Remove WebSecurityConfigurerAdapter from Kotlin tests

Issue gh-10902

config/src/test/kotlin/org/springframework/security/config/annotation/web/AnonymousDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,15 +19,16 @@ package org.springframework.security.config.annotation.web
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.authentication.AnonymousAuthenticationToken
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.annotation.AuthenticationPrincipal
 import org.springframework.security.core.authority.SimpleGrantedAuthority
 import org.springframework.security.core.context.SecurityContextHolder
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 import org.springframework.web.bind.annotation.GetMapping
@@ -60,13 +61,15 @@ class AnonymousDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class PrincipalConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class PrincipalConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 anonymous {
                     principal = "principal"
                 }
             }
+            return http.build()
         }
     }
 
@@ -82,13 +85,15 @@ class AnonymousDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class KeyConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class KeyConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 anonymous {
                     key = "key"
                 }
             }
+            return http.build()
         }
     }
 
@@ -104,13 +109,15 @@ class AnonymousDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class AnonymousDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AnonymousDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 anonymous {
                     disable()
                 }
             }
+            return http.build()
         }
     }
 
@@ -126,8 +133,9 @@ class AnonymousDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class AnonymousAuthoritiesConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AnonymousAuthoritiesConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 anonymous {
                     authorities = listOf(SimpleGrantedAuthority("TEST"))
@@ -136,6 +144,7 @@ class AnonymousDslTests {
                     authorize(anyRequest, hasAuthority("TEST"))
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeRequestsDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,7 +24,6 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpMethod
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.userdetails.User
@@ -32,6 +31,7 @@ import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.util.matcher.RegexRequestMatcher
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
@@ -96,8 +96,9 @@ class AuthorizeRequestsDslTests {
     }
 
     @EnableWebSecurity
-    open class AuthorizeRequestsByRegexConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AuthorizeRequestsByRegexConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(RegexRequestMatcher("/path", null), permitAll)
@@ -106,6 +107,7 @@ class AuthorizeRequestsDslTests {
                     authorize(RegexRequestMatcher(".*", null), authenticated)
                 }
             }
+            return http.build()
         }
 
         @RestController
@@ -152,14 +154,16 @@ class AuthorizeRequestsDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class AuthorizeRequestsByMvcConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AuthorizeRequestsByMvcConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize("/path", permitAll)
                     authorize("/**", authenticated)
                 }
             }
+            return http.build()
         }
 
         @RestController
@@ -194,13 +198,15 @@ class AuthorizeRequestsDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class MvcMatcherPathVariablesConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class MvcMatcherPathVariablesConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize("/user/{userName}", "#userName == 'user'")
                 }
             }
+            return http.build()
         }
 
         @RestController
@@ -235,14 +241,16 @@ class AuthorizeRequestsDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class HasRoleConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HasRoleConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize("/**", hasRole("ADMIN"))
                 }
                 httpBasic { }
             }
+            return http.build()
         }
 
         @RestController
@@ -253,7 +261,7 @@ class AuthorizeRequestsDslTests {
         }
 
         @Bean
-        override fun userDetailsService(): UserDetailsService {
+        open fun userDetailsService(): UserDetailsService {
             val userDetails = User.withDefaultPasswordEncoder()
                     .username("user")
                     .password("password")
@@ -298,14 +306,16 @@ class AuthorizeRequestsDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class HasAnyRoleConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HasAnyRoleConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize("/**", hasAnyRole("ADMIN", "USER"))
                 }
                 httpBasic { }
             }
+            return http.build()
         }
 
         @RestController
@@ -316,7 +326,7 @@ class AuthorizeRequestsDslTests {
         }
 
         @Bean
-        override fun userDetailsService(): UserDetailsService {
+        open fun userDetailsService(): UserDetailsService {
             val userDetails = User.withDefaultPasswordEncoder()
                     .username("user")
                     .password("password")
@@ -366,14 +376,16 @@ class AuthorizeRequestsDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class HasAnyAuthorityConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HasAnyAuthorityConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize("/**", hasAnyAuthority("ROLE_ADMIN", "ROLE_USER"))
                 }
                 httpBasic { }
             }
+            return http.build()
         }
 
         @RestController
@@ -384,7 +396,7 @@ class AuthorizeRequestsDslTests {
         }
 
         @Bean
-        override fun userDetailsService(): UserDetailsService {
+        open fun userDetailsService(): UserDetailsService {
             val userDetails = User.withDefaultPasswordEncoder()
                     .username("user")
                     .password("password")
@@ -425,8 +437,9 @@ class AuthorizeRequestsDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class MvcMatcherServletPathConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class MvcMatcherServletPathConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize("/path",
@@ -434,6 +447,7 @@ class AuthorizeRequestsDslTests {
                             denyAll)
                 }
             }
+            return http.build()
         }
 
         @RestController
@@ -446,14 +460,16 @@ class AuthorizeRequestsDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class AuthorizeRequestsByMvcConfigWithHttpMethod : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AuthorizeRequestsByMvcConfigWithHttpMethod{
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(HttpMethod.GET, "/path", permitAll)
                     authorize(HttpMethod.PUT, "/path", denyAll)
                 }
             }
+            return http.build()
         }
 
         @RestController
@@ -481,14 +497,16 @@ class AuthorizeRequestsDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class MvcMatcherServletPathHttpMethodConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class MvcMatcherServletPathHttpMethodConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(HttpMethod.GET, "/path", "/spring", denyAll)
                     authorize(HttpMethod.PUT, "/path", "/spring", denyAll)
                 }
             }
+            return http.build()
         }
 
         @RestController

config/src/test/kotlin/org/springframework/security/config/annotation/web/CorsDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,9 +25,9 @@ import org.springframework.context.annotation.Bean
 import org.springframework.http.HttpHeaders
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 import org.springframework.web.bind.annotation.RequestMethod
@@ -58,11 +58,13 @@ class CorsDslTests {
     }
 
     @EnableWebSecurity
-    open class DefaultCorsConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class DefaultCorsConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 cors { }
             }
+            return http.build()
         }
     }
 
@@ -80,11 +82,13 @@ class CorsDslTests {
 
     @EnableWebMvc
     @EnableWebSecurity
-    open class CorsCrossOriginBeanConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CorsCrossOriginBeanConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 cors { }
             }
+            return http.build()
         }
 
         @Bean
@@ -114,14 +118,16 @@ class CorsDslTests {
 
     @EnableWebMvc
     @EnableWebSecurity
-    open class CorsDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CorsDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http.cors()
             http {
                 cors {
                     disable()
                 }
             }
+            return http.build()
         }
 
         @Bean
@@ -151,8 +157,9 @@ class CorsDslTests {
 
     @EnableWebMvc
     @EnableWebSecurity
-    open class CorsCrossOriginSourceConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CorsCrossOriginSourceConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             val source = UrlBasedCorsConfigurationSource()
             val corsConfiguration = CorsConfiguration()
             corsConfiguration.allowedOrigins = listOf("*")
@@ -165,6 +172,7 @@ class CorsDslTests {
                     configurationSource = source
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/CsrfDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,7 +25,6 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.userdetails.User
@@ -33,6 +32,7 @@ import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
 import org.springframework.security.web.csrf.CsrfTokenRepository
@@ -81,11 +81,13 @@ class CsrfDslTests {
     }
 
     @EnableWebSecurity
-    open class DefaultCsrfConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class DefaultCsrfConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 csrf { }
             }
+            return http.build()
         }
     }
 
@@ -100,13 +102,15 @@ class CsrfDslTests {
     }
 
     @EnableWebSecurity
-    open class CsrfDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CsrfDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 csrf {
                     disable()
                 }
             }
+            return http.build()
         }
     }
 
@@ -124,18 +128,20 @@ class CsrfDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomRepositoryConfig : WebSecurityConfigurerAdapter() {
+    open class CustomRepositoryConfig {
 
         companion object {
             val REPO: CsrfTokenRepository = HttpSessionCsrfTokenRepository()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 csrf {
                     csrfTokenRepository = REPO
                 }
             }
+            return http.build()
         }
     }
 
@@ -155,13 +161,15 @@ class CsrfDslTests {
     }
 
     @EnableWebSecurity
-    open class RequireCsrfProtectionMatcherConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class RequireCsrfProtectionMatcherConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 csrf {
                     requireCsrfProtectionMatcher = AntPathRequestMatcher("/test1")
                 }
             }
+            return http.build()
         }
     }
 
@@ -178,23 +186,25 @@ class CsrfDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomStrategyConfig : WebSecurityConfigurerAdapter() {
+    open class CustomStrategyConfig {
 
         companion object {
             var STRATEGY: SessionAuthenticationStrategy = NullAuthenticatedSessionStrategy()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin { }
                 csrf {
                     sessionAuthenticationStrategy = STRATEGY
                 }
             }
+            return http.build()
         }
 
         @Bean
-        override fun userDetailsService(): UserDetailsService {
+        open fun userDetailsService(): UserDetailsService {
             val userDetails = User.withDefaultPasswordEncoder()
                     .username("user")
                     .password("password")
@@ -220,14 +230,16 @@ class CsrfDslTests {
     }
 
     @EnableWebSecurity
-    open class IgnoringRequestMatchersConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class IgnoringRequestMatchersConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 csrf {
                     requireCsrfProtectionMatcher = AntPathRequestMatcher("/**")
                     ignoringRequestMatchers(AntPathRequestMatcher("/test2"))
                 }
             }
+            return http.build()
         }
     }
 
@@ -247,14 +259,16 @@ class CsrfDslTests {
     }
 
     @EnableWebSecurity
-    open class IgnoringAntMatchersConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class IgnoringAntMatchersConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 csrf {
                     requireCsrfProtectionMatcher = AntPathRequestMatcher("/**")
                     ignoringAntMatchers("/test2")
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/ExceptionHandlingDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,14 +20,15 @@ import org.assertj.core.api.Assertions.assertThatExceptionOfType
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.access.AccessDeniedException
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.userdetails.User.withUsername
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.access.AccessDeniedHandlerImpl
 import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher
@@ -60,14 +61,16 @@ class ExceptionHandlingDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class ExceptionHandlingConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ExceptionHandlingConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
                 }
                 exceptionHandling { }
             }
+            return http.build()
         }
     }
 
