Overview  Package  Class  Tree   Deprecated  Index  Help 
 PREV   NEXT FRAMES    NO FRAMES    

Deprecated API

Contents
Deprecated Interfaces
org.springframework.security.core.authority.MutableGrantedAuthoritiesContainer
           
org.springframework.security.authentication.encoding.PasswordEncoder
          It is recommended to use PasswordEncoder instead which better accommodates best practice of randomly generated salt that is included with the password. 
org.springframework.security.core.session.SessionIdentifierAware
          Legacy of former concurrency control implementation. Will be removed in a future version. 
org.springframework.security.web.access.expression.WebSecurityExpressionHandler
           
 

Deprecated Classes
org.springframework.security.authentication.AuthenticationDetails
           
org.springframework.security.authentication.AuthenticationDetailsSourceImpl
          Write an implementation of AuthenticationDetailsSource which returns the desired type directly. 
org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy
          Use ConcurrentSessionControlAuthenticationStrategy instead 
org.springframework.security.access.ConfigAttributeEditor
            
org.springframework.security.core.authority.GrantedAuthoritiesContainerImpl
           
org.springframework.security.core.authority.GrantedAuthorityImpl
          Use the final class SimpleGrantedAuthority or implement your own. 
org.springframework.security.core.userdetails.memory.InMemoryDaoImpl
          Use InMemoryUserDetailsManager instead (or write your own implementation) 
org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesAuthenticationDetails
           
org.springframework.security.access.hierarchicalroles.UserDetailsServiceWrapper
          use a RoleHierarchyVoter or use a RoleHierarchyAuthoritiesMapper to populate the Authentication object with the additional authorities. 
org.springframework.security.access.hierarchicalroles.UserDetailsWrapper
          use a RoleHierarchyVoter or RoleHierarchyAuthoritiesMapper instead. 
org.springframework.security.core.userdetails.memory.UserMap
          Use a plain map instead 
org.springframework.security.core.userdetails.memory.UserMapEditor
           
org.springframework.security.web.authentication.preauth.websphere.WebSphere2SpringSecurityPropagationInterceptor
           
org.springframework.security.web.authentication.preauth.websphere.WebSpherePreAuthenticatedAuthenticationDetailsSource
           
 

Deprecated Fields
org.springframework.security.config.Elements.FILTER_INVOCATION_DEFINITION_SOURCE
           
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.SPRING_SECURITY_LAST_EXCEPTION_KEY
          Use the value in WebAttributes directly. 
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY
          If you want to retain the username, cache it in a customized AuthenticationFailureHandler 
 

Deprecated Methods
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.applyAnonymousForThisRequest(HttpServletRequest)
          no obvious use case and can easily be achieved by other means 
org.springframework.security.core.AuthenticationException.clearExtraInformation()
           
org.springframework.security.access.SecurityConfig.createSingleAttributeList(String)
          Use createList instead 
org.springframework.security.core.AuthenticationException.getAuthentication()
          to avoid potential leaking of sensitive information (e.g. through serialization/remoting). 
org.springframework.security.cas.web.CasAuthenticationEntryPoint.getEncodeServiceUrlWithSessionId()
          since 3.0.0 because CAS is currently on 3.3.5. 
org.springframework.security.core.AuthenticationException.getExtraInformation()
          Use the exception message or use a custom exception if you really need additional information. 
org.springframework.security.web.FilterChainProxy.getFilterChainMap()
          use the list of SecurityFilterChains instead 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.getFilterProcessesUrl()
           
org.springframework.security.web.authentication.logout.LogoutFilter.getFilterProcessesUrl()
           
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.requiresAuthentication(HttpServletRequest, HttpServletResponse)
          use AbstractAuthenticationProcessingFilter.setRequiresAuthenticationRequestMatcher(RequestMatcher) instead 
org.springframework.security.core.AuthenticationException.setAuthentication(Authentication)
           
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.setAuthenticationEntryPoint(AuthenticationEntryPoint)
          Use constructor injection 
org.springframework.security.web.access.ExceptionTranslationFilter.setAuthenticationEntryPoint(AuthenticationEntryPoint)
          Use constructor 
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.setAuthenticationManager(AuthenticationManager)
          Use constructor injection 
org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.setAuthenticationManager(AuthenticationManager)
          Use constructor injection 
org.springframework.security.authentication.ProviderManager.setClearExtraInformation(boolean)
          the extraInformation property is deprecated 
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.setConvertToUpperCase(boolean)
          Convert case in the AuthenticationProvider using a GrantedAuthoritiesMapper. 
org.springframework.security.access.vote.AbstractAccessDecisionManager.setDecisionVoters(List)
          Use constructor 
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.setDefaultRole(String)
          Assign a default role in the AuthenticationProvider using a GrantedAuthoritiesMapper. 
org.springframework.security.cas.web.CasAuthenticationEntryPoint.setEncodeServiceUrlWithSessionId(boolean)
          since 3.0.0 because CAS is currently on 3.3.5. 
org.springframework.security.web.session.ConcurrentSessionFilter.setExpiredUrl(String)
          use constructor injection instead 
org.springframework.security.web.FilterChainProxy.setFilterChainMap(Map>)
          Use the constructor which takes a List<SecurityFilterChain> instead. 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.setFilterProcessesUrl(String)
          use AbstractAuthenticationProcessingFilter.setRequiresAuthenticationRequestMatcher(RequestMatcher) instead 
org.springframework.security.web.authentication.logout.LogoutFilter.setFilterProcessesUrl(String)
           
