDetailsServiceWithDaoConfig.USERDETAILS_SERVICE.loadUserByUsername("user")
     }
 
-    @Configuration
     @EnableWebSecurity
     static class DefaultsUserDetailsServiceWithDaoConfig extends WebSecurityConfigurerAdapter {
         static UserDetailsService USERDETAILS_SERVICE

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.groovy

@@ -45,7 +45,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class SessionManagementConfig extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
@@ -69,7 +68,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class CustomSessionManagementConfig extends WebSecurityConfigurerAdapter {
         static SessionRegistry SR
         @Override
@@ -95,7 +93,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class RefsSessionManagementConfig extends WebSecurityConfigurerAdapter {
         static SessionAuthenticationStrategy SAS
         @Override
@@ -114,7 +111,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class SFPNoneSessionManagementConfig extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
@@ -132,7 +128,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class SFPMigrateSessionManagementConfig extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
@@ -153,7 +148,6 @@ class NamespaceSessionManagementTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class SFPNewSessionSessionManagementConfig extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.groovy

@@ -51,7 +51,6 @@ class PermitAllSupportTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class NoAuthorizedUrlsConfig extends WebSecurityConfigurerAdapter {
 
         @Override

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.groovy

@@ -46,7 +46,6 @@ class PortMapperConfigurerTests extends BaseSpringSpec {
             response.redirectedUrl == "https://localhost:123"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
         @Override

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy

@@ -60,7 +60,6 @@ public class RememberMeConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class NullUserDetailsConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
@@ -158,7 +157,6 @@ public class RememberMeConfigurerTests extends BaseSpringSpec {
             response.getRedirectedUrl() == "http://localhost/login"
     }
 
-    @Configuration
     @EnableWebSecurity
     static class RememberMeConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.groovy

@@ -162,7 +162,6 @@ class RequestCacheConfigurerTests extends BaseSpringSpec {
 
     }
 
-    @Configuration
     @EnableWebSecurity
     static class RequestCacheDefautlsConfig extends WebSecurityConfigurerAdapter {
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.groovy

@@ -54,7 +54,6 @@ class SecurityContextConfigurerTests extends BaseSpringSpec {
             findFilter(SecurityContextPersistenceFilter).repo == InvokeTwiceDoesNotOverrideConfig.SCR
     }
 
-    @Configuration
     @EnableWebSecurity
     static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
         static SecurityContextRepository SCR

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.groovy

@@ -66,7 +66,6 @@ class ServletApiConfigurerTests extends BaseSpringSpec {
 
     @CompileStatic
     @EnableWebSecurity
-    @Configuration
     static class ServletApiConfig extends WebSecurityConfigurerAdapter {
 
         @Override
@@ -87,7 +86,6 @@ class ServletApiConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class CustomEntryPointConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationEntryPoint ENTRYPOINT
 
@@ -117,7 +115,6 @@ class ServletApiConfigurerTests extends BaseSpringSpec {
             findFilter(SecurityContextHolderAwareRequestFilter).authenticationEntryPoint == InvokeTwiceDoesNotOverrideConfig.ENTRYPOINT
     }
 
-    @Configuration
     @EnableWebSecurity
     static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationEntryPoint ENTRYPOINT
@@ -141,7 +138,6 @@ class ServletApiConfigurerTests extends BaseSpringSpec {
             findFilter(SecurityContextHolderAwareRequestFilter).trustResolver == SharedTrustResolverConfig.TR
     }
 
-    @Configuration
     @EnableWebSecurity
     static class SharedTrustResolverConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationTrustResolver TR

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.groovy

@@ -58,7 +58,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class SessionManagementDoesNotOverrideExplicitRequestCacheConfig extends WebSecurityConfigurerAdapter {
         static RequestCache REQUEST_CACHE
 
@@ -83,7 +82,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
             findFilter(SecurityContextPersistenceFilter).repo == SessionManagementDoesNotOverrideExplicitSecurityContextRepositoryConfig.SECURITY_CONTEXT_REPO
     }
 
