From 2e6b17b85336d0338afb8426ae53188812407edc Mon Sep 17 00:00:00 2001
From: gaepi <gae.piaz@gmail.com>
Date: Mon, 27 Nov 2023 11:31:41 +0100
Subject: [PATCH 1/3] JAVA-27656 | spring-boot-modules fix

---
 .../baeldung/caffeine/SecurityConfiguration.java   | 13 +++++++------
 .../boot/management/logging/SecurityConfig.java    | 14 ++++++++------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/spring-boot-modules/spring-boot-libraries/src/main/java/com/baeldung/caffeine/SecurityConfiguration.java b/spring-boot-modules/spring-boot-libraries/src/main/java/com/baeldung/caffeine/SecurityConfiguration.java
index 7f3ad7988f..e63726c926 100644
--- a/spring-boot-modules/spring-boot-libraries/src/main/java/com/baeldung/caffeine/SecurityConfiguration.java
+++ b/spring-boot-modules/spring-boot-libraries/src/main/java/com/baeldung/caffeine/SecurityConfiguration.java
@@ -1,9 +1,10 @@
 package com.baeldung.caffeine;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 /**
  * Because the POM imports Spring Security, we need a simple security
@@ -11,14 +12,14 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
  */
 @Configuration
 @EnableWebSecurity
-public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class SecurityConfiguration {
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain securityFilter(HttpSecurity http) throws Exception {
         http.csrf().disable();
 
-        http.authorizeRequests()
+        return http.authorizeRequests()
                 .antMatchers("/**")
-                .permitAll();
+                .permitAll().and().build();
     }
 }
diff --git a/spring-boot-modules/spring-boot-runtime/src/main/java/com/baeldung/spring/boot/management/logging/SecurityConfig.java b/spring-boot-modules/spring-boot-runtime/src/main/java/com/baeldung/spring/boot/management/logging/SecurityConfig.java
index 45cc1ebb33..6870f4e6bb 100644
--- a/spring-boot-modules/spring-boot-runtime/src/main/java/com/baeldung/spring/boot/management/logging/SecurityConfig.java
+++ b/spring-boot-modules/spring-boot-runtime/src/main/java/com/baeldung/spring/boot/management/logging/SecurityConfig.java
@@ -1,14 +1,16 @@
 package com.baeldung.spring.boot.management.logging;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf()
-            .ignoringAntMatchers("/actuator/**");
+public class SecurityConfig {
+    @Bean
+    public SecurityFilterChain securityFilter(HttpSecurity http) throws Exception {
+        return http.csrf()
+            .ignoringAntMatchers("/actuator/**").and()
+            .build();
     }
 }

From 8dd4651db582818e56bcd2c812ee76ef8996db47 Mon Sep 17 00:00:00 2001
From: gaepi <gae.piaz@gmail.com>
Date: Mon, 27 Nov 2023 11:48:10 +0100
Subject: [PATCH 2/3] JAVA-27656 | removing WebSecurityConfigurerAdapter from
 spring-web-modules/spring-thymeleaf

---
 .../thymeleaf/config/WebMVCSecurity.java      | 41 ++++++++-----------
 1 file changed, 18 insertions(+), 23 deletions(-)

diff --git a/spring-web-modules/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCSecurity.java b/spring-web-modules/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCSecurity.java
index ea51ca3cd9..074cc20be1 100644
--- a/spring-web-modules/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCSecurity.java
+++ b/spring-web-modules/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCSecurity.java
@@ -2,42 +2,37 @@ package com.baeldung.thymeleaf.config;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
-public class WebMVCSecurity extends WebSecurityConfigurerAdapter {
+public class WebMVCSecurity {
 
     @Bean
-    @Override
-    public AuthenticationManager authenticationManagerBean() throws Exception {
-        return super.authenticationManagerBean();
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user = User.withUsername("user1")
+            .password("{noop}user1Pass")
+            .authorities("USER")
+            .build();
+        return new InMemoryUserDetailsManager(user);
     }
 
-    public WebMVCSecurity() {
-        super();
+    @Bean
+    public WebSecurityCustomizer webSecurityCustomizer() {
+        return (web) -> web.ignoring().antMatchers("/resources/**");
     }
 
-    @Override
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication().withUser("user1").password("{noop}user1Pass").authorities("ROLE_USER");
-    }
-
-    @Override
-    public void configure(final WebSecurity web) throws Exception {
-        web.ignoring().antMatchers("/resources/**");
-    }
-
-    @Override
-    protected void configure(final HttpSecurity http) throws Exception {
-        http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
+    @Bean
+    public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception {
+        return http.authorizeRequests().anyRequest().authenticated().and().httpBasic().and().build();
     }
 
 }

From 4151b9ce706ae13764d445df9c28d28f8488ecb3 Mon Sep 17 00:00:00 2001
From: gaepi <gae.piaz@gmail.com>
Date: Mon, 27 Nov 2023 12:00:26 +0100
Subject: [PATCH 3/3] JAVA-27656 | removing WebSecurityConfigurerAdapter

---
 .../OAuth2WebSecurityConfigurerAdapter.java          | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/spring-cloud-modules/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuth2WebSecurityConfigurerAdapter.java b/spring-cloud-modules/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuth2WebSecurityConfigurerAdapter.java
index af60c3849b..6efacc03b1 100644
--- a/spring-cloud-modules/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuth2WebSecurityConfigurerAdapter.java
+++ b/spring-cloud-modules/spring-cloud-openfeign/src/main/java/com/baeldung/cloud/openfeign/oauthfeign/OAuth2WebSecurityConfigurerAdapter.java
@@ -1,19 +1,23 @@
 package com.baeldung.cloud.openfeign.oauthfeign;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-public class OAuth2WebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+public class OAuth2WebSecurityConfigurerAdapter {
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             .csrf()
             .disable()
             .oauth2Client();
+
         http
             .authorizeRequests().anyRequest().permitAll();
+
+        return http.build();
     }
 }