From 32e34e537b0de71aecc40c6da49a932a75a10bd9 Mon Sep 17 00:00:00 2001
From: anuragkumawat <anuragkumawat7@gmail.com>
Date: Wed, 23 Nov 2022 23:38:45 +0530
Subject: [PATCH] JAVA-14888 Update apache-shiro module under security-modules
 to remove usage of deprecated WebSecurityConfigurerAdapter (#13059)

---
 .../springsecurity/config/SecurityConfig.java | 42 +++++++++++--------
 1 file changed, 24 insertions(+), 18 deletions(-)

diff --git a/security-modules/apache-shiro/src/main/java/com/baeldung/comparison/springsecurity/config/SecurityConfig.java b/security-modules/apache-shiro/src/main/java/com/baeldung/comparison/springsecurity/config/SecurityConfig.java
index d838eef9b3..a244af0294 100644
--- a/security-modules/apache-shiro/src/main/java/com/baeldung/comparison/springsecurity/config/SecurityConfig.java
+++ b/security-modules/apache-shiro/src/main/java/com/baeldung/comparison/springsecurity/config/SecurityConfig.java
@@ -1,40 +1,46 @@
 package com.baeldung.comparison.springsecurity.config;
 
 import org.springframework.context.annotation.Bean;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 @EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable().authorizeRequests(authorize -> authorize.antMatchers("/index", "/login")
-            .permitAll()
-            .antMatchers("/home", "/logout")
-            .authenticated()
-            .antMatchers("/admin/**")
-            .hasRole("ADMIN"))
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.csrf()
+            .disable()
+            .authorizeRequests(authorize -> authorize.antMatchers("/index", "/login")
+                .permitAll()
+                .antMatchers("/home", "/logout")
+                .authenticated()
+                .antMatchers("/admin/**")
+                .hasRole("ADMIN"))
             .formLogin(formLogin -> formLogin.loginPage("/login")
                 .failureUrl("/login-error"));
+        return http.build();
     }
 
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.inMemoryAuthentication()
-            .withUser("Jerry")
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() throws Exception {
+        UserDetails jerry = User.withUsername("Jerry")
             .password(passwordEncoder().encode("password"))
             .authorities("READ", "WRITE")
             .roles("ADMIN")
-            .and()
-            .withUser("Tom")
+            .build();
+        UserDetails tom = User.withUsername("Tom")
             .password(passwordEncoder().encode("password"))
             .authorities("READ")
-            .roles("USER");
+            .roles("USER")
+            .build();
+        return new InMemoryUserDetailsManager(jerry, tom);
     }
 
     @Bean