@@ -81,8 +84,9 @@ class ExceptionHandlingDslTests {
     }
 
     @EnableWebSecurity
-    open class ExceptionHandlingDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ExceptionHandlingDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -91,6 +95,7 @@ class ExceptionHandlingDslTests {
                     disable()
                 }
             }
+            return http.build()
         }
     }
 
@@ -108,8 +113,9 @@ class ExceptionHandlingDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class AccessDeniedPageConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AccessDeniedPageConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize("/admin", hasAuthority("ROLE_ADMIN"))
@@ -119,6 +125,7 @@ class ExceptionHandlingDslTests {
                     accessDeniedPage = "/access-denied"
                 }
             }
+            return http.build()
         }
     }
 
@@ -136,8 +143,9 @@ class ExceptionHandlingDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class AccessDeniedHandlerConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AccessDeniedHandlerConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             val customAccessDeniedHandler = AccessDeniedHandlerImpl()
             customAccessDeniedHandler.setErrorPage("/access-denied")
             http {
@@ -149,6 +157,7 @@ class ExceptionHandlingDslTests {
                     accessDeniedHandler = customAccessDeniedHandler
                 }
             }
+            return http.build()
         }
     }
 
@@ -173,8 +182,9 @@ class ExceptionHandlingDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class AccessDeniedHandlerForConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AccessDeniedHandlerForConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             val customAccessDeniedHandler1 = AccessDeniedHandlerImpl()
             customAccessDeniedHandler1.setErrorPage("/access-denied1")
             val customAccessDeniedHandler2 = AccessDeniedHandlerImpl()
@@ -190,6 +200,7 @@ class ExceptionHandlingDslTests {
                     defaultAccessDeniedHandlerFor(customAccessDeniedHandler2, AntPathRequestMatcher("/admin2"))
                 }
             }
+            return http.build()
         }
     }
 
@@ -206,8 +217,9 @@ class ExceptionHandlingDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class AuthenticationEntryPointConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AuthenticationEntryPointConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -216,6 +228,7 @@ class ExceptionHandlingDslTests {
                     authenticationEntryPoint = LoginUrlAuthenticationEntryPoint("/custom-login")
                 }
             }
+            return http.build()
         }
     }
 
@@ -238,8 +251,9 @@ class ExceptionHandlingDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class AuthenticationEntryPointForConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AuthenticationEntryPointForConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             val customAuthenticationEntryPoint1 = LoginUrlAuthenticationEntryPoint("/custom-login1")
             val customAuthenticationEntryPoint2 = LoginUrlAuthenticationEntryPoint("/custom-login2")
             http {
@@ -251,6 +265,7 @@ class ExceptionHandlingDslTests {
                     defaultAuthenticationEntryPointFor(customAuthenticationEntryPoint2, AntPathRequestMatcher("/secured2"))
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/FormLoginDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,11 +24,9 @@ import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Configuration
-import org.springframework.security.authentication.AuthenticationDetailsSource
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.userdetails.User
@@ -42,6 +40,8 @@ import org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirec
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status
 import org.springframework.web.bind.annotation.GetMapping
 import jakarta.servlet.http.HttpServletRequest
+import org.springframework.context.annotation.Bean
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.WebAuthenticationDetails
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
 
@@ -91,11 +91,13 @@ class FormLoginDslTests {
     }
 
     @EnableWebSecurity
-    open class FormLoginConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class FormLoginConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
             }
+            return http.build()
         }
     }
 
@@ -111,14 +113,16 @@ class FormLoginDslTests {
     }
 
     @EnableWebSecurity
-    open class AllSecuredConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AllSecuredConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 
@@ -134,8 +138,9 @@ class FormLoginDslTests {
     }
 
     @EnableWebSecurity
-    open class LoginPageConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class LoginPageConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {
                     loginPage = "/log-in"
@@ -144,6 +149,7 @@ class FormLoginDslTests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 
@@ -159,13 +165,15 @@ class FormLoginDslTests {
     }
 
     @EnableWebSecurity
-    open class SuccessHandlerConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class SuccessHandlerConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {
                     authenticationSuccessHandler = SimpleUrlAuthenticationSuccessHandler("/success")
                 }
             }
+            return http.build()
         }
     }
 
@@ -181,13 +189,15 @@ class FormLoginDslTests {
     }
 
     @EnableWebSecurity
-    open class FailureHandlerConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class FailureHandlerConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {
                     authenticationFailureHandler = SimpleUrlAuthenticationFailureHandler("/failure")
                 }
             }
+            return http.build()
         }
     }
 
@@ -203,13 +213,15 @@ class FormLoginDslTests {
     }
 
     @EnableWebSecurity
-    open class FailureUrlConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class FailureUrlConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {
                     failureUrl = "/failure"
                 }
             }
+            return http.build()
         }
     }
 
@@ -225,13 +237,15 @@ class FormLoginDslTests {
     }
 
     @EnableWebSecurity
-    open class LoginProcessingUrlConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class LoginProcessingUrlConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {
                     loginProcessingUrl = "/custom"
                 }
             }
+            return http.build()
         }
     }
 
@@ -247,13 +261,15 @@ class FormLoginDslTests {
     }
 
     @EnableWebSecurity
-    open class DefaultSuccessUrlConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class DefaultSuccessUrlConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {
                     defaultSuccessUrl("/custom", true)
                 }
             }
+            return http.build()
         }
     }
 
@@ -268,8 +284,9 @@ class FormLoginDslTests {
     }
 
     @EnableWebSecurity
-    open class PermitAllConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class PermitAllConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -279,6 +296,7 @@ class FormLoginDslTests {
                     permitAll()
                 }
             }
+            return http.build()
         }
 
         @Controller
@@ -308,18 +326,20 @@ class FormLoginDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomAuthenticationDetailsSourceConfig : WebSecurityConfigurerAdapter() {
+    open class CustomAuthenticationDetailsSourceConfig {
 
         companion object {
             val AUTHENTICATION_DETAILS_SOURCE = WebAuthenticationDetailsSource()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {
                     authenticationDetailsSource = AUTHENTICATION_DETAILS_SOURCE
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/HeadersDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,9 +23,9 @@ import org.springframework.context.annotation.Bean
 import org.springframework.http.HttpHeaders
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.header.writers.StaticHeadersWriter
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
 import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
@@ -66,11 +66,13 @@ class HeadersDslTests {
     }
 
     @EnableWebSecurity
-    open class DefaultHeadersConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class DefaultHeadersConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers { }
             }
+            return http.build()
         }
     }
 
@@ -86,13 +88,15 @@ class HeadersDslTests {
 
     @EnableWebSecurity
     @Suppress("DEPRECATION")
-    open class FeaturePolicyConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class FeaturePolicyConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     featurePolicy(policyDirectives = "geolocation 'self'")
                 }
             }
+            return http.build()
         }
     }
 
@@ -107,8 +111,9 @@ class HeadersDslTests {
     }
 
     @EnableWebSecurity
-    open class PermissionsPolicyConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class PermissionsPolicyConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     permissionsPolicy {
@@ -116,6 +121,7 @@ class HeadersDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -136,13 +142,15 @@ class HeadersDslTests {
     }
 
     @EnableWebSecurity
-    open class HeadersDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HeadersDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     disable()
                 }
             }
+            return http.build()
         }
     }
 
@@ -157,13 +165,15 @@ class HeadersDslTests {
     }
 
     @EnableWebSecurity
-    open class HeaderWriterConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HeaderWriterConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     addHeaderWriter(StaticHeadersWriter("custom-header", "custom-value"))
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/HttpBasicDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,17 +20,14 @@ import io.mockk.every
 import io.mockk.mockk
 import io.mockk.mockkObject
 import io.mockk.verify
-import jakarta.servlet.http.HttpServletRequest
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpStatus
-import org.springframework.security.authentication.AuthenticationDetailsSource
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.userdetails.User
@@ -38,6 +35,7 @@ import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
 import org.springframework.security.web.AuthenticationEntryPoint
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.HttpStatusEntryPoint
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
 import org.springframework.test.web.servlet.MockMvc
@@ -90,14 +88,16 @@ class HttpBasicDslTests {
     }
 
     @EnableWebSecurity
-    open class HttpBasicConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HttpBasicConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 httpBasic {}
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 
@@ -112,8 +112,9 @@ class HttpBasicDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomRealmConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomRealmConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 httpBasic {
                     realmName = "Custom Realm"
@@ -122,6 +123,7 @@ class HttpBasicDslTests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 
@@ -137,13 +139,14 @@ class HttpBasicDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomAuthenticationEntryPointConfig : WebSecurityConfigurerAdapter() {
+    open class CustomAuthenticationEntryPointConfig {
 
         companion object {
             val ENTRY_POINT: AuthenticationEntryPoint = HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 httpBasic {
                     authenticationEntryPoint = ENTRY_POINT
@@ -152,6 +155,7 @@ class HttpBasicDslTests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 
@@ -173,13 +177,14 @@ class HttpBasicDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomAuthenticationDetailsSourceConfig : WebSecurityConfigurerAdapter() {
+    open class CustomAuthenticationDetailsSourceConfig {
 
         companion object {
             val AUTHENTICATION_DETAILS_SOURCE = WebAuthenticationDetailsSource()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 httpBasic {
                     authenticationDetailsSource = AUTHENTICATION_DETAILS_SOURCE
@@ -188,6 +193,7 @@ class HttpBasicDslTests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/HttpSecurityDslTests.kt

@@ -32,7 +32,6 @@ import org.springframework.security.authentication.TestingAuthenticationProvider
 import org.springframework.security.authentication.TestingAuthenticationToken
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.userdetails.User
@@ -112,9 +111,10 @@ class HttpSecurityDslTests {
     }
 
