Deprecated API

Contents

• Deprecated Interfaces
• Deprecated Classes
• Deprecated Annotation Types
• Deprecated Methods
• Deprecated Constructors

Deprecated Interfaces

Interface and Description
org.springframework.security.authentication.encoding.PasswordEncoder It is recommended to use PasswordEncoder instead which better accommodates best practice of randomly generated salt that is included with the password.

Deprecated Classes

Class and Description
org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver Use AuthenticationPrincipalArgumentResolver instead.
org.springframework.security.web.firewall.DefaultHttpFirewall Use StrictHttpFirewall instead
org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration This is applied internally using SpringWebMvcImportSelector

Deprecated Annotation Types

Annotation Type and Description
org.springframework.security.web.bind.annotation.AuthenticationPrincipal Use AuthenticationPrincipal instead.
org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.

Deprecated Methods

Method and Description
org.springframework.security.web.session.ConcurrentSessionFilter.determineExpiredUrl(HttpServletRequest, SessionInformation) Use ConcurrentSessionFilter.ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) instead.
org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.passwordEncoder(PasswordEncoder) Use LdapAuthenticationProviderConfigurer.passwordEncoder(org.springframework.security.crypto.password.PasswordEncoder) instead
org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer.setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>)
org.springframework.security.web.session.ConcurrentSessionFilter.setRedirectStrategy(RedirectStrategy) use ConcurrentSessionFilter.ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) instead.

Deprecated Constructors

Constructor and Description
org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String) use ConcurrentSessionFilter.ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy) with SimpleRedirectSessionInformationExpiredStrategy instead.