How to migrate from WebSecurityConfigurerAdapter?-CodePudding

As WebSecurityConfigurerAdapter is @Deprecated, how can I correctly move to org.springframework.security.web.SecurityFilterChain?

I mean, what is the equivalent of the following deprecated configuration?

@Configuration
static class HttpSecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest().authenticated();
        http.formLogin();
        http.httpBasic();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        http.csrf().disable();
    }
}

CodePudding user response：

As documented in this blog remove the extends and expose the SecurityFilterChain.

@Configuration
@EnableWebMvc
static class HttpSecurityConfiguration {
    @public
    public SecurityFilterChain filterChain(HttpSecurity http) {
        http.authorizeRequests().anyRequest().authenticated();
        http.formLogin();
        http.httpBasic();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        http.csrf().disable();
        return http.build();
    }
}

Ideally you would rewrite the authorize part as well.

@Configuration
@EnableWebMvc
static class HttpSecurityConfiguration {
    @public
    public SecurityFilterChain filterChain(HttpSecurity http) {
        http.authorizeHttpRequests( (auth) -> auth.anyRequest().authenticated());
        http.formLogin();
        http.httpBasic();
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER);
        http.csrf().disable();
        return http.build();
    }
}