| Class and Description |
|---|
| org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
Use
AuthenticationPrincipalArgumentResolver instead. |
| org.springframework.security.crypto.codec.Base64
Use java.util.Base64
|
| org.springframework.security.crypto.password.LdapShaPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way funciton like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. |
| org.springframework.security.crypto.password.Md4PasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way funciton like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. |
| org.springframework.security.crypto.password.MessageDigestPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way funciton like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. |
| org.springframework.security.crypto.password.NoOpPasswordEncoder
This PasswordEncoder is not secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. |
| org.springframework.security.crypto.password.StandardPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way funciton like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. |
| org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
This is applied internally using SpringWebMvcImportSelector
|
| Annotation Type and Description |
|---|
| org.springframework.security.web.bind.annotation.AuthenticationPrincipal
Use
AuthenticationPrincipal instead. |
| org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity
Use EnableWebSecurity instead which will automatically add the Spring MVC
related Security items.
|
| org.springframework.security.access.method.P
use @{code org.springframework.security.core.parameters.P}
|
| Method and Description |
|---|
| org.springframework.security.web.session.ConcurrentSessionFilter.determineExpiredUrl(HttpServletRequest, SessionInformation) |
| org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer.setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>) |
| org.springframework.security.web.session.ConcurrentSessionFilter.setRedirectStrategy(RedirectStrategy) |
| org.springframework.security.core.userdetails.User.withDefaultPasswordEncoder()
Using this method is not considered safe for production, but is
acceptable for demos and getting started. For production purposes, ensure the
password is encoded externally. See the method Javadoc for additional details.
|
| Constructor and Description |
|---|
| org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String) |