Your code compiles just fine for me in Eclipse, using Maven, and Gradle. I'm guessing you are using IntelliJ which has a bug for handling the generic return types. In the meantime you can move the authorizeRequests() to the bottom and IntelliJ will compile the rest.
By the way I would encourage you to use the following:
protected void configure(HttpSecurity http) throws Exception {
http
.httpBasic()
.and()
.authorizeRequests()
.anyRequest().hasRole("USER");
}
Three changes:
- Move authorizeRequests() to the bottom to work around the IntelliJ bug
- You can use the anyRequest() matcher instead of antMatchers("/**") This is the same thing, but increases the readability and gives you compile time checks
- Change the formatting to match Spring Security Java Config Preview: Readability
PS: Also of note is http://youtrack.jetbrains.com/issue/IDEA-118527