Merge pull request #12736 from anuragkumawat/JAVA-14676

JAVA-14676 Update spring-boot-security module under spring-boot-modules to remove usage of deprecated WebSecurityConfigurerAdapter

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/globalmethod/AnnotationSecuredStaticResourceConfig.java

@@ -2,16 +2,13 @@ package com.baeldung.annotations.globalmethod;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 
 
 @Configuration
 @EnableWebSecurity
-public class AnnotationSecuredStaticResourceConfig extends WebSecurityConfigurerAdapter {
+public class AnnotationSecuredStaticResourceConfig {
 
     @Bean
     public WebSecurityCustomizer ignoreResources() {

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/annotations/websecurity/CustomWebSecurityConfig.java

@@ -1,29 +1,29 @@
 package com.baeldung.annotations.websecurity;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
-public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class CustomWebSecurityConfig {
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+        http.authorizeRequests()
-          .authorizeRequests()
+            .antMatchers("/admin/**")
-          .antMatchers("/admin/**")
+            .hasRole("ADMIN")
-          .hasRole("ADMIN")
+            .antMatchers("/protected/**")
-          .antMatchers("/protected/**")
+            .hasRole("USER");
-          .hasRole("USER");
+        return http.build();
     }
 
-    @Override
+    @Bean
-    public void configure(WebSecurity web) throws Exception {
+    public WebSecurityCustomizer webSecurityCustomizer() {
-        web
+        return (web) -> web.ignoring()
-          .ignoring()
+            .antMatchers("/public/*");
-          .antMatchers("/public/*");
     }
 }

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/antmatchers/config/SecurityConfiguration.java

@@ -2,21 +2,30 @@ package com.baeldung.antmatchers.config;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
+public class SecurityConfiguration {
 
-    @Override
+    @Bean
-    public void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
-        auth.inMemoryAuthentication()
+        UserDetails admin = User.withUsername("admin")
-                .withUser("admin").password(passwordEncoder().encode("password")).roles("USER", "ADMIN")
+            .password(passwordEncoder.encode("password"))
-                .and()
+            .roles("USER", "ADMIN")
-                .withUser("user").password(passwordEncoder().encode("password")).roles("USER");
+            .build();
+
+        UserDetails user = User.withUsername("user")
+            .password(passwordEncoder.encode("password"))
+            .roles("USER")
+            .build();
+
+        return new InMemoryUserDetailsManager(admin, user);
     }
 
     @Bean
@@ -24,16 +33,19 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
         return new BCryptPasswordEncoder();
     }
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+        http.authorizeRequests()
-                .authorizeRequests()
+            .antMatchers("/products/**")
-                .antMatchers("/products/**").permitAll()
+            .permitAll()
-                .and()
+            .and()
-                .authorizeRequests()
+            .authorizeRequests()
-                .antMatchers("/customers/**").hasRole("ADMIN")
+            .antMatchers("/customers/**")
-                .anyRequest().authenticated()
+            .hasRole("ADMIN")
-                .and()
+            .anyRequest()
-                .httpBasic();
+            .authenticated()
+            .and()
+            .httpBasic();
+        return http.build();
     }
 }

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/integrationtesting/WebSecurityConfigurer.java

@@ -2,28 +2,29 @@ package com.baeldung.integrationtesting;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
-public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfigurer {
 
-    @Override
+    @Bean
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
-        
+        UserDetails user = User.withUsername("spring")
-        BCryptPasswordEncoder encoder = passwordEncoder();
+            .password(passwordEncoder.encode("secret"))
-        
+            .roles("USER")
-        auth.inMemoryAuthentication()
+            .build();
-            .passwordEncoder(encoder)
+
-            .withUser("spring")
+        return new InMemoryUserDetailsManager(user);
-            .password(encoder.encode("secret"))
-            .roles("USER");
     }
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.authorizeRequests()
             .antMatchers("/private/**")
             .hasRole("USER")
@@ -31,6 +32,7 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
             .permitAll()
             .and()
             .httpBasic();
+        return http.build();
     }
 
     @Bean

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/securityprofile/ApplicationNoSecurity.java

@@ -1,17 +1,17 @@
 package com.baeldung.securityprofile;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
 @Configuration
 @Profile("test")
-public class ApplicationNoSecurity extends WebSecurityConfigurerAdapter {
+public class ApplicationNoSecurity {
 
-    @Override
+    @Bean
-    public void configure(WebSecurity web) {
+    public WebSecurityCustomizer webSecurityCustomizer() {
-        web.ignoring().antMatchers("/**");
+        return (web) -> web.ignoring()
+            .antMatchers("/**");
     }
-
 }

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/securityprofile/ApplicationSecurity.java

@@ -1,16 +1,20 @@
 package com.baeldung.securityprofile;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @Profile("prod")
-public class ApplicationSecurity extends WebSecurityConfigurerAdapter {
+public class ApplicationSecurity {
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeRequests().anyRequest().authenticated();
+        http.authorizeRequests()
+            .anyRequest()
+            .authenticated();
+        return http.build();
     }
 }

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springbootsecurity/autoconfig/config/BasicConfiguration.java

@@ -1,38 +1,48 @@
 package com.baeldung.springbootsecurity.autoconfig.config;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
-public class BasicConfiguration extends WebSecurityConfigurerAdapter {
+public class BasicConfiguration {
 
