Interface and Description |
---|
org.springframework.security.authentication.encoding.PasswordEncoder
It is recommended to use
PasswordEncoder instead which
better accommodates best practice of randomly generated salt that is included with the
password. |
Class and Description |
---|
org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
Use
AuthenticationPrincipalArgumentResolver instead. |
org.springframework.security.authentication.encoding.BaseDigestPasswordEncoder
This is deprecated and marked for deletion. Replace with an implementation
of
PasswordEncoder |
org.springframework.security.authentication.encoding.BasePasswordEncoder
This is deprecated and marked for deletion. Replace with an implementation
of
PasswordEncoder |
org.springframework.security.authentication.encoding.LdapShaPasswordEncoder
@deprecated This is deprecated and marked for deletion. Replace with
of
LdapShaPasswordEncoder |
org.springframework.security.crypto.password.LdapShaPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.authentication.encoding.Md4PasswordEncoder
This is deprecated and marked for deletion. Replace with an implementation
of
Md4PasswordEncoder |
org.springframework.security.crypto.password.Md4PasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.authentication.encoding.Md5PasswordEncoder
This is deprecated and marked for deletion. Replace with an implementation
of
MessageDigestPasswordEncoder
with an algorithm of "MD5" |
org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder
This is deprecated and marked for deletion. Replace with an implementation
of
MessageDigestPasswordEncoder |
org.springframework.security.crypto.password.MessageDigestPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.crypto.password.NoOpPasswordEncoder
This PasswordEncoder is not secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate that
this is a legacy implementation and using it is considered insecure. |
org.springframework.security.authentication.encoding.PlaintextPasswordEncoder
This class will be removed in Spring Security 5. For passivity switch to
NoOpPasswordEncoder . |
org.springframework.security.authentication.encoding.ShaPasswordEncoder
This is deprecated and marked for deletion. Replace with an implementation
of
MessageDigestPasswordEncoder
with an algorithm "SHA-$strength" (i.e. "SHA-1" or "SHA-256"). |
org.springframework.security.crypto.password.StandardPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
This is applied internally using SpringWebMvcImportSelector
|
Annotation Type and Description |
---|
org.springframework.security.web.bind.annotation.AuthenticationPrincipal
Use
AuthenticationPrincipal instead. |
org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity
Use EnableWebSecurity instead which will automatically add the Spring MVC
related Security items.
|
Constructor and Description |
---|
org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String) |