diff --git a/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityConfiguration.java b/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityConfiguration.java
index 51fe694ee6d..003ea64de15 100644
--- a/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityConfiguration.java
+++ b/spring-bootstrap-actuator/src/main/java/org/springframework/bootstrap/actuate/autoconfigure/SecurityConfiguration.java
@@ -30,9 +30,8 @@ import org.springframework.security.authentication.DefaultAuthenticationEventPub
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.config.annotation.authentication.AuthenticationBuilder;
 import org.springframework.security.config.annotation.web.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.ExpressionUrlAuthorizations;
 import org.springframework.security.config.annotation.web.HttpConfigurator;
-import org.springframework.security.config.annotation.web.SpringSecurityFilterChainBuilder.IgnoredRequestRegistry;
+import org.springframework.security.config.annotation.web.WebSecurityConfiguration;
 import org.springframework.security.config.annotation.web.WebSecurityConfigurerAdapter;
 
 /**
@@ -70,24 +69,18 @@ public class SecurityConfiguration {
 		@Autowired
 		private AuthenticationEventPublisher authenticationEventPublisher;
 
-		@Override
-		protected void ignoredRequests(IgnoredRequestRegistry ignoredRequests) {
-			ignoredRequests.antMatchers(this.healthzPath);
-			ignoredRequests.antMatchers(this.infoPath);
-		}
-
-		@Override
-		protected void authorizeUrls(ExpressionUrlAuthorizations interceptUrls) {
-			interceptUrls.antMatchers("/**").hasRole("USER");
-		}
-
 		@Override
 		protected void configure(HttpConfigurator http) throws Exception {
 			http.antMatcher("/**").httpBasic().and().anonymous().disable();
 			if (this.security.isRequireSsl()) {
 				http.requiresChannel().antMatchers("/**").requiresSecure();
 			}
+			http.authorizeUrls().antMatchers("/**").hasRole("USER");
+		}
 
+		@Override
+		public void configure(WebSecurityConfiguration builder) throws Exception {
+			builder.ignoring().antMatchers(this.healthzPath, this.infoPath);
 		}
 
 		@Override