package com.pivotal.demo.polymer.resource; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession; import org.springframework.session.web.http.HeaderHttpSessionStrategy; @Profile("session") @Configuration @EnableRedisHttpSession public class PolymerResourceSpringSecurityConfig extends WebSecurityConfigurerAdapter { @Bean HeaderHttpSessionStrategy sessionStrategy() { return new HeaderHttpSessionStrategy(); } @Override protected void configure(HttpSecurity http) throws Exception { http.httpBasic().disable(); http.authorizeRequests().anyRequest().authenticated(); } }