-
Interfaces Interface Description org.springframework.security.web.util.matcher.RequestVariablesExtractor
-
Classes Class Description org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration This is applied internally using SpringWebMvcImportSelectororg.springframework.security.crypto.codec.Base64 Use java.util.Base64org.springframework.security.crypto.password.LdapShaPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.Md4PasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.MessageDigestPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.NoOpPasswordEncoder This PasswordEncoder is not secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.StandardPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.ldap.server.ApacheDSContainer UseUnboundIdContainer
instead because ApacheDS 1.x is no longer supported with no GA version to replace it.org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient org.springframework.security.oauth2.client.web.server.UnAuthenticatedServerOAuth2AuthorizedClientRepository org.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport UseNimbusJwtDecoder
orJwtDecoders
insteadorg.springframework.security.rsocket.metadata.BasicAuthenticationDecoder Basic Authentication did not evolve into a standard. Use Simple Authentication instead.org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder Basic Authentication did not evolve into a standard. useSimpleAuthenticationEncoder
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver UseAuthenticationPrincipalArgumentResolver
instead.org.springframework.security.web.server.ServerFormLoginAuthenticationConverter useServerFormLoginAuthenticationConverter
instead.org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter UseServerHttpBasicAuthenticationConverter
instead.
-
Annotation Types Annotation Type Description org.springframework.security.access.method.P use @{code org.springframework.security.core.parameters.P}org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.org.springframework.security.web.bind.annotation.AuthenticationPrincipal UseAuthenticationPrincipal
instead.
-
Fields Field Description org.springframework.security.oauth2.core.AuthorizationGrantType.IMPLICIT org.springframework.security.rsocket.metadata.BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())org.springframework.security.rsocket.metadata.UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
-
Constructors Constructor Description org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String)