How to Fix OAuth2AuthorizationServerConfiguration's applyDefaultSecurity() Method Deprecated

In this short post, I’d like to show you how to fix the warning message about deprecation of the applyDefaultSecurity() method in the OAuth2AuthorizationServerConfiguration class.

You know, when writing code to secure REST APIs with Spring Security, it’s common to enable Spring authorization server by declaring a SecurityFilterChain bean in a configuration class as follows:

@Configuration
public class AuthorizationServerConfig {
	
	@Bean
	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
		
		OAuth2AuthorizationServerConfiguration.applyDefaultSecurity(http);
		

		return http.build();
	}
	
}

However, since Spring authorization server library version 1.4, you get a deprecation warning like this:

The method applyDefaultSecurity(HttpSecurity) from the type OAuth2AuthorizationServerConfiguration has been deprecated since version 1.4 and marked for removal.

So how to update the code to get rid of this warning message and make it compatible with the new change? The solution is quite simple, as shown below:

@Configuration
public class AuthorizationServerConfig {
	
	@Bean
	public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http) throws Exception {
		
		http.with(OAuth2AuthorizationServerConfigurer.authorizationServer(), Customizer.withDefaults());		

		return http.build();
	}
	
}

For your reference, below are the import statements for the OAuth2AuthorizationServerConfigurer class and Customizer interface:

import org.springframework.security.config.Customizer;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;

You see? That’s the solution I used to fix the warning saying that the applyDefaultSecurity() method in the OAuth2AuthorizationServerConfiguration class is deprecated. It’s recommended to make such change because that deprecated method will be removed in newer version of Spring authorization server library. I hope you find this post helpful.

Related posts:

• How to Fix WebSecurityConfigurerAdapter Deprecated
• How to Fix Deprecated Methods in Spring Security

Spring Tutorials:

• Spring Framework Tutorials
• Spring Boot Tutorials
• Spring Security Tutorials

About the Author:

Nam Ha Minh is certified Java programmer (SCJP and SCWCD). He began programming with Java back in the days of Java 1.4 and has been passionate about it ever since. You can connect with him on Facebook and watch his Java videos on YouTube.