Spring boot Spring引导，Spring安全性-基于XML的配置

Spring Boot 2.3.4，Spring安全，保护REST控制器（端点）

我有一个带有Java配置类的解决方案，但现在我有了使用XML的任务

public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    public static final String USER = "USER";
    public static final String ADMIN = "ADMIN";

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user")
                .password("{noop}" + "user123")
                .roles(USER)
            .and()
                .withUser("admin")
                .password("{noop}" + "admin456")
                .roles(ADMIN, USER);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .httpBasic()
            .and()
            .authorizeRequests()
                .antMatchers("/", "/login").permitAll()
                .antMatchers("/path1/**").hasRole(ADMIN)
                .antMatchers("/path2/**").hasRole(USER)
                .antMatchers(HttpMethod.DELETE, "/path3/{name}").hasRole(ADMIN)
                .antMatchers(HttpMethod.GET, "/path3/{name}").hasRole(USER)
                // more antMatchers...
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .csrf().disable()
            .formLogin().disable();
    }    
}

以前从未进行过基于XML的配置，这一定是以前做过很多的事情。无论如何，我得到了用XML完成这项任务的机会

我不知道怎么做。 需要哪些部分，只是XML文件，还是Java配置文件（如WebSecurityConfig.Java）？

我尝试了以下方法

WebSecurityConfig.java

@Configuration
@ImportResource({ "classpath:webSecurityConfig.xml" })
public class WebSecurityConfig {
    public WebSecurityConfig() {
        super();
    }    
}

webSecurityConfig.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security" 
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
             xmlns:beans="http://www.springframework.org/schema/beans"
             xsi:schemaLocation="
                http://www.springframework.org/schema/security 
                http://www.springframework.org/schema/security/spring-security.xsd 
                http://www.springframework.org/schema/beans 
                http://www.springframework.org/schema/beans/spring-beans.xsd">

    <http create-session="stateless" use-expressions="true">        
        <intercept-url pattern="/" access="permitAll()"/>
        <intercept-url pattern="/login" access="permitAll()"/>
        <intercept-url pattern="/path1/**" access="hasAuthority('ROLE_ADMIN')"/>
        <intercept-url pattern="/path2/**" access="hasAuthority('ROLE_USER')"/>
        <intercept-url method="DELETE" pattern="/path3/{name}" access="hasAuthority('ROLE_ADMIN')"/>
        <intercept-url method="GET" pattern="/path3/{name}" access="hasAuthority('ROLE_USER')"/>

        <http-basic/>         
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="user" password="{noop}user123" authorities="ROLE_USER"/>
                <user name="admin" password="{noop}admin456" authorities="ROLE_USER,ROLE_ADMIN"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

不确定是哪里出了问题或遗漏了什么。到目前为止，谷歌的帮助不大。

请查看并

***************************
APPLICATION FAILED TO START
***************************

Description:

Parameter 0 of method setObjectPostProcessor in org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter required a bean of type 'org.springframework.security.config.annotation.ObjectPostProcessor' that could not be found.

Action:

Consider defining a bean of type 'org.springframework.security.config.annotation.ObjectPostProcessor' in your configuration.