Spring Boot Project with Maven, can't Import WebSecurityConfigurerAdapter


Our Perspective on Resolving "Cannot Resolve Symbol 'WebSecurityConfigurerAdapter'" Error in Spring Boot

Upon encountering the "Cannot Resolve Symbol 'WebSecurityConfigurerAdapter'" error in Spring Boot, we acknowledge that this issue may arise due to changes in the latest versions of the Spring Boot library. The class WebSecurityConfigurerAdapter have been removed.

To address this, we recommend trying the following solutions:

1. Use @EnableWebSecurity Annotation:

Annotate your class with @EnableWebSecurity at the class level before extending the WebSecurityConfigurerAdapter. This annotation enables Spring Security's web security support and might resolve the issue.

2. Change Spring Boot Version:

If the above solution doesn't work, consider changing the version of Spring Boot in your pom.xml file. You can update the spring-boot-starter-parent version to an earlier or specific version where WebSecurityConfigurerAdapter is still available.



Our Perspective on Upgrading the Deprecated WebSecurityConfigurerAdapter in Spring Security

As we navigate through the process of upgrading the deprecated WebSecurityConfigurerAdapter in Spring Security, we recognize the importance of configuring HTTP security effectively. To avoid deprecation for HTTP security, we have the option to create a SecurityFilterChain bean.

For instance, if our objective is to secure endpoints based on roles while allowing anonymous access only for login, and to restrict delete requests to users with admin roles, we can achieve this by exposing a SecurityFilterChain bean.

1. Creating a SecurityFilterChain Bean:

We will define a custom SecurityFilterChain bean to replace the deprecated WebSecurityConfigurerAdapter. This bean allows us to configure HTTP security in a more modern and flexible manner.

2. Defining Security Rules:

Within the SecurityFilterChain bean, we'll define security rules to secure endpoints based on roles. We'll also specify an anonymous entry point for login and restrict delete requests to users with admin roles.

3. Using Basic Authentication:

We'll utilize Basic Authentication to authenticate users and authorize access to protected endpoints based on their roles. This approach ensures a secure and standardized method of authentication.

Transitioning from WebSecurityConfigurerAdapter to SecurityFilterChain aligns with Spring Security's evolution and promotes best practices in security configuration. 

By adopting modern security practices and leveraging the flexibility offered by SecurityFilterChain beans, we can effectively address deprecation warnings and maintain a robust security architecture in our Spring applications.