Remove EnableWebMvcSecurity

config/src/main/java/org/springframework/security/config/annotation/authentication/configuration/EnableGlobalAuthentication.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,7 +26,6 @@
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 
 /**
  * The {@link EnableGlobalAuthentication} annotation signals that the annotated class can
@@ -87,14 +86,12 @@
  *
  * <ul>
  * <li>{@link EnableWebSecurity}</li>
- * <li>{@link EnableWebMvcSecurity}</li>
  * <li>{@link EnableGlobalMethodSecurity}</li>
  * </ul>
  *
  * Configuring {@link AuthenticationManagerBuilder} in a class without the
  * {@link EnableGlobalAuthentication} annotation has unpredictable results.
  *
- * @see EnableWebMvcSecurity
  * @see EnableWebSecurity
  * @see EnableGlobalMethodSecurity
  * @author Rob Winch

config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,7 +48,6 @@
 import org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity;
 import org.springframework.security.config.test.SpringTestContext;
 import org.springframework.security.config.test.SpringTestContextExtension;
 import org.springframework.security.config.users.AuthenticationTestConfiguration;
@@ -110,17 +109,6 @@ public void orderingAutowiredOnEnableWebSecurity() {
 		this.service.run();
 	}
 
-	@Test
-	public void orderingAutowiredOnEnableWebMvcSecurity() {
-		this.spring
-			.register(AuthenticationTestConfiguration.class, WebMvcSecurityConfig.class,
-					GlobalMethodSecurityAutowiredConfig.class, ServicesConfig.class)
-			.autowire();
-		SecurityContextHolder.getContext()
-			.setAuthentication(new TestingAuthenticationToken("user", "password", "ROLE_USER"));
-		this.service.run();
-	}
-
 	@Test
 	public void getAuthenticationManagerWhenNoAuthenticationThenNull() throws Exception {
 		this.spring.register(AuthenticationConfiguration.class, ObjectPostProcessorConfiguration.class).autowire();
@@ -358,12 +346,6 @@ static class WebSecurityConfig {
 
 	}
 
-	@Configuration
-	@EnableWebMvcSecurity
-	static class WebMvcSecurityConfig {
-
-	}
-
 	@Configuration
 	static class NoOpGlobalAuthenticationConfigurerAdapter extends GlobalAuthenticationConfigurerAdapter {
 

docs/modules/ROOT/pages/servlet/integrations/mvc.adoc

@@ -4,14 +4,8 @@
 Spring Security provides a number of optional integrations with Spring MVC.
 This section covers the integration in further detail.
 
-[[mvc-enablewebmvcsecurity]]
-== @EnableWebMvcSecurity
-
-[NOTE]
-====
-As of Spring Security 4.0, `@EnableWebMvcSecurity` is deprecated.
-The replacement is `@EnableWebSecurity`, which adds the Spring MVC features, based upon the classpath.
-====
+[[mvc-enablewebsecurity]]
+== @EnableWebSecurity
 
 To enable Spring Security integration with Spring MVC, add the `@EnableWebSecurity` annotation to your configuration.