Update to eliminate the need to provide an empty WebSecurityConfigurerAdapter

Author: dogeared

extensions/spring/boot/stormpath-spring-security-webmvc-spring-boot-starter/src/main/java/com/stormpath/spring/boot/autoconfigure/StormpathWebSecurityAutoConfiguration.java

@@ -33,7 +33,10 @@
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.AuthenticationEntryPoint;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@@ -179,4 +182,12 @@ public StormpathWrapperFilter stormpathWrapperFilter() {
         return super.stormpathWrapperFilter();
     }
 
+    // Fix for: https://github.com/stormpath/stormpath-sdk-java/issues/1238
+    // If stormpath is enabled, we don't want the spring security default definition
+    @Order // uses default of max which ensure there won't be a clash with override
+    @Configuration
+    protected static class SpringSecurityWebAppConfig extends WebSecurityConfigurerAdapter {
+        @Override
+        protected void configure(HttpSecurity http) throws Exception {}
+    }
 }