Remove references to WebSecurityConfigurerAdapter in EnableWebSecurity

Closes gh-11277
spring-projects · Jul 29, 2022 · 05725af · 05725af
1 parent 4fbbfd2
commit 05725af
Showing 1 changed file with 25 additions and 17 deletions.
diff --git a/...a/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java b/...a/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,48 +26,56 @@
 import org.springframework.context.annotation.Import;
 import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
 import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
 
 /**
  * Add this annotation to an {@code @Configuration} class to have the Spring Security
- * configuration defined in any {@link WebSecurityConfigurer} or more likely by extending
- * the {@link WebSecurityConfigurerAdapter} base class and overriding individual methods:
+ * configuration defined in any {@link WebSecurityConfigurer} or more likely by exposing a
+ * {@link SecurityFilterChain} bean:
  *
  * <pre class="code">
  * &#064;Configuration
  * &#064;EnableWebSecurity
- * public class MyWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+ * public class MyWebSecurityConfiguration {
  *
- * 	&#064;Override
- * 	public void configure(WebSecurity web) throws Exception {
- * 		web.ignoring()
+ * 	&#064;Bean
+ * 	public WebSecurityCustomizer webSecurityCustomizer() {
+ * 		return (web) -> web.ignoring()
  * 		// Spring Security should completely ignore URLs starting with /resources/
  * 				.antMatchers(&quot;/resources/**&quot;);
  * 	}
  *
- * 	&#064;Override
- * 	protected void configure(HttpSecurity http) throws Exception {
+ * 	&#064;Bean
+ * 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
  * 		http.authorizeRequests().antMatchers(&quot;/public/**&quot;).permitAll().anyRequest()
  * 				.hasRole(&quot;USER&quot;).and()
  * 				// Possibly more configuration ...
  * 				.formLogin() // enable form based log in
  * 				// set permitAll for all URLs associated with Form Login
  * 				.permitAll();
+ * 		return http.build();
  * 	}
  *
- * 	&#064;Override
- * 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- * 		auth
- * 		// enable in memory based authentication with a user named &quot;user&quot; and &quot;admin&quot;
- * 		.inMemoryAuthentication().withUser(&quot;user&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;)
- * 				.and().withUser(&quot;admin&quot;).password(&quot;password&quot;).roles(&quot;USER&quot;, &quot;ADMIN&quot;);
+ * 	&#064;Bean
+ * 	public UserDetailsService userDetailsService() {
+ * 		UserDetails user = User.withDefaultPasswordEncoder()
+ * 			.username(&quot;user&quot;)
+ * 			.password(&quot;password&quot;)
+ * 			.roles(&quot;USER&quot;)
+ * 			.build();
+ * 		UserDetails admin = User.withDefaultPasswordEncoder()
+ * 			.username(&quot;admin&quot;)
+ * 			.password(&quot;password&quot;)
+ * 			.roles(&quot;ADMIN&quot;, &quot;USER&quot;)
+ * 			.build();
+ * 		return new InMemoryUserDetailsManager(user, admin);
  * 	}
  *
- * 	// Possibly more overridden methods ...
+ * 	// Possibly more bean methods ...
  * }
  * </pre>
  *
  * @see WebSecurityConfigurer
- * @see WebSecurityConfigurerAdapter
  *
  * @author Rob Winch
  * @since 3.2