     @EnableWebSecurity
-    open class DefaultSecurityConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
-            http {}
+    open class DefaultSecurityConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
+            return http.build()
         }
 
         @Configuration
@@ -160,14 +160,16 @@ class HttpSecurityDslTests {
     }
 
     @EnableWebSecurity
-    open class SecurityRequestMatcherRequestsConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class SecurityRequestMatcherRequestsConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 securityMatcher(RegexRequestMatcher("/path", null))
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 
@@ -215,14 +217,16 @@ class HttpSecurityDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class SecurityPatternMatcherRequestsConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class SecurityPatternMatcherRequestsConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 securityMatcher("/path")
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 
@@ -267,8 +271,9 @@ class HttpSecurityDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class MultiMatcherRequestsConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class MultiMatcherRequestsConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 securityMatcher("/path1")
                 securityMatcher(RegexRequestMatcher("/path2", null))
@@ -276,6 +281,7 @@ class HttpSecurityDslTests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 
@@ -317,8 +323,9 @@ class HttpSecurityDslTests {
     }
 
     @EnableWebSecurity
-    open class AuthenticationManagerRequestsConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AuthenticationManagerRequestsConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authenticationManager = AuthenticationManagerConfig.AUTHENTICATION_MANAGER
                 authorizeRequests {
@@ -326,6 +333,7 @@ class HttpSecurityDslTests {
                 }
                 httpBasic { }
             }
+            return http.build()
         }
     }
 
@@ -351,17 +359,18 @@ class HttpSecurityDslTests {
         val filterChain = spring.context.getBean(FilterChainProxy::class.java)
         val filters: List<Filter> = filterChain.getFilters("/")
 
-        assertThat(filters).hasSize(1)
-        assertThat(filters[0]).isExactlyInstanceOf(CustomFilter::class.java)
+        assertThat(filters).anyMatch { it is CustomFilter }
     }
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class CustomFilterConfig : WebSecurityConfigurerAdapter(true) {
-        override fun configure(http: HttpSecurity) {
+    open class CustomFilterConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 addFilterAt(CustomFilter(), UsernamePasswordAuthenticationFilter::class.java)
             }
+            return http.build()
         }
     }
 
@@ -372,17 +381,18 @@ class HttpSecurityDslTests {
         val filterChain = spring.context.getBean(FilterChainProxy::class.java)
         val filters: List<Filter> = filterChain.getFilters("/")
 
-        assertThat(filters).hasSize(1)
-        assertThat(filters[0]).isExactlyInstanceOf(CustomFilter::class.java)
+        assertThat(filters).anyMatch { it is CustomFilter }
     }
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class CustomFilterConfigReified : WebSecurityConfigurerAdapter(true) {
-        override fun configure(http: HttpSecurity) {
+    open class CustomFilterConfigReified {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 addFilterAt<UsernamePasswordAuthenticationFilter>(CustomFilter())
             }
+            return http.build()
         }
     }
 
@@ -401,12 +411,14 @@ class HttpSecurityDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class CustomFilterAfterConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomFilterAfterConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 addFilterAfter(CustomFilter(), UsernamePasswordAuthenticationFilter::class.java)
                 formLogin {}
             }
+            return http.build()
         }
     }
 
@@ -425,12 +437,14 @@ class HttpSecurityDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class CustomFilterAfterConfigReified : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomFilterAfterConfigReified{
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 addFilterAfter<UsernamePasswordAuthenticationFilter>(CustomFilter())
                 formLogin { }
             }
+            return http.build()
         }
     }
 
@@ -449,12 +463,14 @@ class HttpSecurityDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class CustomFilterBeforeConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomFilterBeforeConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 addFilterBefore(CustomFilter(), UsernamePasswordAuthenticationFilter::class.java)
                 formLogin {}
             }
+            return http.build()
         }
     }
 
@@ -473,12 +489,14 @@ class HttpSecurityDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class CustomFilterBeforeConfigReified : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomFilterBeforeConfigReified{
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 addFilterBefore<UsernamePasswordAuthenticationFilter>(CustomFilter())
                 formLogin { }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/LogoutDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,16 +25,17 @@ import org.assertj.core.api.Assertions.assertThat
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.mock.web.MockHttpSession
 import org.springframework.security.authentication.TestingAuthenticationToken
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.context.SecurityContextHolder
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.logout.LogoutHandler
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository
@@ -68,13 +69,15 @@ class LogoutDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomLogoutUrlConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomLogoutUrlConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 logout {
                     logoutUrl = "/custom/logout"
                 }
             }
+            return http.build()
         }
     }
 
@@ -91,13 +94,15 @@ class LogoutDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomLogoutRequestMatcherConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomLogoutRequestMatcherConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 logout {
                     logoutRequestMatcher = AntPathRequestMatcher("/custom/logout")
                 }
             }
+            return http.build()
         }
     }
 
@@ -114,13 +119,15 @@ class LogoutDslTests {
     }
 
     @EnableWebSecurity
-    open class SuccessUrlConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class SuccessUrlConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 logout {
                     logoutSuccessUrl = "/login"
                 }
             }
+            return http.build()
         }
     }
 
@@ -137,13 +144,15 @@ class LogoutDslTests {
     }
 
     @EnableWebSecurity
-    open class SuccessHandlerConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class SuccessHandlerConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 logout {
                     logoutSuccessHandler = SimpleUrlLogoutSuccessHandler()
                 }
             }
+            return http.build()
         }
     }
 
@@ -160,8 +169,9 @@ class LogoutDslTests {
     }
 
     @EnableWebSecurity
-    open class PermitAllConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class PermitAllConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -171,6 +181,7 @@ class LogoutDslTests {
                     permitAll()
                 }
             }
+            return http.build()
         }
     }
 
@@ -194,13 +205,15 @@ class LogoutDslTests {
     }
 
     @EnableWebSecurity
-    open class ClearAuthenticationFalseConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ClearAuthenticationFalseConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 logout {
                     clearAuthentication = false
                 }
             }
+            return http.build()
         }
     }
 
@@ -221,13 +234,15 @@ class LogoutDslTests {
     }
 
     @EnableWebSecurity
-    open class InvalidateHttpSessionFalseConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class InvalidateHttpSessionFalseConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 logout {
                     invalidateHttpSession = false
                 }
             }
+            return http.build()
         }
     }
 
@@ -245,13 +260,15 @@ class LogoutDslTests {
     }
 
     @EnableWebSecurity
-    open class DeleteCookiesConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class DeleteCookiesConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 logout {
                     deleteCookies("remove")
                 }
             }
+            return http.build()
         }
     }
 
@@ -275,14 +292,16 @@ class LogoutDslTests {
     }
 
     @EnableWebSecurity
-    open class DefaultLogoutSuccessHandlerForConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class DefaultLogoutSuccessHandlerForConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 logout {
                     logoutRequestMatcher = AntPathRequestMatcher("/logout/**")
                     defaultLogoutSuccessHandlerFor(SimpleUrlLogoutSuccessHandler(), AntPathRequestMatcher("/logout/custom"))
                 }
             }
+            return http.build()
         }
     }
 
@@ -300,18 +319,20 @@ class LogoutDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomLogoutHandlerConfig : WebSecurityConfigurerAdapter() {
+    open class CustomLogoutHandlerConfig {
 
         companion object {
             val HANDLER: LogoutHandler = NoopLogoutHandler()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 logout {
                     addLogoutHandler(HANDLER)
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/OAuth2ClientDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,7 +26,6 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
@@ -43,6 +42,7 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 
@@ -65,8 +65,9 @@ class OAuth2ClientDslTests {
     }
 
     @EnableWebSecurity
-    open class ClientRepoConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ClientRepoConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Client {
                     clientRegistrationRepository = InMemoryClientRegistrationRepository(
@@ -76,6 +77,7 @@ class OAuth2ClientDslTests {
                     )
                 }
             }
+            return http.build()
         }
     }
 
@@ -118,7 +120,7 @@ class OAuth2ClientDslTests {
     }
 
     @EnableWebSecurity
-    open class ClientRepositoryConfig : WebSecurityConfigurerAdapter() {
+    open class ClientRepositoryConfig {
 
         companion object {
             val REQUEST_REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
@@ -128,7 +130,8 @@ class OAuth2ClientDslTests {
             val CLIENT_REPOSITORY: OAuth2AuthorizedClientRepository = HttpSessionOAuth2AuthorizedClientRepository()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Client {
                     authorizedClientRepository = CLIENT_REPOSITORY
@@ -141,6 +144,7 @@ class OAuth2ClientDslTests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/OAuth2LoginDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,10 +25,8 @@ import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.security.authentication.AuthenticationDetailsSource
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
@@ -43,7 +41,7 @@ import org.springframework.test.web.servlet.get
 import org.springframework.test.web.servlet.post
 import org.springframework.web.bind.annotation.GetMapping
 import org.springframework.web.bind.annotation.RestController
-import jakarta.servlet.http.HttpServletRequest
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.WebAuthenticationDetailsSource
 
 /**
@@ -65,8 +63,9 @@ class OAuth2LoginDslTests {
     }
 
     @EnableWebSecurity
-    open class ClientRepoConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ClientRepoConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Login {
                     clientRegistrationRepository = InMemoryClientRegistrationRepository(
@@ -76,6 +75,7 @@ class OAuth2LoginDslTests {
                     )
                 }
             }
+            return http.build()
         }
     }
 
@@ -90,11 +90,13 @@ class OAuth2LoginDslTests {
     }
 
     @EnableWebSecurity
-    open class OAuth2LoginConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class OAuth2LoginConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Login { }
             }
+            return http.build()
         }
     }
 
@@ -109,13 +111,15 @@ class OAuth2LoginDslTests {
     }
 
     @EnableWebSecurity
-    open class LoginPageConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class LoginPageConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Login {
                     loginPage = "/custom-login"
                 }
             }
+            return http.build()
         }
 
