JAVA-14871 Update spring-security-web-rest-basic-auth module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#12798)

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/filter/CustomWebSecurityConfigurerAdapter.java

@@ -1,20 +1,21 @@
 package com.baeldung.filter;
 
-import com.baeldung.security.RestAuthenticationEntryPoint;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 
+import com.baeldung.security.RestAuthenticationEntryPoint;
+
 @Configuration
 @EnableWebSecurity
-public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+public class CustomWebSecurityConfigurerAdapter {
 
     @Autowired private RestAuthenticationEntryPoint authenticationEntryPoint;
 
@@ -27,10 +28,9 @@ public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAda
           .authorities("ROLE_USER");
     }
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+        http.authorizeRequests()
-          .authorizeRequests()
             .antMatchers("/securityNone")
             .permitAll()
             .anyRequest()
@@ -38,8 +38,8 @@ public class CustomWebSecurityConfigurerAdapter extends WebSecurityConfigurerAda
             .and()
             .httpBasic()
             .authenticationEntryPoint(authenticationEntryPoint);
-
         http.addFilterAfter(new CustomFilter(), BasicAuthenticationFilter.class);
+        return http.build();
     }
     
     @Bean

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryAuthWebSecurityConfigurer.java

@@ -1,27 +1,30 @@
 package com.baeldung.inmemory;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-public class InMemoryAuthWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+public class InMemoryAuthWebSecurityConfigurer {
 
-    @Override
+    @Bean
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService() {
         PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
-        auth.inMemoryAuthentication()
+        UserDetails user = User.withUsername("spring")
-            .passwordEncoder(encoder)
-            .withUser("spring")
             .password(encoder.encode("secret"))
-            .roles("USER");
+            .roles("USER")
+            .build();
+        return new InMemoryUserDetailsManager(user);
     }
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.authorizeRequests()
             .antMatchers("/private/**")
             .authenticated()
@@ -29,6 +32,7 @@ public class InMemoryAuthWebSecurityConfigurer extends WebSecurityConfigurerAdap
             .permitAll()
             .and()
             .httpBasic();
+        return http.build();
     }
 
 }

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/inmemory/InMemoryNoOpAuthWebSecurityConfigurer.java

@@ -1,23 +1,26 @@
 package com.baeldung.inmemory;
 
-import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Bean;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 //@Configuration
-public class InMemoryNoOpAuthWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+public class InMemoryNoOpAuthWebSecurityConfigurer {
 
-    @Override
+    @Bean
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService() {
-        auth.inMemoryAuthentication()
+        UserDetails user = User.withUsername("spring")
-            .withUser("spring")
             .password("{noop}secret")
-            .roles("USER");
+            .roles("USER")
+            .build();
+        return new InMemoryUserDetailsManager(user);
     }
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.authorizeRequests()
             .antMatchers("/private/**")
             .authenticated()
@@ -25,5 +28,6 @@ public class InMemoryNoOpAuthWebSecurityConfigurer extends WebSecurityConfigurer
             .permitAll()
             .and()
             .httpBasic();
+        return http.build();
     }
 }

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/passwordstorage/PasswordStorageWebSecurityConfigurer.java

@@ -1,9 +1,14 @@
 package com.baeldung.passwordstorage;
 
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@@ -14,18 +19,16 @@ import org.springframework.security.crypto.password.StandardPasswordEncoder;
 import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
 @Configuration
-public class PasswordStorageWebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+public class PasswordStorageWebSecurityConfigurer {
 
-    @Override
+    @Bean
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public AuthenticationManager authManager(HttpSecurity http) throws Exception {
-        auth.eraseCredentials(false) // 4
+        AuthenticationManagerBuilder authenticationManagerBuilder = http.getSharedObject(AuthenticationManagerBuilder.class);
+        authenticationManagerBuilder.eraseCredentials(false)
             .userDetailsService(getUserDefaultDetailsService())
             .passwordEncoder(passwordEncoder());
+        return authenticationManagerBuilder.build();
     }
 
     @Bean

spring-security-modules/spring-security-web-rest-basic-auth/src/main/java/com/baeldung/postman/basic/PostmanBasicAuthConfig.java

@@ -1,16 +1,17 @@
 package com.baeldung.postman.basic;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-public class PostmanBasicAuthConfig extends WebSecurityConfigurerAdapter {
+public class PostmanBasicAuthConfig {
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.csrf()
             .disable()
             .authorizeRequests()
@@ -18,6 +19,7 @@ public class PostmanBasicAuthConfig extends WebSecurityConfigurerAdapter {
             .authenticated()
             .and()
             .httpBasic();
+        return http.build();
     }
 
     @Autowired