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.setIgnoreFailure(boolean)
          Use the constructor which takes a single AuthenticationManager parameter 
org.springframework.security.authentication.AnonymousAuthenticationProvider.setKey(String)
          Use constructor injection 
org.springframework.security.authentication.RememberMeAuthenticationProvider.setKey(String)
          Use constructor injection 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.setKey(String)
          use constructor injection instead 
org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.setKey(String)
          Use constructor injection 
org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.setLoginFormUrl(String)
          use constructor injection 
org.springframework.security.authentication.ProviderManager.setParent(AuthenticationManager)
          Use constructor injection 
org.springframework.security.authentication.ProviderManager.setProviders(List)
          Use constructor injection 
org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.setRememberMeServices(RememberMeServices)
          Use constructor injection 
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.setRequestCache(RequestCache)
          Use constructor injection 
org.springframework.security.web.access.ExceptionTranslationFilter.setRequestCache(RequestCache)
          Use constructor 
org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy.setRetainedAttributes(List)
          Override the extractAttributes method instead 
org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.setRolePrefix(String)
          Map the authorities in the AuthenticationProvider using a GrantedAuthoritiesMapper. 
org.springframework.security.web.context.SecurityContextPersistenceFilter.setSecurityContextRepository(SecurityContextRepository)
          Use constructor injection 
org.springframework.security.web.session.SessionManagementFilter.setSessionAuthenticationStrategy(SessionAuthenticationStrategy)
          Use constructor injection 
org.springframework.security.web.session.ConcurrentSessionFilter.setSessionRegistry(SessionRegistry)
          use constructor injection instead 
org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices.setTokenRepository(PersistentTokenRepository)
          Use constructor injection 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.setUserAttribute(UserAttribute)
          use constructor injection instead 
org.springframework.security.cas.authentication.CasAuthenticationProvider.setUserDetailsService(UserDetailsService)
           
org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.setUserDetailsService(UserDetailsService)
          Use constructor injection 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse, Authentication)
          since 3.1. Use AbstractAuthenticationProcessingFilter.successfulAuthentication(HttpServletRequest, HttpServletResponse, FilterChain, Authentication) instead. 
 

Deprecated Constructors
org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices()
          Use constructor injection 
org.springframework.security.authentication.AccountExpiredException(String, Object)
           
org.springframework.security.authentication.AccountStatusException(String, Object)
           
org.springframework.security.acls.domain.AclImpl(ObjectIdentity, Serializable, AclAuthorizationStrategy, AuditLogger, Acl, List, boolean, Sid)
          Use the version which takes a PermissionGrantingStrategy argument instead. 
org.springframework.security.access.vote.AffirmativeBased()
          Use constructor which takes voter list 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter()
          Use constructor injection version 
org.springframework.security.authentication.AnonymousAuthenticationProvider()
          Use constructor injection 
org.springframework.security.core.AuthenticationException(String, Object)
          Use the exception message or use a custom exception if you really need additional information. 
org.springframework.security.authentication.BadCredentialsException(String, Object)
           
org.springframework.security.web.authentication.www.BasicAuthenticationFilter()
          Use constructor injection 
org.springframework.security.acls.jdbc.BasicLookupStrategy(DataSource, AclCache, AclAuthorizationStrategy, AuditLogger)
          Use the version which takes a PermissionGrantingStrategy argument instead. 
org.springframework.security.web.session.ConcurrentSessionFilter()
          Use constructor which injects the SessionRegistry. 
org.springframework.security.access.vote.ConsensusBased()
          Use constructor which takes voter list 
org.springframework.security.authentication.CredentialsExpiredException(String, Object)
           
org.springframework.security.authentication.DisabledException(String, Object)
           
org.springframework.security.acls.domain.EhCacheBasedAclCache(Ehcache)
          use the second constructor which injects the strategy objects. See SEC-1498. 
org.springframework.security.web.access.ExceptionTranslationFilter()
          Use constructor injection 
org.springframework.security.authentication.LockedException(String, Object)
           
org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint()
          Use constructor injection 
org.springframework.security.openid.OpenID4JavaConsumer(ConsumerManager, List)
           
org.springframework.security.openid.OpenID4JavaConsumer(List)
          use the AxFetchListFactory version instead. 
org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices()
          Use constructor injection 
org.springframework.security.authentication.ProviderManager()
          Use constructor which takes provider list 
org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter()
          Use constructor injection 
org.springframework.security.authentication.RememberMeAuthenticationProvider()
          Use constructor injection 
org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices()
          Use with-args constructor 
org.springframework.security.access.vote.UnanimousBased()
          Use constructor which takes voter list 
org.springframework.security.core.userdetails.UsernameNotFoundException(String, Object)
           
 

Overview  Package  Class  Tree   Deprecated  Index  Help 
 PREV   NEXT FRAMES    NO FRAMES