         @RestController
@@ -157,14 +161,15 @@ class OAuth2LoginDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomAuthenticationDetailsSourceConfig : WebSecurityConfigurerAdapter() {
+    open class CustomAuthenticationDetailsSourceConfig {
 
         companion object {
             val AUTHENTICATION_DETAILS_SOURCE = WebAuthenticationDetailsSource()
             val AUTHORIZATION_REQUEST_REPOSITORY = HttpSessionOAuth2AuthorizationRequestRepository()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Login {
                     authenticationDetailsSource = AUTHENTICATION_DETAILS_SOURCE
@@ -173,6 +178,7 @@ class OAuth2LoginDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/OAuth2ResourceServerDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,7 +32,6 @@ import org.springframework.security.authentication.AuthenticationManager
 import org.springframework.security.authentication.AuthenticationManagerResolver
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames.SUB
@@ -43,6 +42,7 @@ import org.springframework.security.oauth2.server.resource.authentication.JwtIss
 import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
 import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver
 import org.springframework.security.web.AuthenticationEntryPoint
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.access.AccessDeniedHandler
 import org.springframework.security.web.access.AccessDeniedHandlerImpl
 import org.springframework.security.web.authentication.HttpStatusEntryPoint
@@ -79,13 +79,14 @@ class OAuth2ResourceServerDslTests {
     }
 
     @EnableWebSecurity
-    open class EntryPointConfig : WebSecurityConfigurerAdapter() {
+    open class EntryPointConfig {
 
         companion object {
             val ENTRY_POINT: AuthenticationEntryPoint = HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -95,6 +96,7 @@ class OAuth2ResourceServerDslTests {
                     jwt { }
                 }
             }
+            return http.build()
         }
 
         @Bean
@@ -115,14 +117,15 @@ class OAuth2ResourceServerDslTests {
     }
 
     @EnableWebSecurity
-    open class BearerTokenResolverConfig : WebSecurityConfigurerAdapter() {
+    open class BearerTokenResolverConfig {
 
         companion object {
             val RESOLVER: BearerTokenResolver = DefaultBearerTokenResolver()
             val DECODER: JwtDecoder = MockJwtDecoder()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -132,6 +135,7 @@ class OAuth2ResourceServerDslTests {
                     jwt { }
                 }
             }
+            return http.build()
         }
 
         @Bean
@@ -168,14 +172,15 @@ class OAuth2ResourceServerDslTests {
     }
 
     @EnableWebSecurity
-    open class AccessDeniedHandlerConfig : WebSecurityConfigurerAdapter() {
+    open class AccessDeniedHandlerConfig {
 
         companion object {
             val DECODER: JwtDecoder = MockJwtDecoder()
             val DENIED_HANDLER: AccessDeniedHandler = AccessDeniedHandlerImpl()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, denyAll)
@@ -185,6 +190,7 @@ class OAuth2ResourceServerDslTests {
                     jwt { }
                 }
             }
+            return http.build()
         }
 
         @Bean
@@ -209,14 +215,15 @@ class OAuth2ResourceServerDslTests {
     }
 
     @EnableWebSecurity
-    open class AuthenticationManagerResolverConfig : WebSecurityConfigurerAdapter() {
+    open class AuthenticationManagerResolverConfig {
 
         companion object {
             val RESOLVER: AuthenticationManagerResolver<HttpServletRequest> =
                 JwtIssuerAuthenticationManagerResolver("issuer")
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -225,6 +232,7 @@ class OAuth2ResourceServerDslTests {
                     authenticationManagerResolver = RESOLVER
                 }
             }
+            return http.build()
         }
     }
 
@@ -236,8 +244,9 @@ class OAuth2ResourceServerDslTests {
     }
 
     @EnableWebSecurity
-    open class AuthenticationManagerResolverAndOpaqueConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AuthenticationManagerResolverAndOpaqueConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -247,6 +256,7 @@ class OAuth2ResourceServerDslTests {
                     opaqueToken { }
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/PasswordManagementDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,11 +19,12 @@ package org.springframework.security.config.annotation.web
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 
@@ -53,11 +54,13 @@ class PasswordManagementDslTests {
     }
 
     @EnableWebSecurity
-    open class PasswordManagementWithDefaultChangePasswordPageConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class PasswordManagementWithDefaultChangePasswordPageConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 passwordManagement {}
             }
+            return http.build()
         }
     }
 
@@ -73,13 +76,15 @@ class PasswordManagementDslTests {
     }
 
     @EnableWebSecurity
-    open class PasswordManagementWithCustomChangePasswordPageConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class PasswordManagementWithCustomChangePasswordPageConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 passwordManagement {
                     changePasswordPage = "/custom-change-password-page"
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/PortMapperDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.web.PortMapperImpl
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 import java.util.*
@@ -53,8 +54,9 @@ class PortMapperDslTests  {
     }
 
     @EnableWebSecurity
-    open class PortMapperMapConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class PortMapperMapConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 requiresChannel {
                     secure(anyRequest, requiresSecure)
@@ -63,6 +65,7 @@ class PortMapperDslTests  {
                     map(543, 123)
                 }
             }
+            return http.build()
         }
     }
 
@@ -77,8 +80,9 @@ class PortMapperDslTests  {
     }
 
     @EnableWebSecurity
-    open class CustomPortMapperConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomPortMapperConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             val customPortMapper = PortMapperImpl()
             customPortMapper.setPortMappings(Collections.singletonMap("543", "123"))
             http {
@@ -89,6 +93,7 @@ class PortMapperDslTests  {
                     portMapper = customPortMapper
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/RememberMeDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,13 +26,12 @@ import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.fail
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
 import org.springframework.core.annotation.Order
 import org.springframework.mock.web.MockHttpSession
 import org.springframework.security.authentication.RememberMeAuthenticationToken
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.core.Authentication
 import org.springframework.security.core.authority.AuthorityUtils
@@ -45,6 +44,7 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
 import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler
 import org.springframework.security.web.authentication.NullRememberMeServices
 import org.springframework.security.web.authentication.RememberMeServices
@@ -219,7 +219,7 @@ internal class RememberMeDslTests {
 
     @Test
     fun `Remember Me when key then remember me works only for matching routes`() {
-        this.spring.register(WithoutKeyConfig::class.java, KeyConfig::class.java).autowire()
+        this.spring.register(WithAndWithoutKeyConfig::class.java).autowire()
         val withoutKeyMvcResult = mockMvc.post("/without-key/login") {
             loginRememberMeRequest()
         }.andReturn()
@@ -383,17 +383,18 @@ internal class RememberMeDslTests {
         }
     }
 
-    abstract class DefaultUserConfig : WebSecurityConfigurerAdapter() {
-        @Autowired
-        open fun configureGlobal(auth: AuthenticationManagerBuilder) {
-            auth.inMemoryAuthentication()
-                    .withUser(PasswordEncodedUser.user())
+    @Configuration
+    open class DefaultUserConfig {
+        @Bean
+        open fun userDetailsService(): UserDetailsService {
+            return InMemoryUserDetailsManager(PasswordEncodedUser.user())
         }
     }
 
     @EnableWebSecurity
     open class RememberMeConfig : DefaultUserConfig() {
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, hasRole("USER"))
@@ -401,12 +402,14 @@ internal class RememberMeDslTests {
                 formLogin {}
                 rememberMe {}
             }
+            return http.build()
         }
     }
 
     @EnableWebSecurity
     open class RememberMeDomainConfig : DefaultUserConfig() {
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, hasRole("USER"))
@@ -416,6 +419,7 @@ internal class RememberMeDslTests {
                     rememberMeCookieDomain = "spring.io"
                 }
             }
+            return http.build()
         }
     }
 
@@ -426,13 +430,15 @@ internal class RememberMeDslTests {
             val REMEMBER_ME_SERVICES: RememberMeServices = NullRememberMeServices()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 rememberMe {
                     rememberMeServices = REMEMBER_ME_SERVICES
                 }
             }
+            return http.build()
         }
     }
 
@@ -443,20 +449,23 @@ internal class RememberMeDslTests {
             val SUCCESS_HANDLER: AuthenticationSuccessHandler = SimpleUrlAuthenticationSuccessHandler()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 rememberMe {
                     authenticationSuccessHandler = SUCCESS_HANDLER
                 }
             }
+            return http.build()
         }
     }
 
     @EnableWebSecurity
-    @Order(0)
-    open class WithoutKeyConfig : DefaultUserConfig() {
-        override fun configure(http: HttpSecurity) {
+    open class WithAndWithoutKeyConfig : DefaultUserConfig() {
+        @Bean
+        @Order(0)
+        open fun securityFilterChainWithoutKey(http: HttpSecurity): SecurityFilterChain {
             http {
                 securityMatcher(AntPathRequestMatcher("/without-key/**"))
                 formLogin {
@@ -464,12 +473,11 @@ internal class RememberMeDslTests {
                 }
                 rememberMe {}
             }
+            return http.build()
         }
-    }
 
-    @EnableWebSecurity
-    open class KeyConfig : DefaultUserConfig() {
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChainWithKey(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -479,6 +487,7 @@ internal class RememberMeDslTests {
                     key = "RememberMeKey"
                 }
             }
+            return http.build()
         }
     }
 
@@ -489,66 +498,76 @@ internal class RememberMeDslTests {
             val TOKEN_REPOSITORY: PersistentTokenRepository = mockk()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 rememberMe {
                     tokenRepository = TOKEN_REPOSITORY
                 }
             }
+            return http.build()
         }
     }
 
     @EnableWebSecurity
     open class RememberMeTokenValidityConfig : DefaultUserConfig() {
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 rememberMe {
                     tokenValiditySeconds = 42
                 }
             }
+            return http.build()
         }
     }
 
     @EnableWebSecurity
     open class RememberMeUseSecureCookieConfig : DefaultUserConfig() {
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 rememberMe {
                     useSecureCookie = true
                 }
             }
+            return http.build()
         }
     }
 
