From 69a6cd54dbaf290f55cd6393621f125d1ef25919 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Ra=C4=8Dansk=C3=BD?= <lubos.racansky@gmail.com>
Date: Mon, 27 Nov 2023 13:07:07 +0100
Subject: [PATCH] Fix #465: Update Spring Security configuration in the
 documentation (#466)

* Fix #465: Update Spring Security configuration in the documentation
---
 docs/RESTful-API-for-Spring.md | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/docs/RESTful-API-for-Spring.md b/docs/RESTful-API-for-Spring.md
index 81ff89e9..99c67405 100644
--- a/docs/RESTful-API-for-Spring.md
+++ b/docs/RESTful-API-for-Spring.md
@@ -194,7 +194,7 @@ public class ApplicationConfiguration implements PowerAuthApplicationConfigurati
 
 _(optional)_
 
-Create a security configuration class `SecurityConfig` extending `WebSecurityConfigurerAdapter`. The configuration we will use:
+Create a security configuration class `SecurityConfig` configuring a bean `SecurityFilterChain`. The configuration we will use:
 
 - disable default Basic HTTP authentication
 - disables CSRF (we don't need it for REST)
@@ -205,17 +205,18 @@ Create a security configuration class `SecurityConfig` extending `WebSecurityCon
 ```java
 @Configuration
 @EnableWebSecurity
-public class SecurityConfig extends WebSecurityConfigurerAdapter {
+public class SecurityConfig {
 
-    @Autowired
-    private PowerAuthApiAuthenticationEntryPoint apiAuthenticationEntryPoint;
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.authorizeRequests().antMatchers("/secured/**").fullyAuthenticated();
-        http.httpBasic().disable();
-        http.csrf().disable();
-        http.exceptionHandling().authenticationEntryPoint(apiAuthenticationEntryPoint);
+    @Bean
+    public SecurityFilterChain filterChain(final HttpSecurity http, final PowerAuthApiAuthenticationEntryPoint apiAuthenticationEntryPoint) throws Exception {
+        return http
+                .authorizeHttpRequests(authorize -> authorize
+                        .requestMatchers("/secured/**").fullyAuthenticated())
+                .exceptionHandling(exceptionHandling ->
+                        exceptionHandling.authenticationEntryPoint(apiAuthenticationEntryPoint))
+                .httpBasic(AbstractHttpConfigurer::disable)
+                .csrf(AbstractHttpConfigurer::disable)
+                .build();
     }
 
 }