vaadin · mcollovati · May 8, 2025 · May 8, 2025
diff --git a/articles/flow/security/enabling-security.adoc b/articles/flow/security/enabling-security.adoc
@@ -575,9 +575,9 @@ To add impersonation for a Vaadin application, create the [classname]`SwitchUser
 [source,java]
 ----
   @Bean
-  @DependsOn("VaadinSecurityContextHolderStrategy")
-  public SwitchUserFilter switchUserFilter() {
+  public SwitchUserFilter switchUserFilter(VaadinAwareSecurityContextHolderStrategy strategy) {
     SwitchUserFilter filter = new SwitchUserFilter();
+    filter.setSecurityContextHolderStrategy(strategy);
     filter.setUserDetailsService(userDetailsService());
     filter.setSwitchUserMatcher(antMatcher(HttpMethod.GET, "/impersonate"));
     filter.setExitUserMatcher(antMatcher(HttpMethod.GET, "/impersonate/exit"));
@@ -587,7 +587,7 @@ To add impersonation for a Vaadin application, create the [classname]`SwitchUser
 ----
 
 [NOTE]
-The bean should depend on `VaadinSecurityContextHolderStrategy` bean. If the [classname]`SwitchUserFilter` is initialized first, the wrong security holder is used and the feature won't work.
+The bean should use `VaadinSecurityContextHolderStrategy` bean to work properly. If the [classname]`SwitchUserFilter` is initialized differently, the wrong security holder is used and the feature won't work. If your are not using `VaadinWebSecurity` as base class for your security configuration, you might need to add `@Import(VaadinAwareSecurityContextHolderStrategyConfiguration.class)` on top of your class.
 
 To secure the impersonation endpoints, add to the [classname]`VaadinWebSecurity` implementation [methodname]`configure(HttpSecurity http)` the matchers like so: