Merge pull request #12745 from anuragkumawat/JAVA-14866

JAVA-14866 Update spring-security-core module under spring-security-modules to remove usage of deprecated WebSecurityConfigurerAdapter

spring-security-modules/spring-security-core/src/main/java/com/baeldung/app/config/WebSecurityConfig.java

@@ -1,32 +1,55 @@
 package com.baeldung.app.config;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
 
-    @Override
+    @Bean
-    protected void configure(HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http.authorizeRequests().antMatchers("/css/**", "/js/**", "/loggedout").permitAll().anyRequest().authenticated().and().httpBasic().and().logout().disable().csrf().disable();
+        http.authorizeRequests()
+            .antMatchers("/css/**", "/js/**", "/loggedout")
+            .permitAll()
+            .anyRequest()
+            .authenticated()
+            .and()
+            .httpBasic()
+            .and()
+            .logout()
+            .disable()
+            .csrf()
+            .disable();
+        return http.build();
     }
 
-    @Autowired
+    @Bean
-    public void configureGlobal(AuthenticationManagerBuilder auth, PasswordEncoder passwordEncoder) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
-        auth.inMemoryAuthentication()
+        UserDetails jim = User.withUsername("jim")
-            .withUser("jim").password(passwordEncoder.encode("jim")).roles("USER", "ACTUATOR")
+            .password(passwordEncoder.encode("jim"))
-            .and().withUser("pam").password(passwordEncoder.encode("pam")).roles("USER")
+            .roles("USER", "ACTUATOR")
-            .and().withUser("michael").password(passwordEncoder.encode("michael")).roles("MANAGER");
+            .build();
-    }
 
+        UserDetails pam = User.withUsername("pam")
+            .password(passwordEncoder.encode("pam"))
+            .roles("USER")
+            .build();
+
+        UserDetails michael = User.withUsername("michael")
+            .password(passwordEncoder.encode("michael"))
+            .roles("MANAGER")
+            .build();
+
+        return new InMemoryUserDetailsManager(jim, pam, michael);
+    }
 }

spring-security-modules/spring-security-core/src/main/java/com/baeldung/filterresponse/config/AppConfig.java

@@ -3,12 +3,14 @@ package com.baeldung.filterresponse.config;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@@ -16,23 +18,33 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 @EnableWebMvc
 @EnableWebSecurity
 @ComponentScan("com.baeldung.filterresponse")
-public class AppConfig extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {
+public class AppConfig implements WebMvcConfigurer {
 
-    @Override
+    @Bean
-    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+    public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
-        auth.inMemoryAuthentication()
+        UserDetails user = User.withUsername("user")
-                .withUser("user").password(passwordEncoder().encode("userPass")).roles("USER")
+            .password(passwordEncoder.encode("userPass"))
-                .and()
+            .roles("USER")
-                .withUser("admin").password(passwordEncoder().encode("adminPass")).roles("ADMIN");
+            .build();
+
+        UserDetails admin = User.withUsername("admin")
+            .password(passwordEncoder.encode("adminPass"))
+            .roles("ADMIN")
+            .build();
+
+        return new InMemoryUserDetailsManager(user, admin);
     }
 
-    @Override
+    @Bean
-    protected void configure(final HttpSecurity http) throws Exception {
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-        http
+        http.csrf()
-                .csrf().disable()
+            .disable()
-                .authorizeRequests()
+            .authorizeRequests()
-                .anyRequest().authenticated()
+            .anyRequest()
-                .and().httpBasic();
+            .authenticated()
+            .and()
+            .httpBasic();
+        return http.build();
     }
 
     @Bean
@@ -40,8 +52,6 @@ public class AppConfig extends WebSecurityConfigurerAdapter implements WebMvcCon
         return new BCryptPasswordEncoder();
     }
 
-
-
     public enum Role {
         ROLE_USER,
         ROLE_ADMIN