Replace WebSecurityConfigurerAdapter in Spring boot for ResourceServerConfigurerAdapter

Question

Since Spring Boot 2.7.x version WebSecurityConfigurerAdapter class is deprecated and there is a guide from spring.io on how to replace those classes and use component-based security configuration.

My question is how to handle the following use-case:

@Configuration
@EnableResourceServer
public class BearerAuthWebSecurityConfiguration extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http
                .antMatcher("/api/**")
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .authorizeRequests()
                .anyRequest()
                .authenticated();
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) {
        resources.resourceId(null);
        resources.authenticationManager(new OAuth2AuthenticationManager());
    }
    
}

I did not find any guide on how to handle @EnableResourceServer and ResourceServerConfigurerAdapter using the new component-based security configuration. And under the hood these classes also use WebSecurityConfigurerAdapter and should be moved to the component-based security configuration.

score 3 · Accepted Answer · answered Jun 29 '22 at 14:04

3

The ResourceServerSecurityConfigurer is from the EOL'd spring-security-oauth project, therefore there is no support for new features/deprecations. I recommend you to use Spring Security's support for OAuth 2.0.

answered Jun 29 '22 at 14:04

Marcus Hert da Coregio

4,635
9
27

Replace WebSecurityConfigurerAdapter in Spring boot for ResourceServerConfigurerAdapter

1 Answers1