WebSecurityConfigurerAdapter is deprecated

registered filterChain bean and added logout/csrf logic

Author: aven

Diff for: logout/README.adoc

@@ -40,13 +40,13 @@ Now we can switch over to the server side to implement that endpoint.
 == Adding a Logout Endpoint
 
 Spring Security has built in support for a `/logout` endpoint which will do the right thing for us (clear the session and invalidate the cookie).
-To configure the endpoint we simply extend the existing `configure()` method in our `WebSecurityConfigurerAdapter`:
+To configure the endpoint we simply extend the existing `filterChain()` method of our bean:
 
 .SocialApplication.java
 [source,java]
 ----
-@Override
-protected void configure(HttpSecurity http) throws Exception {
+@Bean
+public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 	// @formatter:off
     http
         // ... existing code here
@@ -66,13 +66,13 @@ For instance, in Angular, the front end would like the server to send it a cooki
 We can implement the same behaviour with our simple jQuery client, and then the server-side changes will work with other front end implementations with no or very few changes.
 To teach Spring Security about this we need to add a filter that creates the cookie.
 
-In the `WebSecurityConfigurerAdapter` we do the following:
+In the `filterChain` bean we do the following:
 
 .SocialApplication.java
 [source,java]
 ----
-@Override
-protected void configure(HttpSecurity http) throws Exception {
+@Bean
+public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 	// @formatter:off
     http
         // ... existing code here

Diff for: logout/src/main/java/com/example/SocialApplication.java

@@ -22,25 +22,26 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.context.annotation.Bean;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.security.oauth2.core.user.OAuth2User;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
 @SpringBootApplication
 @RestController
-public class SocialApplication extends WebSecurityConfigurerAdapter {
+public class SocialApplication {
 
 	@RequestMapping("/user")
 	public Map<String, Object> user(@AuthenticationPrincipal OAuth2User principal) {
 		return Collections.singletonMap("name", principal.getAttribute("name"));
 	}
 
-	@Override
-	protected void configure(HttpSecurity http) throws Exception {
+	@Bean
+	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
 			.authorizeRequests(a -> a
@@ -57,6 +58,7 @@ protected void configure(HttpSecurity http) throws Exception {
 				.logoutSuccessUrl("/").permitAll()
 			)
 			.oauth2Login();
+		return http.build();
 		// @formatter:on
 	}