-    @Configuration
     @EnableWebSecurity
     static class SessionManagementDoesNotOverrideExplicitSecurityContextRepositoryConfig extends WebSecurityConfigurerAdapter {
         static SecurityContextRepository SECURITY_CONTEXT_REPO
@@ -107,7 +105,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
             findFilter(SecurityContextPersistenceFilter).repo.class == NullSecurityContextRepository
     }
 
-    @Configuration
     @EnableWebSecurity
     static class InvokeTwiceDoesNotOverride extends WebSecurityConfigurerAdapter {
         @Override
@@ -134,7 +131,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class DisableSessionFixationEnableConcurrencyControlConfig extends WebSecurityConfigurerAdapter {
         @Override
         public void configure(HttpSecurity http) {
@@ -191,7 +187,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class ConcurrencyControlConfig extends WebSecurityConfigurerAdapter {
         @Override
         public void configure(HttpSecurity http) {
@@ -244,7 +239,6 @@ class SessionManagementConfigurerTests extends BaseSpringSpec {
             findFilter(SessionManagementFilter).trustResolver == SharedTrustResolverConfig.TR
     }
 
-    @Configuration
     @EnableWebSecurity
     static class SharedTrustResolverConfig extends WebSecurityConfigurerAdapter {
         static AuthenticationTrustResolver TR

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.groovy

@@ -68,7 +68,6 @@ public class UrlAuthorizationsTests extends BaseSpringSpec {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class NoSpecificAccessDecessionManagerConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.groovy

@@ -62,7 +62,6 @@ class OpenIDLoginConfigurerTests extends BaseSpringSpec {
 
     }
 
-    @Configuration
     @EnableWebSecurity
     static class InvokeTwiceDoesNotOverrideConfig extends WebSecurityConfigurerAdapter {
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerNoWebMvcTests.java

@@ -56,7 +56,6 @@ public class CsrfConfigurerNoWebMvcTests {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class EnableWebConfig extends WebSecurityConfigurerAdapter {
 
         @Override
@@ -65,7 +64,6 @@ public class CsrfConfigurerNoWebMvcTests {
     }
 
     @EnableWebMvcSecurity
-    @Configuration
     static class EnableWebMvcConfig extends WebSecurityConfigurerAdapter {
 
         @Override

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java

@@ -110,7 +110,6 @@ public class SessionManagementConfigurerServlet31Tests {
     }
 
     @EnableWebSecurity
-    @Configuration
     static class SessionManagementDefaultSessionFixationServlet31Config extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {

docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc

@@ -55,7 +55,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.configuration.*;
 
-@Configuration
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 

docs/guides/src/asciidoc/form.asc

@@ -54,7 +54,6 @@ We will want to ensure we compensate for overriding these defaults in our update
 
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -101,7 +100,6 @@ To fix this we need to instruct Spring Security to allow anyone to access the */
 ----
 // ...
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -212,7 +210,6 @@ We need to update our configuration to allow anyone to access our resources and
 ----
 // ...
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 

docs/guides/src/asciidoc/hellomvc.asc

@@ -118,7 +118,6 @@ If you try to log out right now the request will fail. The reason is that Spring
 ----
 import org.springframework.security.config.annotation.web.servlet.configuration.*;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 ----

docs/manual/src/docs/asciidoc/index.adoc

@@ -418,7 +418,6 @@ import org.springframework.context.annotation.*;
 import org.springframework.security.config.annotation.authentication.builders.*;
 import org.springframework.security.config.annotation.web.configuration.*;
 
-@Configuration
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
@@ -756,7 +755,6 @@ We can configure multiple HttpSecurity instances just as we can have multiple `<
 
 [source,java]
 ----
-@Configuration
 @EnableWebSecurity
 public class MultiHttpSecurityConfig {
     @Autowired
@@ -812,7 +810,6 @@ We can enable annotation-based security using the `@EnableGlobalMethodSecurity`
 
 [source,java]
 ----
-@Configuration
 @EnableGlobalMethodSecurity(securedEnabled = true)
 public class MethodSecurityConfig {
    // ...
@@ -840,7 +837,6 @@ Support for JSR-250 annotations can be enabled using
 
