Interface and Description |
---|
org.springframework.security.web.util.matcher.RequestVariablesExtractor |
Class and Description |
---|
org.springframework.security.ldap.server.ApacheDSContainer
Use
UnboundIdContainer instead because ApacheDS 1.x is no longer
supported with no GA version to replace it. |
org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver
