Spring Boot 2.1 - @WebMvcTest without Spring Security Auto-Configuration

Yes, rather than working around the fact the flag is deprecated, you should embrace the fact that this is going in that direction going forward.

As of Spring Boot 2.1, if you have Spring Security, your tests will be secured using your custom configuration. What is the actual problem with that?

If you don't want to authenticate for certain tests, just use Spring Security's test infrastructure and add @WithMockUser.