     @EnableWebSecurity
     open class RememberMeParameterConfig : DefaultUserConfig() {
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 rememberMe {
                     rememberMeParameter = "rememberMe"
                 }
             }
+            return http.build()
         }
     }
 
     @EnableWebSecurity
     open class RememberMeCookieNameConfig : DefaultUserConfig() {
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 rememberMe {
                     rememberMeCookieName = "rememberMe"
                 }
             }
+            return http.build()
         }
     }
 
     @EnableWebSecurity
-    open class RememberMeDefaultUserDetailsServiceConfig : DefaultUserConfig() {
+    open class RememberMeDefaultUserDetailsServiceConfig {
 
         companion object {
             val USER_DETAIL_SERVICE: UserDetailsService = InMemoryUserDetailsManager(
@@ -557,15 +576,18 @@ internal class RememberMeDslTests {
             val PASSWORD_ENCODER: PasswordEncoder = BCryptPasswordEncoder()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 rememberMe {}
             }
+            return http.build()
         }
 
-        override fun configure(auth: AuthenticationManagerBuilder) {
-            auth.userDetailsService(USER_DETAIL_SERVICE)
+        @Bean
+        open fun userDetailsService(): UserDetailsService {
+            return USER_DETAIL_SERVICE
         }
 
         @Bean
@@ -582,25 +604,29 @@ internal class RememberMeDslTests {
             )
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 rememberMe {
                     userDetailsService = USER_DETAIL_SERVICE
                 }
             }
+            return http.build()
         }
     }
 
     @EnableWebSecurity
     open class RememberMeAlwaysRememberConfig : DefaultUserConfig() {
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 formLogin {}
                 rememberMe {
                     alwaysRemember = true
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/RequestCacheDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.savedrequest.NullRequestCache
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
@@ -56,12 +57,14 @@ class RequestCacheDslTests {
     }
 
     @EnableWebSecurity
-    open class RequestCacheConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class RequestCacheConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 requestCache { }
                 formLogin { }
             }
+            return http.build()
         }
     }
 
@@ -78,14 +81,16 @@ class RequestCacheDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomRequestCacheConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomRequestCacheConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 requestCache {
                     requestCache = NullRequestCache()
                 }
                 formLogin { }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/RequiresChannelDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -21,13 +21,14 @@ import io.mockk.verify
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.access.ConfigAttribute
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.web.FilterInvocation
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.access.channel.ChannelProcessor
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
@@ -63,13 +64,15 @@ class RequiresChannelDslTests {
     }
 
     @EnableWebSecurity
-    open class RequiresSecureConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class RequiresSecureConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 requiresChannel {
                     secure(anyRequest, requiresSecure)
                 }
             }
+            return http.build()
         }
     }
 
@@ -95,8 +98,9 @@ class RequiresChannelDslTests {
 
     @EnableWebSecurity
     @EnableWebMvc
-    open class MvcMatcherServletPathConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class MvcMatcherServletPathConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 requiresChannel {
                     secure("/path",
@@ -104,6 +108,7 @@ class RequiresChannelDslTests {
                             requiresSecure)
                 }
             }
+            return http.build()
         }
 
         @RestController
@@ -125,7 +130,7 @@ class RequiresChannelDslTests {
     }
 
     @EnableWebSecurity
-    open class ChannelProcessorsConfig : WebSecurityConfigurerAdapter() {
+    open class ChannelProcessorsConfig {
 
         companion object {
             val CHANNEL_PROCESSOR: ChannelProcessor = object : ChannelProcessor {
@@ -134,13 +139,15 @@ class RequiresChannelDslTests {
             }
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 requiresChannel {
                     channelProcessors = listOf(CHANNEL_PROCESSOR)
                     secure(anyRequest, requiresSecure)
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/Saml2DslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,7 +32,6 @@ import org.springframework.security.authentication.ProviderManager
 import org.springframework.security.authentication.TestingAuthenticationProvider
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.saml2.credentials.Saml2X509Credential
@@ -42,6 +41,7 @@ import org.springframework.security.saml2.provider.service.registration.RelyingP
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository
 import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations
 import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
@@ -71,11 +71,13 @@ class Saml2DslTests {
     }
 
     @EnableWebSecurity
-    open class Saml2LoginNoRelyingPArtyRegistrationRepoConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class Saml2LoginNoRelyingPArtyRegistrationRepoConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 saml2Login { }
             }
+            return http.build()
         }
     }
 
@@ -90,9 +92,10 @@ class Saml2DslTests {
     }
 
     @EnableWebSecurity
-    open class Saml2LoginConfig : WebSecurityConfigurerAdapter() {
+    open class Saml2LoginConfig {
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 saml2Login {
                     relyingPartyRegistrationRepository =
@@ -106,6 +109,7 @@ class Saml2DslTests {
                             )
                 }
             }
+            return http.build()
         }
 
         private fun <T : Certificate> loadCert(location: String): T {
@@ -127,17 +131,19 @@ class Saml2DslTests {
     }
 
     @EnableWebSecurity
-    open class Saml2LoginCustomAuthenticationManagerConfig : WebSecurityConfigurerAdapter() {
+    open class Saml2LoginCustomAuthenticationManagerConfig {
         companion object {
             val AUTHENTICATION_MANAGER: AuthenticationManager = ProviderManager(TestingAuthenticationProvider())
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 saml2Login {
                     authenticationManager = AUTHENTICATION_MANAGER
                 }
             }
+            return http.build()
         }
 
         @Bean

config/src/test/kotlin/org/springframework/security/config/annotation/web/SecurityContextDslTests.kt

@@ -19,27 +19,28 @@ package org.springframework.security.config.annotation.web
 import io.mockk.every
 import io.mockk.mockk
 import io.mockk.mockkObject
-import io.mockk.spyk
 import io.mockk.verify
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.jupiter.api.Test
-import org.junit.jupiter.api.assertDoesNotThrow
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
-import org.springframework.security.config.annotation.ObjectPostProcessor
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.context.SecurityContext
 import org.springframework.security.core.userdetails.PasswordEncodedUser
+import org.springframework.security.core.userdetails.UserDetailsService
+import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders
 import org.springframework.security.web.FilterChainProxy
-import org.springframework.security.web.context.*
-import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
+import org.springframework.security.web.SecurityFilterChain
+import org.springframework.security.web.context.HttpRequestResponseHolder
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository
+import org.springframework.security.web.context.NullSecurityContextRepository
+import org.springframework.security.web.context.SecurityContextHolderFilter
+import org.springframework.security.web.context.SecurityContextPersistenceFilter
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
 
@@ -56,14 +57,17 @@ class SecurityContextDslTests {
     fun `security context when invoked twice then uses original security context repository`() {
         spring.register(DuplicateDoesNotOverrideConfig::class.java).autowire()
         mockkObject(DuplicateDoesNotOverrideConfig.SECURITY_CONTEXT_REPOSITORY)
-        every { DuplicateDoesNotOverrideConfig.SECURITY_CONTEXT_REPOSITORY.loadContext(any<HttpRequestResponseHolder>()) } returns mockk<SecurityContext>(relaxed = true)
+        every { DuplicateDoesNotOverrideConfig.SECURITY_CONTEXT_REPOSITORY.loadContext(any<HttpRequestResponseHolder>()) } returns mockk<SecurityContext>(
+            relaxed = true
+        )
         mvc.perform(get("/"))
         verify(exactly = 1) { DuplicateDoesNotOverrideConfig.SECURITY_CONTEXT_REPOSITORY.loadContext(any<HttpRequestResponseHolder>()) }
     }
 
     @EnableWebSecurity
-    open class DuplicateDoesNotOverrideConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class DuplicateDoesNotOverrideConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             // @formatter:off
             http {
                 securityContext {
@@ -72,6 +76,7 @@ class SecurityContextDslTests {
                 securityContext { }
             }
             // @formatter:on
+            return http.build()
         }
 
         companion object {
@@ -79,37 +84,6 @@ class SecurityContextDslTests {
         }
     }
 
-    @Test
-    fun `security context when security context repository not configured then does not throw exception`() {
-        spring.register(SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig::class.java).autowire()
-        assertDoesNotThrow { mvc.perform(get("/")) }
-    }
-
-    @EnableWebSecurity
-    open class SecurityContextRepositoryDefaultsSecurityContextRepositoryConfig : WebSecurityConfigurerAdapter(true) {
-        override fun configure(http: HttpSecurity) {
-            // @formatter:off
-            http {
-                addFilterAt<WebAsyncManagerIntegrationFilter>(WebAsyncManagerIntegrationFilter())
-                anonymous { }
-                securityContext { }
-                authorizeRequests {
-                    authorize(anyRequest, permitAll)
-                }
-                httpBasic { }
-            }
-            // @formatter:on
-        }
-
-        override fun configure(auth: AuthenticationManagerBuilder) {
-            // @formatter:off
-            auth
-                    .inMemoryAuthentication()
-                    .withUser("user").password("password").roles("USER")
-            // @formatter:on
-        }
-    }
-
     @Test
     fun `security context when require explicit save is true then configure SecurityContextHolderFilter`() {
         val repository = HttpSessionSecurityContextRepository()
@@ -125,13 +99,14 @@ class SecurityContextDslTests {
         // @formatter:on
         val mvcResult = mvc.perform(SecurityMockMvcRequestBuilders.formLogin()).andReturn()
         val securityContext = repository
-                .loadContext(HttpRequestResponseHolder(mvcResult.request, mvcResult.response))
+            .loadContext(HttpRequestResponseHolder(mvcResult.request, mvcResult.response))
         assertThat(securityContext.authentication).isNotNull
     }
 
     @EnableWebSecurity
-    open class RequireExplicitSaveConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class RequireExplicitSaveConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             // @formatter:off
             http {
                 formLogin { }
@@ -140,14 +115,12 @@ class SecurityContextDslTests {
                 }
             }
             // @formatter:on
+            return http.build()
         }
 
