Cannot resolve symbol WebSecurityConfigurerAdapter

Question

I try created Basic Auth in my java app. For they i used this dependencies in gradle file

dependencies {
compile group: 'org.springframework.boot', name: 'spring-boot-starter', version: '1.5.9.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-boot-starter-web', version: '1.5.9.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-boot-starter-parent', version: '1.3.3.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-boot-starter-security'
compile group: 'org.springframework.boot', name: 'spring-boot-starter-log4j2', version: '1.4.3.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-boot-starter-data-mongodb', version: '1.5.9.RELEASE'
compile group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.7'
compile group: 'org.apache.logging.log4j', name: 'log4j-api', version: '2.7'
compile group: 'org.apache.logging.log4j', name: 'log4j-web', version: '2.7'
compile('org.hibernate:hibernate-core')    
testCompile group: 'junit', name: 'junit', version: '4.12'

}

When i implementation extend class WebSecurityConfigurerAdapter idea show error Cannot resolve symbol WebSecurityConfigurerAdapter and highlights code red color.

I tryed also use next dependecies

compile group: 'org.springframework.boot', name: 'spring-security-core', version: '5.0.0.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-security-web', version: '5.0.0.RELEASE'
compile group: 'org.springframework.boot', name: 'spring-security-config', version: '5.0.0.RELEASE'

What dependecies need to be gradle file for the implementation extended class WebSecurityConfigurerAdapter?

Answer 1

Perhaps you are used to have a Spring configuration class that extends the WebSecurityConfigurerAdapter abstract class like this:

@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter 
{

    @Override
    protected void configure(HttpSecurity http) throws Exception {

    // configure HTTP security...

    }

    @Override
    public void configure(WebSecurity web) throws Exception {

        // configure Web security...

    }
}

This is fine with Spring Security version 5.6.5 or older, or with Spring Boot version 2.6.8 or older. However, if your project uses Spring Security 5.7.1 or newer, or Spring Boot 2.7.0 or newer, you will get this warning in your IDE: The type WebSecurityConfigurerAdapter is deprecated

So, why Spring Security deprecates the use of WebSecurityConfigurerAdapter ?, and what is the alternative? Well, it’s because the developers of Spring framework encourage users to move towards a component-based security configuration. So, instead of extending WebSecurityConfigurerAdapter and overriding methods for configuring HttpSecurity and WebSecurity as in the old way - Now you to declare two beans of type SecurityFilterChain and WebSecurityCustomizer as follows:

@Configuration
public class SecurityConfiguration {
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
}
 
    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
     
    }     
}

Answer 2

In case of SpringBoot, this happens because of SpringBoot not supporting WebSecurityConfigurerAdapter in latest version, see here in detail https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter.

To solve this you can change the version of your spring boot from pom.xml like:

<parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.5.2</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

This may work fine :)

Answer 3

Refer to https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter.

I believe websecurityconfigureradapter is already removed in the latest spring boot library.

Answer 4

try annotating with @EnableWebSecurity at the class level before extending the WebSecurityConfigurerAdapter.

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

Answer 5

That class will be in group org.springframework.security and not org.springframework.boot under the artifact spring-security-config

compile group: "org.springframework.security", name: "spring-security-config", version: "$springSecurityVersion"

Although, as the comment suggests,

as sample build.gradle could look like

buildscript {
    repositories {
        mavenCentral()
    }

    dependencies {
        classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
    }
}

apply plugin: "org.springframework.boot"

dependencies {

    compile group: "org.springframework.security", name: "spring-security-core", version: "$springSecurityVersion"
    compile group: "org.springframework.security", name: "spring-security-config", version: "$springSecurityVersion"
    compile group: "org.springframework.security", name: "spring-security-web", version: "$springSecurityVersion"
    compile group: "org.springframework.security", name: "spring-security-oauth2-jose", version: "$springSecurityVersion"
    compile group: "org.springframework.security", name: "spring-security-oauth2-resource-server", version: "$springSecurityVersion"
    compile group: "org.springframework.boot", name: "spring-boot-starter-web", version: "$springBootVersion"
    compile group: "org.springframework.boot", name: "spring-boot-starter-security", version: "$springBootVersion"
    compile group: "org.springframework.boot", name: "spring-boot-starter-thymeleaf", version: "$springBootVersion"
    compile group: "org.thymeleaf.extras", name: "thymeleaf-extras-springsecurity5", version: "$thymeleafExtrasSpringSecurityVersion"

    testCompile group: "org.springframework.boot", name: "spring-boot-starter-test", version: "$springBootVersion"
    testCompile group: "org.springframework.security", name: "spring-security-test", version: "$springSecurityVersion"
}