-    @Override
+    @Bean
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
-    	PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
+        UserDetails user = User.withUsername("user")
-    	auth
+            .password(passwordEncoder.encode("password"))
-          .inMemoryAuthentication()
+            .roles("USER")
-          .withUser("user")
+            .build();
-          .password(encoder.encode("password"))
+
-          .roles("USER")
+        UserDetails admin = User.withUsername("admin")
-          .and()
+            .password(passwordEncoder.encode("admin"))
-          .withUser("admin")
+            .roles("USER", "ADMIN")
-          .password(encoder.encode("admin"))
+            .build();
-          .roles("USER", "ADMIN");
+
+        return new InMemoryUserDetailsManager(user, admin);
     }
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+        http.authorizeRequests()
-          .authorizeRequests()
+            .anyRequest()
-          .anyRequest()
+            .authenticated()
-          .authenticated()
+            .and()
-          .and()
+            .httpBasic();
-          .httpBasic();
+        return http.build();
+    }
+
+    @Bean
+    public PasswordEncoder passwordEncoder() {
+        PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
+        return encoder;
     }
 }

spring-boot-modules/spring-boot-security/src/main/java/com/baeldung/springsecuritytaglibs/config/SpringBootSecurityTagLibsConfig.java

@@ -2,37 +2,43 @@ package com.baeldung.springsecuritytaglibs.config;
 
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
-public class SpringBootSecurityTagLibsConfig extends WebSecurityConfigurerAdapter {
+public class SpringBootSecurityTagLibsConfig {
 
-    @Override
+    @Bean
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
-        BCryptPasswordEncoder encoder = passwordEncoder();
+        UserDetails user = User.withUsername("testUser")
-        auth.inMemoryAuthentication()
+            .password(passwordEncoder.encode("password"))
-            .passwordEncoder(encoder)
+            .roles("ADMIN")
-            .withUser("testUser")
+            .build();
-            .password(encoder.encode("password"))
+
-            .roles("ADMIN");
+        return new InMemoryUserDetailsManager(user);
     }
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        // @formatter:off
         http.csrf()
-                .and()
+            .and()
             .authorizeRequests()
-                .antMatchers("/userManagement").hasRole("ADMIN")
+            .antMatchers("/userManagement")
-                .anyRequest().permitAll().and().httpBasic();
+            .hasRole("ADMIN")
-        // @formatter:on
+            .anyRequest()
+            .permitAll()
+            .and()
+            .httpBasic();
+        return http.build();
     }
-    
+
     @Bean
     public BCryptPasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/antmatchers/controllers/CustomerControllerIntegrationTest.java

@@ -1,36 +1,41 @@
 package com.baeldung.antmatchers.controllers;
 
-import org.junit.jupiter.api.Test;
-import org.junit.runner.RunWith;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
-import org.springframework.test.context.junit4.SpringRunner;
-import org.springframework.test.web.servlet.MockMvc;
-
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.servlet.MockMvc;
+
+import com.baeldung.antmatchers.AntMatchersExampleApplication;
+import com.baeldung.antmatchers.config.SecurityConfiguration;
+
 @RunWith(SpringRunner.class)
 @WebMvcTest(value = CustomerController.class)
-class CustomerControllerIntegrationTest {
+@ContextConfiguration(classes = { AntMatchersExampleApplication.class, SecurityConfiguration.class })
+public class CustomerControllerIntegrationTest {
 
     @Autowired
     private MockMvc mockMvc;
 
     @Test
-    void getCustomerByIdUnauthorized() throws Exception {
+    public void getCustomerByIdUnauthorized() throws Exception {
         mockMvc.perform(get("/customers/1")).andExpect(status().isUnauthorized());
     }
 
     @Test
-    void getCustomerByIdForbidden() throws Exception {
+    public void getCustomerByIdForbidden() throws Exception {
         mockMvc.perform(get("/customers/1").with(user("user").roles("USER")))
           .andExpect(status().isForbidden());
     }
 
     @Test
-    void getCustomerByIdOk() throws Exception {
+    public void getCustomerByIdOk() throws Exception {
         mockMvc.perform(get("/customers/1").with(user("admin").roles("ADMIN")))
           .andExpect(status().isOk());
     }

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/antmatchers/controllers/ProductControllerIntegrationTest.java

@@ -1,24 +1,29 @@
 package com.baeldung.antmatchers.controllers;
 
-import org.junit.jupiter.api.Test;
+import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
+import com.baeldung.antmatchers.AntMatchersExampleApplication;
+import com.baeldung.antmatchers.config.SecurityConfiguration;
+
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 @RunWith(SpringRunner.class)
 @WebMvcTest(value = ProductController.class)
-class ProductControllerIntegrationTest {
+@ContextConfiguration(classes = { AntMatchersExampleApplication.class, SecurityConfiguration.class })
+public class ProductControllerIntegrationTest {
 
     @Autowired
     private MockMvc mockMvc;
 
     @Test
-    void getProducts() throws Exception {
+    public void getProducts() throws Exception {
         mockMvc.perform(get("/products"))
           .andExpect(status().isOk());
     }

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/securityprofile/EmployeeControllerNoSecurityUnitTest.java

@@ -5,6 +5,7 @@ import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
@@ -14,6 +15,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @RunWith(SpringRunner.class)
 @WebMvcTest(value = EmployeeController.class)
 @ActiveProfiles("test")
+@ContextConfiguration(classes = { Application.class, ApplicationNoSecurity.class })
 public class EmployeeControllerNoSecurityUnitTest {
 
     @Autowired

spring-boot-modules/spring-boot-security/src/test/java/com/baeldung/securityprofile/EmployeeControllerUnitTest.java

@@ -5,6 +5,7 @@ import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
 import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
@@ -14,6 +15,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @RunWith(SpringRunner.class)
 @WebMvcTest(value = EmployeeController.class)
 @ActiveProfiles("prod")
+@ContextConfiguration(classes = { Application.class, ApplicationSecurity.class })
 public class EmployeeControllerUnitTest {
 
     @Autowired