-        override fun configure(auth: AuthenticationManagerBuilder) {
-            // @formatter:off
-            auth
-                    .inMemoryAuthentication()
-                    .withUser(PasswordEncodedUser.user())
-            // @formatter:on
+        @Bean
+        open fun userDetailsService(): UserDetailsService {
+            return InMemoryUserDetailsManager(PasswordEncodedUser.user())
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/SessionManagementDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,12 +29,12 @@ import org.springframework.context.annotation.Bean
 import org.springframework.mock.web.MockHttpSession
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.http.SessionCreationPolicy
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.Authentication
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler
 import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
 import org.springframework.security.web.authentication.session.SessionAuthenticationException
@@ -73,13 +73,15 @@ class SessionManagementDslTests {
     }
 
     @EnableWebSecurity
-    open class InvalidSessionUrlConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class InvalidSessionUrlConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 sessionManagement {
                     invalidSessionUrl = "/invalid"
                 }
             }
+            return http.build()
         }
     }
 
@@ -98,13 +100,15 @@ class SessionManagementDslTests {
     }
 
     @EnableWebSecurity
-    open class InvalidSessionStrategyConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class InvalidSessionStrategyConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 sessionManagement {
                     invalidSessionStrategy = SimpleRedirectInvalidSessionStrategy("/invalid")
                 }
             }
+            return http.build()
         }
     }
 
@@ -124,8 +128,9 @@ class SessionManagementDslTests {
     }
 
     @EnableWebSecurity
-    open class SessionAuthenticationErrorUrlConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class SessionAuthenticationErrorUrlConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -134,6 +139,7 @@ class SessionManagementDslTests {
                     sessionAuthenticationErrorUrl = "/session-auth-error"
                 }
             }
+            return http.build()
         }
     }
 
@@ -153,8 +159,9 @@ class SessionManagementDslTests {
     }
 
     @EnableWebSecurity
-    open class SessionAuthenticationFailureHandlerConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class SessionAuthenticationFailureHandlerConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -163,6 +170,7 @@ class SessionManagementDslTests {
                     sessionAuthenticationFailureHandler = SimpleUrlAuthenticationFailureHandler("/session-auth-error")
                 }
             }
+            return http.build()
         }
     }
 
@@ -177,8 +185,9 @@ class SessionManagementDslTests {
     }
 
     @EnableWebSecurity
-    open class StatelessSessionManagementConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class StatelessSessionManagementConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -187,6 +196,7 @@ class SessionManagementDslTests {
                     sessionCreationPolicy = SessionCreationPolicy.STATELESS
                 }
             }
+            return http.build()
         }
     }
 
@@ -208,13 +218,14 @@ class SessionManagementDslTests {
     }
 
     @EnableWebSecurity
-    open class SessionAuthenticationStrategyConfig : WebSecurityConfigurerAdapter() {
+    open class SessionAuthenticationStrategyConfig {
 
         companion object {
             val STRATEGY: SessionAuthenticationStrategy = NullAuthenticatedSessionStrategy()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -223,6 +234,7 @@ class SessionManagementDslTests {
                     sessionAuthenticationStrategy = STRATEGY
                 }
             }
+            return http.build()
         }
 
         @Bean

config/src/test/kotlin/org/springframework/security/config/annotation/web/X509DslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,7 +27,6 @@ import org.springframework.context.annotation.Bean
 import org.springframework.core.io.ClassPathResource
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.core.userdetails.User
@@ -36,6 +35,7 @@ import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.x509
 import org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken
 import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor
 import org.springframework.test.web.servlet.MockMvc
@@ -65,15 +65,17 @@ class X509DslTests {
     }
 
     @EnableWebSecurity
-    open class X509Config : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class X509Config {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 x509 { }
             }
+            return http.build()
         }
 
         @Bean
-        override fun userDetailsService(): UserDetailsService {
+        open fun userDetailsService(): UserDetailsService {
             val userDetails = User.withDefaultPasswordEncoder()
                     .username("rod")
                     .password("password")
@@ -94,17 +96,19 @@ class X509DslTests {
     }
 
     @EnableWebSecurity
-    open class X509RegexConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class X509RegexConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 x509 {
                     subjectPrincipalRegex = "CN=(.*?)@example.com(?:,|$)"
                 }
             }
+            return http.build()
         }
 
         @Bean
-        override fun userDetailsService(): UserDetailsService {
+        open fun userDetailsService(): UserDetailsService {
             val userDetails = User.withDefaultPasswordEncoder()
                     .username("rod")
                     .password("password")
@@ -125,8 +129,9 @@ class X509DslTests {
     }
 
     @EnableWebSecurity
-    open class UserDetailsServiceConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class UserDetailsServiceConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             val userDetails = User.withDefaultPasswordEncoder()
                     .username("rod")
                     .password("password")
@@ -138,10 +143,11 @@ class X509DslTests {
                     userDetailsService = customUserDetailsService
                 }
             }
+            return http.build()
         }
 
         @Bean
-        override fun userDetailsService(): UserDetailsService = mockk()
+        open fun userDetailsService(): UserDetailsService = mockk()
     }
 
     @Test
@@ -155,8 +161,9 @@ class X509DslTests {
     }
 
     @EnableWebSecurity
-    open class AuthenticationUserDetailsServiceConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class AuthenticationUserDetailsServiceConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             val userDetails = User.withDefaultPasswordEncoder()
                     .username("rod")
                     .password("password")
@@ -170,10 +177,11 @@ class X509DslTests {
                     authenticationUserDetailsService = customSource
                 }
             }
+            return http.build()
         }
 
         @Bean
-        override fun userDetailsService(): UserDetailsService = mockk()
+        open fun userDetailsService(): UserDetailsService = mockk()
     }
 
     @Test
@@ -187,8 +195,9 @@ class X509DslTests {
     }
 
     @EnableWebSecurity
-    open class X509PrincipalExtractorConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class X509PrincipalExtractorConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             val principalExtractor = SubjectDnX509PrincipalExtractor()
             principalExtractor.setSubjectDnRegex("CN=(.*?)@example.com(?:,|$)")
             http {
@@ -196,10 +205,11 @@ class X509DslTests {
                     x509PrincipalExtractor = principalExtractor
                 }
             }
+            return http.build()
         }
 
         @Bean
-        override fun userDetailsService(): UserDetailsService {
+        open fun userDetailsService(): UserDetailsService {
             val userDetails = User.withDefaultPasswordEncoder()
                     .username("rod")
                     .password("password")

config/src/test/kotlin/org/springframework/security/config/annotation/web/headers/CacheControlDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,13 +19,14 @@ package org.springframework.security.config.annotation.web.headers
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.http.HttpHeaders
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.annotation.web.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 
@@ -55,14 +56,16 @@ class CacheControlDslTests {
     }
 
     @EnableWebSecurity
-    open class CacheControlConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CacheControlConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
                     cacheControl { }
                 }
             }
+            return http.build()
         }
     }
 
@@ -79,8 +82,9 @@ class CacheControlDslTests {
     }
 
     @EnableWebSecurity
-    open class CacheControlDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CacheControlDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     cacheControl {
@@ -88,6 +92,7 @@ class CacheControlDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/headers/ContentSecurityPolicyDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web.headers
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.annotation.web.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
@@ -54,14 +55,16 @@ class ContentSecurityPolicyDslTests {
     }
 
     @EnableWebSecurity
-    open class ContentSecurityPolicyConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ContentSecurityPolicyConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
                     contentSecurityPolicy { }
                 }
             }
+            return http.build()
         }
     }
 
@@ -77,8 +80,9 @@ class ContentSecurityPolicyDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomPolicyDirectivesConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomPolicyDirectivesConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -87,6 +91,7 @@ class ContentSecurityPolicyDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -102,8 +107,9 @@ class ContentSecurityPolicyDslTests {
     }
 
     @EnableWebSecurity
-    open class ReportOnlyConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ReportOnlyConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -112,6 +118,7 @@ class ContentSecurityPolicyDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/headers/ContentTypeOptionsDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web.headers
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.annotation.web.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.server.header.ContentTypeOptionsServerHttpHeadersWriter
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
@@ -53,14 +54,16 @@ class ContentTypeOptionsDslTests {
     }
 
     @EnableWebSecurity
-    open class ContentTypeOptionsConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ContentTypeOptionsConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
                     contentTypeOptions { }
                 }
             }
+            return http.build()
         }
     }
 
@@ -75,8 +78,9 @@ class ContentTypeOptionsDslTests {
     }
 
     @EnableWebSecurity
-    open class ContentTypeOptionsDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ContentTypeOptionsDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     contentTypeOptions {
@@ -84,6 +88,7 @@ class ContentTypeOptionsDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/headers/FrameOptionsDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web.headers
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.annotation.web.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter
 import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter
 import org.springframework.test.web.servlet.MockMvc
@@ -55,14 +56,16 @@ class FrameOptionsDslTests {
     }
 
     @EnableWebSecurity
-    open class FrameOptionsConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class FrameOptionsConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
                     frameOptions { }
                 }
             }
+            return http.build()
         }
     }
 
@@ -78,8 +81,9 @@ class FrameOptionsDslTests {
     }
 
     @EnableWebSecurity
-    open class FrameOptionsDenyConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class FrameOptionsDenyConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -88,6 +92,7 @@ class FrameOptionsDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -103,8 +108,9 @@ class FrameOptionsDslTests {
     }
 
     @EnableWebSecurity
-    open class FrameOptionsSameOriginConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class FrameOptionsSameOriginConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -113,6 +119,7 @@ class FrameOptionsDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -128,8 +135,9 @@ class FrameOptionsDslTests {
     }
 
     @EnableWebSecurity
-    open class FrameOptionsSameOriginAndDenyConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class FrameOptionsSameOriginAndDenyConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -139,6 +147,7 @@ class FrameOptionsDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -154,8 +163,9 @@ class FrameOptionsDslTests {
     }
 
     @EnableWebSecurity
-    open class FrameOptionsDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class FrameOptionsDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     frameOptions {
@@ -163,6 +173,7 @@ class FrameOptionsDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/headers/HttpPublicKeyPinningDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,12 +20,13 @@ import org.assertj.core.api.Assertions
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.config.annotation.web.invoke
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 
@@ -57,14 +58,16 @@ class HttpPublicKeyPinningDslTests {
     }
 
