| Class and Description |
|---|
| org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
Use
AuthenticationPrincipalArgumentResolver instead. |
| org.springframework.security.crypto.codec.Base64
Use java.util.Base64
|
| org.springframework.security.crypto.password.LdapShaPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
| org.springframework.security.crypto.password.Md4PasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
| org.springframework.security.crypto.password.MessageDigestPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
| org.springframework.security.crypto.password.NoOpPasswordEncoder
This PasswordEncoder is not secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. |
| org.springframework.security.crypto.password.StandardPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
| org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
This is applied internally using SpringWebMvcImportSelector
|
| Annotation Type and Description |
|---|
| org.springframework.security.web.bind.annotation.AuthenticationPrincipal
Use
AuthenticationPrincipal instead. |
| org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity
Use EnableWebSecurity instead which will automatically add the Spring MVC
related Security items.
|
| org.springframework.security.access.method.P
use @{code org.springframework.security.core.parameters.P}
|
| Method and Description |
|---|
| org.springframework.security.web.session.ConcurrentSessionFilter.determineExpiredUrl(HttpServletRequest, SessionInformation) |
| org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer.setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>) |
| org.springframework.security.web.session.ConcurrentSessionFilter.setRedirectStrategy(RedirectStrategy) |
| org.springframework.security.core.userdetails.User.withDefaultPasswordEncoder()
Using this method is not considered safe for production, but is
acceptable for demos and getting started. For production purposes, ensure the
password is encoded externally. See the method Javadoc for additional details.
There are no plans to remove this support. It is deprecated to indicate
that this is considered insecure for production purposes.
|
| Constructor and Description |
|---|
| org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String) |