 [source,java]
 ----
-@Configuration
 @EnableGlobalMethodSecurity(jsr250Enabled = true)
 public class MethodSecurityConfig {
    // ...
@@ -851,7 +847,6 @@ These are standards-based and allow simple role-based constraints to be applied
 
 [source,java]
 ----
-@Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class MethodSecurityConfig {
    // ...
@@ -881,7 +876,6 @@ Sometimes you may need to perform operations that are more complicated than are
 
 [source,java]
 ----
-@Configuration
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 public class MethodSecurityConfig extends GlobalMethodSecurityConfiguration {
     @Override
@@ -3097,7 +3091,6 @@ CSRF protection is enabled by default with Java configuration. If you would like
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3217,7 +3210,6 @@ If you really want to use HTTP GET with logout you can do so, but remember this
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3352,7 +3344,6 @@ If you are using Spring Security's Java configuration, all of the default securi
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3370,7 +3361,6 @@ As soon as you specify any headers that should be included, then only those head
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3414,7 +3404,6 @@ Similarly, you can enable only cache control within Java Configuration with the
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3485,7 +3474,6 @@ The X-Content-Type-Options header is added by default with Spring Security Java
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3537,7 +3525,6 @@ Similarly, you can enable only HSTS headers with Java Configuration:
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3587,7 +3574,6 @@ Similarly, you can enable only frame options within Java Configuration with the
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3632,7 +3618,6 @@ Similarly, you can enable only xss protection within Java Configuration with the
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3679,7 +3664,6 @@ Similarly, the headers could be added to the response using Java Configuration a
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3724,7 +3708,6 @@ We could also restrict framing of content to the same origin with Java configura
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -3775,7 +3758,6 @@ We could also prevent framing of content to the log in page using java configura
 [source,java]
 ----
 @EnableWebSecurity
-@Configuration
 public class WebSecurityConfig extends
    WebSecurityConfigurerAdapter {
 
@@ -5969,7 +5951,6 @@ To enable Spring Security integration with Spring MVC add the `@EnableWebMvcSecu
 
 [source,java]
 ----
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig {
     // ...

samples/aspectj-jc/src/main/java/sample/aspectj/AspectjSecurityConfig.java

@@ -25,7 +25,6 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
 /**
  * @author Rob Winch
  */
-@Configuration
 @EnableGlobalMethodSecurity(mode = AdviceMode.ASPECTJ,securedEnabled = true)
 public class AspectjSecurityConfig {
 	@Bean

samples/concurrency-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -8,7 +8,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 @EnableGlobalMethodSecurity(prePostEnabled=true)
 public class SecurityConfig extends WebSecurityConfigurerAdapter {

samples/form-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -7,7 +7,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 

samples/hellojs-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 

samples/hellomvc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 

samples/helloworld-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -5,7 +5,6 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.*	;
 import org.springframework.security.config.annotation.web.configuration.*;
 
-@Configuration
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 

samples/inmemory-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 

samples/jdbc-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -9,7 +9,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired

samples/ldap-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired

samples/openid-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -6,7 +6,6 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 import org.springframework.security.samples.security.CustomUserDetailsService;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Override

samples/preauth-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -5,7 +5,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 

samples/rememberme-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -7,7 +7,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 

samples/x509-jc/src/main/java/org/springframework/security/samples/config/SecurityConfig.java

@@ -7,7 +7,6 @@ import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
-@Configuration
 @EnableWebMvcSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 

test/src/test/java/org/springframework/security/test/context/showcase/WithMockUserTests.java

@@ -67,7 +67,6 @@ public class WithMockUserTests {
 		assertThat(message).contains("admin").contains("ROLE_USER").contains("ROLE_ADMIN");
 	}
 
-	@Configuration
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {

test/src/test/java/org/springframework/security/test/context/showcase/WithUserDetailsTests.java

@@ -67,7 +67,6 @@ public class WithUserDetailsTests {
 		assertThat(getPrincipal()).isInstanceOf(CustomUserDetails.class);
 	}
 
-	@Configuration
 	@EnableGlobalMethodSecurity(prePostEnabled = true)
 	@ComponentScan(basePackageClasses = HelloMessageService.class)
 	static class Config {

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.java

@@ -42,7 +42,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 @RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration
+@ContextConfiguration(classes=SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests.Config.class)
 @WebAppConfiguration
 public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
 