     @EnableWebSecurity
-    open class HpkpNoPinConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HpkpNoPinConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
                     httpPublicKeyPinning { }
                 }
             }
+            return http.build()
         }
     }
 
@@ -80,8 +83,9 @@ class HttpPublicKeyPinningDslTests {
     }
 
     @EnableWebSecurity
-    open class HpkpPinConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HpkpPinConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -90,6 +94,7 @@ class HttpPublicKeyPinningDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -105,8 +110,9 @@ class HttpPublicKeyPinningDslTests {
     }
 
     @EnableWebSecurity
-    open class HpkpMaxAgeConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HpkpMaxAgeConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -116,6 +122,7 @@ class HttpPublicKeyPinningDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -131,8 +138,9 @@ class HttpPublicKeyPinningDslTests {
     }
 
     @EnableWebSecurity
-    open class HpkpReportOnlyFalseConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HpkpReportOnlyFalseConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -142,6 +150,7 @@ class HttpPublicKeyPinningDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -160,8 +169,9 @@ class HttpPublicKeyPinningDslTests {
     }
 
     @EnableWebSecurity
-    open class HpkpIncludeSubdomainsConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HpkpIncludeSubdomainsConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -171,6 +181,7 @@ class HttpPublicKeyPinningDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -189,8 +200,9 @@ class HttpPublicKeyPinningDslTests {
     }
 
     @EnableWebSecurity
-    open class HpkpReportUriConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HpkpReportUriConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -200,6 +212,7 @@ class HttpPublicKeyPinningDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -217,8 +230,9 @@ class HttpPublicKeyPinningDslTests {
     }
 
     @EnableWebSecurity
-    open class HpkpDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HpkpDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     httpPublicKeyPinning {
@@ -226,6 +240,7 @@ class HttpPublicKeyPinningDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/headers/HttpStrictTransportSecurityDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,12 +20,13 @@ import org.assertj.core.api.Assertions
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.annotation.web.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.server.header.StrictTransportSecurityServerHttpHeadersWriter
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher
 import org.springframework.test.web.servlet.MockMvc
@@ -56,14 +57,16 @@ class HttpStrictTransportSecurityDslTests {
     }
 
     @EnableWebSecurity
-    open class HstsConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HstsConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
                     httpStrictTransportSecurity { }
                 }
             }
+            return http.build()
         }
     }
 
@@ -79,8 +82,9 @@ class HttpStrictTransportSecurityDslTests {
     }
 
     @EnableWebSecurity
-    open class HstsPreloadConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HstsPreloadConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -89,6 +93,7 @@ class HttpStrictTransportSecurityDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -104,8 +109,9 @@ class HttpStrictTransportSecurityDslTests {
     }
 
     @EnableWebSecurity
-    open class HstsMaxAgeConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HstsMaxAgeConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -114,6 +120,7 @@ class HttpStrictTransportSecurityDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -129,8 +136,9 @@ class HttpStrictTransportSecurityDslTests {
     }
 
     @EnableWebSecurity
-    open class HstsCustomMatcherConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HstsCustomMatcherConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -139,6 +147,7 @@ class HttpStrictTransportSecurityDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -154,8 +163,9 @@ class HttpStrictTransportSecurityDslTests {
     }
 
     @EnableWebSecurity
-    open class HstsDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class HstsDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     httpStrictTransportSecurity {
@@ -163,6 +173,7 @@ class HttpStrictTransportSecurityDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/headers/ReferrerPolicyDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web.headers
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.annotation.web.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
@@ -53,14 +54,16 @@ class ReferrerPolicyDslTests {
     }
 
     @EnableWebSecurity
-    open class ReferrerPolicyConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ReferrerPolicyConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
                     referrerPolicy { }
                 }
             }
+            return http.build()
         }
     }
 
@@ -75,8 +78,9 @@ class ReferrerPolicyDslTests {
     }
 
     @EnableWebSecurity
-    open class ReferrerPolicyCustomPolicyConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ReferrerPolicyCustomPolicyConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -85,6 +89,7 @@ class ReferrerPolicyDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/headers/XssProtectionConfigDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,12 +19,13 @@ package org.springframework.security.config.annotation.web.headers
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.context.annotation.Bean
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.annotation.web.invoke
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.server.header.XXssProtectionServerHttpHeadersWriter
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
@@ -54,14 +55,16 @@ class XssProtectionConfigDslTests {
     }
 
     @EnableWebSecurity
-    open class XssProtectionConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class XssProtectionConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
                     xssProtection { }
                 }
             }
+            return http.build()
         }
     }
 
@@ -77,8 +80,9 @@ class XssProtectionConfigDslTests {
     }
 
     @EnableWebSecurity
-    open class XssProtectionBlockFalseConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class XssProtectionBlockFalseConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -87,6 +91,7 @@ class XssProtectionConfigDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -102,8 +107,9 @@ class XssProtectionConfigDslTests {
     }
 
     @EnableWebSecurity
-    open class XssProtectionDisabledConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class XssProtectionDisabledConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     defaultsDisabled = true
@@ -112,6 +118,7 @@ class XssProtectionConfigDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -127,8 +134,9 @@ class XssProtectionConfigDslTests {
     }
 
     @EnableWebSecurity
-    open class XssProtectionDisabledFunctionConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class XssProtectionDisabledFunctionConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 headers {
                     xssProtection {
@@ -136,6 +144,7 @@ class XssProtectionConfigDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 }

config/src/test/kotlin/org/springframework/security/config/annotation/web/oauth2/client/AuthorizationCodeGrantDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,7 +27,6 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
@@ -44,6 +43,7 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 
@@ -81,14 +81,15 @@ class AuthorizationCodeGrantDslTests {
     }
 
     @EnableWebSecurity
-    open class RequestRepositoryConfig : WebSecurityConfigurerAdapter() {
+    open class RequestRepositoryConfig {
 
         companion object {
             val REQUEST_REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
                 HttpSessionOAuth2AuthorizationRequestRepository()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Client {
                     authorizationCodeGrant {
@@ -99,6 +100,7 @@ class AuthorizationCodeGrantDslTests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 
@@ -130,7 +132,7 @@ class AuthorizationCodeGrantDslTests {
     }
 
     @EnableWebSecurity
-    open class AuthorizedClientConfig : WebSecurityConfigurerAdapter() {
+    open class AuthorizedClientConfig {
         companion object {
             val REQUEST_REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
                 HttpSessionOAuth2AuthorizationRequestRepository()
@@ -138,7 +140,8 @@ class AuthorizationCodeGrantDslTests {
                 DefaultAuthorizationCodeTokenResponseClient()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Client {
                     authorizationCodeGrant {
@@ -150,6 +153,7 @@ class AuthorizationCodeGrantDslTests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 
@@ -171,11 +175,12 @@ class AuthorizationCodeGrantDslTests {
     }
 
     @EnableWebSecurity
-    open class RequestResolverConfig : WebSecurityConfigurerAdapter() {
+    open class RequestResolverConfig {
 
         val requestResolver: OAuth2AuthorizationRequestResolver = mockk()
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Client {
                     authorizationCodeGrant {
@@ -186,6 +191,7 @@ class AuthorizationCodeGrantDslTests {
                     authorize(anyRequest, authenticated)
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/oauth2/login/AuthorizationEndpointDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,7 +27,6 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
@@ -38,6 +37,7 @@ import org.springframework.security.oauth2.client.web.AuthorizationRequestReposi
 import org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 
@@ -66,7 +66,7 @@ class AuthorizationEndpointDslTests {
     }
 
     @EnableWebSecurity
-    open class ResolverConfig : WebSecurityConfigurerAdapter() {
+    open class ResolverConfig {
 
         companion object {
             val RESOLVER: OAuth2AuthorizationRequestResolver = object : OAuth2AuthorizationRequestResolver {
@@ -80,7 +80,8 @@ class AuthorizationEndpointDslTests {
             }
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Login {
                     authorizationEndpoint {
@@ -88,6 +89,7 @@ class AuthorizationEndpointDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -103,14 +105,15 @@ class AuthorizationEndpointDslTests {
     }
 
     @EnableWebSecurity
-    open class RequestRepoConfig : WebSecurityConfigurerAdapter() {
+    open class RequestRepoConfig {
 
         companion object {
             val REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
                 HttpSessionOAuth2AuthorizationRequestRepository()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Login {
                     authorizationEndpoint {
@@ -118,6 +121,7 @@ class AuthorizationEndpointDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -132,14 +136,15 @@ class AuthorizationEndpointDslTests {
     }
 
     @EnableWebSecurity
-    open class AuthorizationUriConfig : WebSecurityConfigurerAdapter() {
+    open class AuthorizationUriConfig {
 
         companion object {
             val REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
                 HttpSessionOAuth2AuthorizationRequestRepository()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2Login {
                     authorizationEndpoint {
@@ -148,6 +153,7 @@ class AuthorizationEndpointDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/oauth2/login/RedirectionEndpointDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,7 +25,6 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
@@ -47,6 +46,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User
 import org.springframework.security.oauth2.core.user.OAuth2User
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 
@@ -103,7 +103,7 @@ class RedirectionEndpointDslTests {
     }
 
     @EnableWebSecurity
-    open class UserServiceConfig : WebSecurityConfigurerAdapter() {
+    open class UserServiceConfig {
 
         companion object {
             val REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
@@ -113,7 +113,8 @@ class RedirectionEndpointDslTests {
             val USER_SERVICE: OAuth2UserService<OAuth2UserRequest, OAuth2User> = DefaultOAuth2UserService()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -133,6 +134,7 @@ class RedirectionEndpointDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/oauth2/login/TokenEndpointDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,7 +26,6 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
@@ -42,6 +41,7 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken
 import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 
@@ -94,7 +94,7 @@ class TokenEndpointDslTests {
     }
 
