org.openrewrite.java.security.spring.CsrfProtection generates deprecated WebSecurityConfigurerAdapter

[philippe-granet]

trafficstars

When using org.openrewrite.java.security:OwaspTopTen recipe, it call org.openrewrite.java.security.spring.CsrfProtection recipe that use deprecated WebSecurityConfigurerAdapter Spring class. When -Werror is activated on Java compiler, it break build.

[WARNING] /builds/src/main/java/.../SecurityConfig.java:[9,30] org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter in org.springframework.security.config.annotation.web.configuration has been deprecated
...
[ERROR] COMPILATION ERROR : 
[ERROR] /builds/src/main/java/.../SecurityConfig.java: warnings found and -Werror specified

Documentation for migration: https://spring.io/blog/2022/02/21/spring-security-without-the-websecurityconfigureradapter/

In Spring Security 5.7.0-M2 we deprecated the WebSecurityConfigurerAdapter, as we encourage users to move towards a component-based security configuration.