Spring Security Usage of deprecated function in JWT documentation

Describe the bug The Spring Security 6.1.1 documentation contains functions which are marked as deprecated by the RedHat VSCode extension.

Here is the warning that I am getting:

The method jwt() from the type OAuth2ResourceServerConfigurer<HttpSecurity> has been deprecated since version 6.1 and marked for removalJava(67110275)

Here is the documentation:

• see: https://docs.spring.io/spring-security/reference/servlet/oauth2/resource-server/jwt.html#:~:text=Exception%20%7B%0A%20%20%20%20http%0A%20%20%20%20%20%20%20%20.-,authorizeHttpRequests,-(authorize%20%2D%3E%20authorize%0A%20%20%20%20%20%20%20%20%20%20%20%20.anyRequest

• see: https://github.com/spring-projects/spring-security/blob/6.1.1/docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc?plain=1#L176

To Reproduce 1. Install VSCode 2. Install this official extension that warns you about deprecated functions: "redhat.java" 3. Write this code snippet into your project:

 // ... lines removed for brevity

@RequiredArgsConstructor
@Configuration
@EnableWebSecurity
public class SecurityConfig {

 // ... lines removed for brevity

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http, AuthenticationConfiguration authenticationConfiguration) throws Exception {

        http.authorizeHttpRequests(authorize -> authorize.anyRequest());
        http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt); // <---- warning shows up here

       // ... lines removed for brevity

        return http.build();
    }
}

Expected behavior I expected the documentation not to contain deprecated code snippets.

Comment From: jzheaux

Good catch, @sueszli! Can you provide a PR to the 6.1.x branch that updates the documentation? Instead it should say:

.oauth2ResourceServer((oauth2) -> oauth2.jwt(Customizer.withDefaults()))

Comment From: sueszli

Will do immediately!

Comment From: sueszli

@jzheaux thank you for allowing me to contribute to this project!

Comment From: demarcomsevthr

If I want to set also a converter and I write:

http.oauth2ResourceServer(cfg -> cfg.jwt(Customizer.withDefaults()).jwtAuthenticationConverter(myJwtTokenConverter));

I got this error: The method jwtAuthenticationConverter(KeycloakJwtTokenConverter) is undefined for the type OAuth2ResourceServerConfigurer

How can I fix it?

Comment From: Mitko101513

@demarcomsevthr

Here is an example, hope it helps. .oauth2ResourceServer((oauth2) -> oauth2.jwt(jwtConfigurer -> jwtConfigurer.jwtAuthenticationConverter(jwtAuthConverter)))