Spring Security Uses deprecated method

In https://github.com/spring-projects/spring-security/blob/5.4.x/samples/boot/helloworld/src/main/java/org/springframework/security/samples/config/SecurityConfig.java#L50

Says:

        @Bean
    public UserDetailsService userDetailsService() {
        UserDetails userDetails = User.withDefaultPasswordEncoder()
                .username("user")
                .password("password")
                .roles("USER")
                .build();
        return new InMemoryUserDetailsManager(userDetails);
    }

But Intelij IDE says:

'withDefaultPasswordEncoder()' is deprecated.

Same issue on http.authorizeRequests

Comment From: brunodmartins

The Javadoc says that this method could be used on Demos and non-productive scenarios. Could we keep using it on Tests, or should we remove it do not encode the password at all?

Comment From: sjohnr

Thanks for getting in touch @yhojann-cl, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.

Having said that, please see deprecation message on that method in the api documentation, which says:

Using this method is not considered safe for production, but is acceptable for demos and getting started. For production purposes, ensure the password is encoded externally. See the method Javadoc for additional details. There are no plans to remove this support. It is deprecated to indicate that this is considered insecure for production purposes.