NonWebSecurityConfig.java

@Configuration
@EnableConfigurationProperties({ CommandLineSecurityConfigurer.class })
@ConditionalOnNotWebApplication
public class NonWebSecurityConfig {

	@Bean
	public GrantedAuthority createGrantedAuthority(CommandLineSecurityConfigurer cliSecurityConfigurer) {
		return new SimpleGrantedAuthority("ROLE_" + cliSecurityConfigurer.getRequiredRole());
	}
}

WebSecurityConfig.java

@Configuration
@ConditionalOnWebApplication
@EnableConfigurationProperties({WebSecurityConfigurer.class})
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	private WebSecurityConfigurer webSecurityConfigurer;
	
	@Override
    protected void configure(final HttpSecurity http) throws Exception {
        http
          .csrf().disable()
          .authorizeRequests()
          .antMatchers(webSecurityConfigurer.getAdminEndpoints()).hasRole("ADMIN")
          .antMatchers(webSecurityConfigurer.getUserEndpoints()).hasRole("USER")
          .antMatchers(webSecurityConfigurer.getUnsecuredEndpoints()).permitAll()
          .antMatchers("/login*").permitAll()
          .anyRequest().authenticated()
          .and()
          .formLogin();
    }

}