JAVA-14898 Update spring-security-web-mvc module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#13048)

spring-security-modules/spring-security-web-mvc/src/main/java/com/baeldung/clearsitedata/SpringSecurityConfig.java

@@ -1,26 +1,26 @@
 package com.baeldung.clearsitedata;
 
 
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
-import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
-
 import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.CACHE;
 import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.COOKIES;
 import static org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter.Directive.STORAGE;
 
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
+import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
+
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+public class SpringSecurityConfig {
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
 
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.csrf()
             .disable()
             .formLogin()
@@ -28,8 +28,9 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
             .loginProcessingUrl("/perform_login")
             .defaultSuccessUrl("/homepage.html", true)
             .and()
-            .logout().logoutUrl("/baeldung/logout")
+            .logout()
-            .addLogoutHandler(new HeaderWriterLogoutHandler(
+            .logoutUrl("/baeldung/logout")
-              new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE)));
+            .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(CACHE, COOKIES, STORAGE)));
+        return http.build();
     }
 }

spring-security-modules/spring-security-web-mvc/src/main/java/com/baeldung/session/security/config/SecSecurityConfig.java

@@ -2,12 +2,14 @@ package com.baeldung.session.security.config;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
 import org.springframework.security.web.session.HttpSessionEventPublisher;
 
@@ -15,50 +17,56 @@ import com.baeldung.security.MySimpleUrlAuthenticationSuccessHandler;
 
 @Configuration
 // @ImportResource({ "classpath:webSecurityConfig.xml" })
-public class SecSecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecSecurityConfig {
 
-    public SecSecurityConfig() {
+    @Bean
-        super();
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user1 = User.withUsername("user1")
+            .password(passwordEncoder().encode("user1Pass"))
+            .roles("USER")
+            .build();
+
+        UserDetails admin1 = User.withUsername("admin1")
+            .password(passwordEncoder().encode("admin1Pass"))
+            .roles("ADMIN")
+            .build();
+
+        return new InMemoryUserDetailsManager(user1, admin1);
     }
 
-    @Override
+    @Bean
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        // @formatter:off
+        http.csrf()
-        auth.inMemoryAuthentication()
+            .disable()
-        .withUser("user1").password(passwordEncoder().encode("user1Pass")).roles("USER")
+            .authorizeRequests()
-        .and()
+            .antMatchers("/anonymous*")
-        .withUser("admin1").password(passwordEncoder().encode("admin1Pass")).roles("ADMIN");
+            .anonymous()
-        // @formatter:on
+            .antMatchers("/login*", "/invalidSession*", "/sessionExpired*", "/foo/**")
-    }
+            .permitAll()
-
+            .anyRequest()
-    @Override
+            .authenticated()
-    protected void configure(final HttpSecurity http) throws Exception {
+            .and()
-        // @formatter:off
+            .formLogin()
-        http
+            .loginPage("/login.html")
-        .csrf().disable()
+            .loginProcessingUrl("/login")
-        .authorizeRequests()
+            .successHandler(successHandler())
-        .antMatchers("/anonymous*").anonymous()
+            .failureUrl("/login.html?error=true")
-        .antMatchers("/login*","/invalidSession*", "/sessionExpired*", "/foo/**").permitAll()
+            .and()
-        .anyRequest().authenticated()
+            .logout()
-        .and()
+            .deleteCookies("JSESSIONID")
-        .formLogin()
+            .and()
-        .loginPage("/login.html")
+            .rememberMe()
-        .loginProcessingUrl("/login")
+            .key("uniqueAndSecret")
-        .successHandler(successHandler())
+            .tokenValiditySeconds(86400)
-        .failureUrl("/login.html?error=true")
+            .and()
-        .and()
+            .sessionManagement()
-        .logout().deleteCookies("JSESSIONID")
+            .sessionFixation()
-        .and()
+            .migrateSession()
-        .rememberMe().key("uniqueAndSecret").tokenValiditySeconds(86400)
+            .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
-        .and()
+            .invalidSessionUrl("/invalidSession.html")
-        .sessionManagement()
+            .maximumSessions(2)
-        .sessionFixation().migrateSession()
+            .expiredUrl("/sessionExpired.html");
-        .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
+        return http.build();
-        .invalidSessionUrl("/invalidSession.html")
-        .maximumSessions(2)
-        .expiredUrl("/sessionExpired.html");
-
-        // @formatter:on
     }
 
     private AuthenticationSuccessHandler successHandler() {