SecurityConfig.java

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;

/**
 * Security Configuration - LDAP and HTTP Basic Authorizations.
 */
@Configuration
@PropertySource("classpath:application.properties")
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    private static final Logger LOG = LoggerFactory.getLogger(SecurityConfig.class);

    @Value("${secure-end-points}") private String secureEndPoints;
    @Value("${user-search-filter}") private String userSearchFilter;
    @Value("${user-dn-patterns}") private String userDnPatterns;
    @Value("${ldap-url}") private String url;
    @Value("${ldap-port}") private String port;
    @Value("${ldap-context-root}") private String contextRoot;
    @Value("${manager-dn}") private String managerDn;
    @Value("${manager-password}") private String managerPassword;

    /**
     * Default constructor
     */
    public SecurityConfig() {
        super();
    }

    @Override protected void configure(HttpSecurity http) throws Exception {
        final String[] endPointsArray = this.secureEndPoints.split(",");
        http.csrf()
                .disable()
                .requestMatchers()
                .antMatchers(endPointsArray)
                .and()
                .authorizeRequests()
                .antMatchers(endPointsArray)
                .authenticated()
                .and()
                .httpBasic()
                .and()
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
    }

    @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        try {
            String completeUrl = new StringBuffer(this.url).append(":")
                    .append(this.port)
                    .append("/")
                    .append(this.contextRoot)
                    .toString();

            auth.ldapAuthentication()
                    .userSearchFilter(userSearchFilter)
                    .userDnPatterns(userDnPatterns)
                    .contextSource()
                    .url(completeUrl)
                    .managerDn(managerDn)
                    .managerPassword(managerPassword);
        }
        catch (Exception ex) {
           LOG.error("Handle exception here");
            throw ex;
        }
    }

    /**
     * In order to resolve ${...} placeholders in definitions or @Value annotations using properties
     * from a PropertySource, one must register a PropertySourcesPlaceholderConfigurer. This happens
     * automatically when using XML configuration, but must be explicitly registered using a static
     * @Bean method when using @Configuration classes.
     */
    @Bean public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
        return new PropertySourcesPlaceholderConfigurer();
    }
}

Suggest getting rid of local string variables for demo purposes as well. Might be a client best practice, but not a general one.

Might want to replace this with a simple LOG.error("Handle exception here"); for demo purposes.