From 41ca1a2278996860695ced8cd092283897c43a4b Mon Sep 17 00:00:00 2001
From: anuragkumawat <anuragkumawat7@gmail.com>
Date: Wed, 19 Oct 2022 00:55:42 +0530
Subject: [PATCH] JAVA-14878 Update spring-security-web-login-2 under
 spring-security-modules to remove usage of deprecated
 WebSecurityConfigurerAdapter (#12877)

---
 .../securityconfig/SpringSecurityConfig.java  | 11 ++---
 .../SimpleSecurityConfiguration.java          | 40 +++++++++++--------
 .../LogoutApplicationUnitTest.java            |  3 +-
 .../ManualLogoutIntegrationTest.java          |  2 +-
 4 files changed, 33 insertions(+), 23 deletions(-)

diff --git a/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java b/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java
index 64141f63d8..ae2cdc20ec 100644
--- a/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java
+++ b/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/logoutredirects/securityconfig/SpringSecurityConfig.java
@@ -2,17 +2,18 @@ package com.baeldung.logoutredirects.securityconfig;
 
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
 @EnableWebSecurity
-public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
+public class SpringSecurityConfig {
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http.authorizeRequests(authz -> authz.mvcMatchers("/login")
             .permitAll()
             .anyRequest()
@@ -21,7 +22,7 @@ public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
                 .logoutSuccessHandler((request, response, authentication) -> {
                     response.setStatus(HttpServletResponse.SC_OK);
                 }));
-
+        return http.build();
     }
 
 }
diff --git a/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java b/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java
index 303a139215..3991d9a264 100644
--- a/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java
+++ b/spring-security-modules/spring-security-web-login-2/src/main/java/com/baeldung/manuallogout/SimpleSecurityConfiguration.java
@@ -10,11 +10,12 @@ import javax.servlet.http.Cookie;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.logout.HeaderWriterLogoutHandler;
 import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
 import org.springframework.security.web.header.writers.ClearSiteDataHeaderWriter;
@@ -27,9 +28,10 @@ public class SimpleSecurityConfiguration {
 
     @Order(4)
     @Configuration
-    public static class LogoutOnRequestConfiguration extends WebSecurityConfigurerAdapter {
-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
+    public static class LogoutOnRequestConfiguration {
+
+        @Bean
+        public SecurityFilterChain filterChainLogoutOnRequest(HttpSecurity http) throws Exception {
             http.antMatcher("/request/**")
                 .authorizeRequests(authz -> authz.anyRequest()
                     .permitAll())
@@ -41,26 +43,30 @@ public class SimpleSecurityConfiguration {
                             logger.error(e.getMessage());
                         }
                     }));
+            return http.build();
         }
     }
 
     @Order(3)
     @Configuration
-    public static class DefaultLogoutConfiguration extends WebSecurityConfigurerAdapter {
-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
+    public static class DefaultLogoutConfiguration {
+        
+        @Bean
+        public SecurityFilterChain filterChainDefaultLogout(HttpSecurity http) throws Exception {
             http.antMatcher("/basic/**")
-                .authorizeRequests(authz -> authz.anyRequest()
-                    .permitAll())
-                .logout(logout -> logout.logoutUrl("/basic/basiclogout"));
+            .authorizeRequests(authz -> authz.anyRequest()
+                .permitAll())
+            .logout(logout -> logout.logoutUrl("/basic/basiclogout"));
+            return http.build();
         }
     }
 
     @Order(2)
     @Configuration
-    public static class AllCookieClearingLogoutConfiguration extends WebSecurityConfigurerAdapter {
-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
+    public static class AllCookieClearingLogoutConfiguration {
+
+        @Bean
+        public SecurityFilterChain filterChainAllCookieClearing(HttpSecurity http) throws Exception {
             http.antMatcher("/cookies/**")
                 .authorizeRequests(authz -> authz.anyRequest()
                     .permitAll())
@@ -74,22 +80,24 @@ public class SimpleSecurityConfiguration {
                             response.addCookie(cookieToDelete);
                         }
                     }));
+            return http.build();
         }
     }
 
     @Order(1)
     @Configuration
-    public static class ClearSiteDataHeaderLogoutConfiguration extends WebSecurityConfigurerAdapter {
+    public static class ClearSiteDataHeaderLogoutConfiguration {
 
         private static final ClearSiteDataHeaderWriter.Directive[] SOURCE = { CACHE, COOKIES, STORAGE, EXECUTION_CONTEXTS };
 
-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
+        @Bean
+        public SecurityFilterChain filterChainClearSiteDataHeader(HttpSecurity http) throws Exception {
             http.antMatcher("/csd/**")
                 .authorizeRequests(authz -> authz.anyRequest()
                     .permitAll())
                 .logout(logout -> logout.logoutUrl("/csd/csdlogout")
                     .addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))));
+            return http.build();
         }
     }
 }
diff --git a/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java b/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java
index 519a6bdc99..2c37303d81 100644
--- a/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java
+++ b/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/logoutredirects/LogoutApplicationUnitTest.java
@@ -8,13 +8,14 @@ import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
+import com.baeldung.logoutredirects.securityconfig.SpringSecurityConfig;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.unauthenticated;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
 
 @RunWith(SpringRunner.class)
-@WebMvcTest()
+@WebMvcTest(SpringSecurityConfig.class)
 public class LogoutApplicationUnitTest {
 
     @Autowired
diff --git a/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java b/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java
index 06dc01e116..a9ad907c30 100644
--- a/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java
+++ b/spring-security-modules/spring-security-web-login-2/src/test/java/com/baeldung/manuallogout/ManualLogoutIntegrationTest.java
@@ -23,7 +23,7 @@ import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
 @RunWith(SpringRunner.class)
-@WebMvcTest()
+@WebMvcTest(SimpleSecurityConfiguration.class)
 public class ManualLogoutIntegrationTest {
 
     private static final String CLEAR_SITE_DATA_HEADER = "Clear-Site-Data";