     @EnableWebSecurity
-    open class TokenConfig : WebSecurityConfigurerAdapter() {
+    open class TokenConfig {
 
         companion object {
             val REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> =
@@ -103,7 +103,8 @@ class TokenEndpointDslTests {
                 DefaultAuthorizationCodeTokenResponseClient()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -117,6 +118,7 @@ class TokenEndpointDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/oauth2/login/UserInfoEndpointDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,7 +27,6 @@ import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.oauth2.client.CommonOAuth2Provider
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
@@ -46,6 +45,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User
 import org.springframework.security.oauth2.core.user.OAuth2User
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 
@@ -102,7 +102,7 @@ class UserInfoEndpointDslTests {
     }
 
     @EnableWebSecurity
-    open class UserServiceConfig : WebSecurityConfigurerAdapter() {
+    open class UserServiceConfig {
 
          companion object {
              val REPOSITORY: AuthorizationRequestRepository<OAuth2AuthorizationRequest> = mockk()
@@ -110,7 +110,8 @@ class UserInfoEndpointDslTests {
              val USER_SERVICE: OAuth2UserService<OAuth2UserRequest, OAuth2User> = mockk()
          }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -127,6 +128,7 @@ class UserInfoEndpointDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/oauth2/resourceserver/JwtDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,7 +32,6 @@ import org.springframework.security.authentication.TestingAuthenticationProvider
 import org.springframework.security.authentication.TestingAuthenticationToken
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.config.annotation.web.invoke
@@ -41,6 +40,7 @@ import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames
 import org.springframework.security.oauth2.jwt.Jwt
 import org.springframework.security.oauth2.jwt.JwtDecoder
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 import org.springframework.web.bind.annotation.GetMapping
@@ -75,8 +75,9 @@ class JwtDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomJwtDecoderConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomJwtDecoderConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2ResourceServer {
                     jwt {
@@ -84,6 +85,7 @@ class JwtDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -93,8 +95,9 @@ class JwtDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomJwkSetUriConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class CustomJwkSetUriConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 oauth2ResourceServer {
                     jwt {
@@ -102,6 +105,7 @@ class JwtDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -127,14 +131,15 @@ class JwtDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomJwtAuthenticationConverterConfig : WebSecurityConfigurerAdapter() {
+    open class CustomJwtAuthenticationConverterConfig {
 
         companion object {
             val CONVERTER: Converter<Jwt, out AbstractAuthenticationToken> = MockConverter()
             val DECODER: JwtDecoder = MockJwtDecoder()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -145,6 +150,7 @@ class JwtDslTests {
                     }
                 }
             }
+            return http.build()
         }
 
         @Bean
@@ -176,13 +182,14 @@ class JwtDslTests {
     }
 
     @EnableWebSecurity
-    open class JwtDecoderAfterJwkSetUriConfig : WebSecurityConfigurerAdapter() {
+    open class JwtDecoderAfterJwkSetUriConfig {
 
         companion object {
             val DECODER: JwtDecoder = MockJwtDecoder()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -194,6 +201,7 @@ class JwtDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -222,13 +230,14 @@ class JwtDslTests {
     }
 
     @EnableWebSecurity
-    open class AuthenticationManagerConfig : WebSecurityConfigurerAdapter() {
+    open class AuthenticationManagerConfig {
 
         companion object {
             val AUTHENTICATION_MANAGER: AuthenticationManager = ProviderManager(TestingAuthenticationProvider())
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -239,6 +248,7 @@ class JwtDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/oauth2/resourceserver/OpaqueTokenDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,7 +32,6 @@ import org.springframework.security.authentication.ProviderManager
 import org.springframework.security.authentication.TestingAuthenticationProvider
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.config.annotation.web.invoke
@@ -44,6 +43,7 @@ import org.springframework.security.oauth2.server.resource.authentication.Bearer
 import org.springframework.security.oauth2.server.resource.introspection.NimbusOpaqueTokenIntrospector
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector
 import org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 import org.springframework.web.bind.annotation.GetMapping
@@ -102,13 +102,14 @@ class OpaqueTokenDslTests {
     }
 
     @EnableWebSecurity
-    open class DefaultOpaqueConfig : WebSecurityConfigurerAdapter() {
+    open class DefaultOpaqueConfig {
 
         companion object {
             val REST: RestOperations = RestTemplate()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -117,6 +118,7 @@ class OpaqueTokenDslTests {
                     opaqueToken { }
                 }
             }
+            return http.build()
         }
 
         @Bean
@@ -145,13 +147,14 @@ class OpaqueTokenDslTests {
     }
 
     @EnableWebSecurity
-    open class CustomIntrospectorConfig : WebSecurityConfigurerAdapter() {
+    open class CustomIntrospectorConfig {
 
         companion object {
             val INTROSPECTOR: OpaqueTokenIntrospector = SpringOpaqueTokenIntrospector("uri", "clientId", "clientSecret")
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -162,6 +165,7 @@ class OpaqueTokenDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -181,13 +185,14 @@ class OpaqueTokenDslTests {
     }
 
     @EnableWebSecurity
-    open class IntrospectorAfterClientCredentialsConfig : WebSecurityConfigurerAdapter() {
+    open class IntrospectorAfterClientCredentialsConfig {
 
         companion object {
             val INTROSPECTOR: OpaqueTokenIntrospector = SpringOpaqueTokenIntrospector("uri", "clientId", "clientSecret")
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -200,6 +205,7 @@ class OpaqueTokenDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 
@@ -222,13 +228,14 @@ class OpaqueTokenDslTests {
     }
 
     @EnableWebSecurity
-    open class AuthenticationManagerConfig : WebSecurityConfigurerAdapter() {
+    open class AuthenticationManagerConfig {
 
         companion object {
             val AUTHENTICATION_MANAGER: AuthenticationManager = ProviderManager(TestingAuthenticationProvider())
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 authorizeRequests {
                     authorize(anyRequest, authenticated)
@@ -239,6 +246,7 @@ class OpaqueTokenDslTests {
                     }
                 }
             }
+            return http.build()
         }
     }
 

config/src/test/kotlin/org/springframework/security/config/annotation/web/session/SessionConcurrencyDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -27,7 +27,6 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.mock.web.MockHttpSession
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.config.annotation.web.invoke
@@ -38,6 +37,7 @@ import org.springframework.security.core.userdetails.User
 import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get
@@ -76,8 +76,9 @@ class SessionConcurrencyDslTests {
     }
 
     @EnableWebSecurity
-    open class MaximumSessionsConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class MaximumSessionsConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 sessionManagement {
                     sessionConcurrency {
@@ -87,6 +88,7 @@ class SessionConcurrencyDslTests {
                 }
                 formLogin { }
             }
+            return http.build()
         }
     }
 
@@ -105,13 +107,14 @@ class SessionConcurrencyDslTests {
     }
 
     @EnableWebSecurity
-    open class ExpiredUrlConfig : WebSecurityConfigurerAdapter() {
+    open class ExpiredUrlConfig {
 
         companion object {
             val SESSION_REGISTRY: SessionRegistry = SessionRegistryImpl()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 sessionManagement {
                     sessionConcurrency {
@@ -121,6 +124,7 @@ class SessionConcurrencyDslTests {
                     }
                 }
             }
+            return http.build()
         }
 
         @Bean
@@ -142,13 +146,14 @@ class SessionConcurrencyDslTests {
     }
 
     @EnableWebSecurity
-    open class ExpiredSessionStrategyConfig : WebSecurityConfigurerAdapter() {
+    open class ExpiredSessionStrategyConfig {
 
         companion object {
             val SESSION_REGISTRY: SessionRegistry = SessionRegistryImpl()
         }
 
-        override fun configure(http: HttpSecurity) {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 sessionManagement {
                     sessionConcurrency {
@@ -158,6 +163,7 @@ class SessionConcurrencyDslTests {
                     }
                 }
             }
+            return http.build()
         }
 
         @Bean

config/src/test/kotlin/org/springframework/security/config/annotation/web/session/SessionFixationDslTests.kt

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -25,7 +25,6 @@ import org.springframework.context.annotation.Configuration
 import org.springframework.mock.web.MockHttpSession
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
 import org.springframework.security.core.userdetails.User
 import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.config.annotation.web.invoke
@@ -33,6 +32,7 @@ import org.springframework.security.config.test.SpringTestContext
 import org.springframework.security.config.test.SpringTestContextExtension
 import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic
+import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders
 
@@ -69,8 +69,9 @@ class SessionFixationDslTests {
     }
 
     @EnableWebSecurity
-    open class NewSessionConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class NewSessionConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 sessionManagement {
                     sessionFixation {
@@ -79,6 +80,7 @@ class SessionFixationDslTests {
                 }
                 httpBasic { }
             }
+            return http.build()
         }
     }
 
@@ -102,8 +104,9 @@ class SessionFixationDslTests {
     }
 
     @EnableWebSecurity
-    open class MigrateSessionConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class MigrateSessionConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 sessionManagement {
                     sessionFixation {
@@ -112,6 +115,7 @@ class SessionFixationDslTests {
                 }
                 httpBasic { }
             }
+            return http.build()
         }
     }
 
@@ -135,8 +139,9 @@ class SessionFixationDslTests {
     }
 
     @EnableWebSecurity
-    open class ChangeSessionIdConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class ChangeSessionIdConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 sessionManagement {
                     sessionFixation {
@@ -145,6 +150,7 @@ class SessionFixationDslTests {
                 }
                 httpBasic { }
             }
+            return http.build()
         }
     }
 
@@ -168,8 +174,9 @@ class SessionFixationDslTests {
     }
 
     @EnableWebSecurity
-    open class NoneConfig : WebSecurityConfigurerAdapter() {
-        override fun configure(http: HttpSecurity) {
+    open class NoneConfig {
+        @Bean
+        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http {
                 sessionManagement {
                     sessionFixation {
@@ -178,6 +185,7 @@ class SessionFixationDslTests {
                 }
                 httpBasic { }
             }
+            return http.build()
         }
     }