Class and Description |
---|
org.springframework.security.ldap.server.ApacheDSContainer
Use
UnboundIdContainer instead because ApacheDS 1.x is no longer
supported with no GA version to replace it. |
org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
Use
AuthenticationPrincipalArgumentResolver instead. |
org.springframework.security.crypto.codec.Base64
Use java.util.Base64
|
org.springframework.security.crypto.password.LdapShaPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.crypto.password.Md4PasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.crypto.password.MessageDigestPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient |
org.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport
Use
NimbusJwtDecoder or JwtDecoders instead |
org.springframework.security.crypto.password.NoOpPasswordEncoder
This PasswordEncoder is not secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. |
org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
use
ServerFormLoginAuthenticationConverter
instead. |
org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
Use
ServerHttpBasicAuthenticationConverter
instead. |
org.springframework.security.crypto.password.StandardPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
This is applied internally using SpringWebMvcImportSelector
|
Annotation Type and Description |
---|
org.springframework.security.web.bind.annotation.AuthenticationPrincipal
Use
AuthenticationPrincipal instead. |
org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity
Use EnableWebSecurity instead which will automatically add the Spring MVC
related Security items.
|
org.springframework.security.access.method.P
use @{code org.springframework.security.core.parameters.P}
|
Constructor and Description |
---|
org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String) |