@@ -69,7 +69,6 @@ public class SecurityMockMvcRequestPostProcessorsAuthenticationStatelessTests {
           .andExpect(status().is2xxSuccessful());
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.java

@@ -44,7 +44,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilder
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 @RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration
+@ContextConfiguration(classes = SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests.Config.class)
 @WebAppConfiguration
 public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTests {
 
@@ -73,7 +73,6 @@ public class SecurityMockMvcRequestPostProcessorsTestSecurityContextStatelessTes
           .andExpect(status().is2xxSuccessful());
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/response/SecurityMockMvcResultMatchersTests.java

@@ -23,7 +23,7 @@ import org.springframework.web.context.WebApplicationContext;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 @RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration
+@ContextConfiguration(classes = SecurityMockMvcResultMatchersTests.Config.class)
 @WebAppConfiguration
 public class SecurityMockMvcResultMatchersTests {
     @Autowired
@@ -52,7 +52,6 @@ public class SecurityMockMvcResultMatchersTests {
             .andExpect(authenticated().withRoles("USER"));
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CsrfShowcaseTests.java

@@ -77,7 +77,6 @@ public class CsrfShowcaseTests {
             .andExpect(status().isForbidden());
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/CustomCsrfShowcaseTests.java

@@ -75,7 +75,6 @@ public class CustomCsrfShowcaseTests {
         .andExpect(status().isNotFound());
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/csrf/DefaultCsrfShowcaseTests.java

@@ -69,7 +69,6 @@ public class DefaultCsrfShowcaseTests {
             .andExpect(status().isNotFound());
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/AuthenticationTests.java

@@ -89,7 +89,6 @@ public class AuthenticationTests {
             .andExpect(unauthenticated());
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomConfigAuthenticationTests.java

@@ -90,7 +90,6 @@ public class CustomConfigAuthenticationTests {
             .andExpect(unauthenticated());
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/login/CustomLoginRequestBuilderAuthenticationTests.java

@@ -81,7 +81,6 @@ public class CustomLoginRequestBuilderAuthenticationTests {
                     .passwordParam("pass");
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/DefaultfSecurityRequestsTests.java

@@ -82,7 +82,6 @@ public class DefaultfSecurityRequestsTests {
             .andExpect(authenticated().withUsername("user"));
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/SecurityRequestsTests.java

@@ -106,7 +106,6 @@ public class SecurityRequestsTests {
             .andExpect(authenticated().withAuthentication(authentication));
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserAuthenticationTests.java

@@ -78,7 +78,6 @@ public class WithUserAuthenticationTests {
             .andExpect(authenticated().withUsername("user").withRoles("ADMIN"));
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserClassLevelAuthenticationTests.java

@@ -77,7 +77,6 @@ public class WithUserClassLevelAuthenticationTests {
             .andExpect(authenticated().withUsername("user").withRoles("ADMIN"));
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsAuthenticationTests.java

@@ -80,7 +80,6 @@ public class WithUserDetailsAuthenticationTests {
             .andExpect(authenticated().withUsername("admin").withRoles("ADMIN","USER"));
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/servlet/showcase/secured/WithUserDetailsClassLevelAuthenticationTests.java

@@ -79,7 +79,6 @@ public class WithUserDetailsClassLevelAuthenticationTests {
             .andExpect(authenticated().withUsername("admin").withRoles("ADMIN","USER"));
     }
 
-    @Configuration
     @EnableWebMvcSecurity
     @EnableWebMvc
     static class Config extends WebSecurityConfigurerAdapter {

test/src/test/java/org/springframework/security/test/web/support/WebTestUtilsTests.java

@@ -123,7 +123,6 @@ public class WebTestUtilsTests {
     @Configuration
     static class Config {}
 
-    @Configuration
     @EnableWebSecurity
     static class SecurityNoCsrfConfig extends WebSecurityConfigurerAdapter {
 
@@ -133,7 +132,6 @@ public class WebTestUtilsTests {
         }
     }
 
-    @Configuration
     @EnableWebSecurity
     static class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
         static CsrfTokenRepository CSRF_REPO;