Remove OAuth2AuthorizationServerConfiguration.applyDefaultSecurity()

jgrandja · jgrandja · commit 108e64616a41 · 2025-07-17T07:39:24.000-04:00
Closes gh-2101
diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -31,7 +31,6 @@
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.Order;
 import org.springframework.security.config.Customizer;
-import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
@@ -65,28 +64,6 @@ public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity h
 		return http.build();
 	}
 
-	/**
-	 * @param http the {@link HttpSecurity}
-	 * @throws Exception if {@link OAuth2AuthorizationServerConfigurer} could not be
-	 * applied
-	 * @deprecated For removal in 2.0. Use
-	 * {@link HttpSecurity#with(SecurityConfigurerAdapter, Customizer)} and pass in
-	 * {@link OAuth2AuthorizationServerConfigurer#authorizationServer()}.
-	 */
-	@Deprecated(since = "1.4", forRemoval = true)
-	public static void applyDefaultSecurity(HttpSecurity http) throws Exception {
-		// @formatter:off
-		OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
-				OAuth2AuthorizationServerConfigurer.authorizationServer();
-		http
-			.securityMatcher(authorizationServerConfigurer.getEndpointsMatcher())
-			.with(authorizationServerConfigurer, Customizer.withDefaults())
-			.authorizeHttpRequests((authorize) ->
-				authorize.anyRequest().authenticated()
-			);
-		// @formatter:on
-	}
-
 	public static JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
 		Set<JWSAlgorithm> jwsAlgs = new HashSet<>();
 		jwsAlgs.addAll(JWSAlgorithm.Family.RSA);
