JAVA-14872 Update jee-7-security module under security-modules to remove usage of deprecated WebSecurityConfigurerAdapter (#13008)

anuragkumawat · web-flow · commit 447b0d2f0317 · 2022-11-18T00:07:19.000+05:30
diff --git a/security-modules/jee-7-security/pom.xml b/security-modules/jee-7-security/pom.xml
@@ -55,7 +55,7 @@
 
     <properties>
         <javaee_api.version>7.0</javaee_api.version>
-        <org.springframework.security.version>4.2.3.RELEASE</org.springframework.security.version>
+        <org.springframework.security.version>5.7.5</org.springframework.security.version>
         <javax.mvc-api.version>1.0-pr</javax.mvc-api.version>
     </properties>
 
diff --git a/security-modules/jee-7-security/src/main/java/com/baeldung/springsecurity/SpringSecurityConfig.java b/security-modules/jee-7-security/src/main/java/com/baeldung/springsecurity/SpringSecurityConfig.java
@@ -1,46 +1,50 @@
 package com.baeldung.springsecurity;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
-public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth
-          .inMemoryAuthentication()
-          .withUser("user1")
-          .password("user1Pass")
-          .roles("USER")
-          .and()
-          .withUser("admin")
-          .password("adminPass")
-          .roles("ADMIN");
+public class SpringSecurityConfig {
+
+    @Bean
+    public InMemoryUserDetailsManager userDetailsService() {
+        UserDetails user = User.withUsername("user1")
+            .password("{noop}user1Pass")
+            .roles("USER")
+            .build();
+        UserDetails admin = User.withUsername("admin")
+            .password("{noop}adminPass")
+            .roles("ADMIN")
+            .build();
+        return new InMemoryUserDetailsManager(user, admin);
     }
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http
-          .csrf()
-          .disable()
-          .authorizeRequests()
-          .antMatchers("/auth/login*")
-          .anonymous()
-          .antMatchers("/home/admin*")
-          .hasRole("ADMIN")
-          .anyRequest()
-          .authenticated()
-          .and()
-          .formLogin()
-          .loginPage("/auth/login")
-          .defaultSuccessUrl("/home", true)
-          .failureUrl("/auth/login?error=true")
-          .and()
-          .logout()
-          .logoutSuccessUrl("/auth/login");
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http.csrf()
+            .disable()
+            .authorizeRequests()
+            .antMatchers("/auth/login*")
+            .anonymous()
+            .antMatchers("/home/admin*")
+            .hasRole("ADMIN")
+            .anyRequest()
+            .authenticated()
+            .and()
+            .formLogin()
+            .loginPage("/auth/login")
+            .defaultSuccessUrl("/home", true)
+            .failureUrl("/auth/login?error=true")
+            .and()
+            .logout()
+            .logoutSuccessUrl("/auth/login");
+        return http.build();
     }
 }
