The WebSecurityConfigurerAdapter is deprecated in the last versions of Spring-Security 5.x used in Spring-Boot 2.7.x. As of Spring-Security 6.x and Spring-Boot 3.x the WebSecurityConfigurerAdapter is removed.

Migration guide for the Removed WebSecurityConfigurerAdapter

The migration guide splits migration in 5 cases (parts are completed in WebSecurityConfigurerAdapter recipe in rewrite-spring project:

• HttpSecurity (done)
• WebSecurity (done)
• Authentication
  • In-Memory (done)
  • LDAP
  • JDBC

Remaining cases are LDAP and JDBC authentication which seem challenging as methods bodies requires significant changes even going outside the scope of one method. Looks like only some migration cases are possible to cover with rewrite. It is challenging to write code that would reliably determine conditions when it is possible to perform automated migration.