Spring Security Configure WebSecurity without WebSecurityConfigurerAdapter

Expected Behavior

We should be able to configure WebSecurity without needing WebSecurityConfigurerAdapter.

The approach is to create a customizer for WebSecurity and expose that as a bean.

Current Behavior

The WebSecurityConfigurerAdapter has the ability to customize WebSecurity. Here is an example:

@Configuration
static class WebConfigurer extends WebSecurityConfigurerAdapter {
    @Override
    public void configure(WebSecurity web) {
        web
            .ignoring()
                .antMatchers("/ignore1", "/ignore2");
    }
}

Related: gh-8804

Comment From: eleftherias

WebSecurity can now be configured by exposing a WebSecurityCustomizer bean.

@Bean
public WebSecurityCustomizer webSecurityCustomizer() {
    return (web) -> web.ignoring().antMatchers("/ignore1", "/ignore2");
}