@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER - 1) @Configuration @EnableWebSecurity public class SecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Autowired private FilterIgnorePropertiesConfig filterIgnorePropertiesConfig; @Autowired private MobileSecurityConfigurer mobileSecurityConfigurer; @Override public void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http.formLogin().loginPage("/authentication/require") .loginProcessingUrl("/authentication/form") .and() .authorizeRequests(); filterIgnorePropertiesConfig.getUrls().forEach(url -> registry.antMatchers(url).permitAll()); registry.anyRequest().authenticated() .and() .csrf().disable(); http.apply(mobileSecurityConfigurer); }}