Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity

Closes gh-11277
2022-07-29 14:29:45 -05:00 · 2022-07-29 14:29:45 -05:00 · 09173c95d6
parent 24033be046
commit 09173c95d6
1 changed files with 25 additions and 17 deletions
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -26,48 +26,56 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
 import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 /**
 * Add this annotation to an {@code @Configuration} class to have the Spring Security
- * configuration defined in any {@link WebSecurityConfigurer} or more likely by extending
+ * configuration defined in any {@link WebSecurityConfigurer} or more likely by exposing a
- * the {@link WebSecurityConfigurerAdapter} base class and overriding individual methods:
+ * {@link SecurityFilterChain} bean:
 *
 * <pre class="code">
 * &#064;Configuration
 * &#064;EnableWebSecurity
- * public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+ * public class MyWebSecurityConfiguration {
 *
- * 	&#064;Override
+ * 	&#064;Bean
- * 	public void configure(WebSecurity web) throws Exception {
+ * 	public WebSecurityCustomizer webSecurityCustomizer() {
- * 		web.ignoring()
+ * 		return (web) -> web.ignoring()
 * 		// Spring Security should completely ignore URLs starting with /resources/
 * 				.antMatchers(&quot;/resources/**&quot;);
 * 	}
 *
- * 	&#064;Override
+ * 	&#064;Bean
- * 	protected void configure(HttpSecurity http) throws Exception {
+ * 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 * 		http.authorizeRequests().antMatchers(&quot;/public/**&quot;).permitAll().anyRequest()
 * 				.hasRole(&quot;USER&quot;).and()
 * 				// Possibly more configuration ...
 * 				.formLogin() // enable form based log in
 * 				// set permitAll for all URLs associated with Form Login
 * 				.permitAll();
 * 		return http.build();
 * 	}
 *
- * 	&#064;Override
+ * 	&#064;Bean
- * 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ * 	public UserDetailsService userDetailsService() {
- * 		auth
+ * 		UserDetails user = User.withDefaultPasswordEncoder()
- * 		// enable in memory based authentication with a user named &quot;user&quot; and &quot;admin&quot;
+ * 			.username(&quot;user&quot;)
- * 		.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;)
+ * 			.password(&quot;password&quot;)
- * 				.and().withUser(&quot;admin&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;, &quot;ADMIN&quot;);
+ * 			.roles(&quot;USER&quot;)
 * 			.build();
 * 		UserDetails admin = User.withDefaultPasswordEncoder()
 * 			.username(&quot;admin&quot;)
 * 			.password(&quot;password&quot;)
 * 			.roles(&quot;ADMIN&quot;, &quot;USER&quot;)
 * 			.build();
 * 		return new InMemoryUserDetailsManager(user, admin);
 * 	}
 *
- * 	// Possibly more overridden methods ...
+ * 	// Possibly more bean methods ...
 * }
 * </pre>
 *
 * @see WebSecurityConfigurer
 * @see WebSecurityConfigurerAdapter
 *
 * @author Rob Winch
 * @since 3.2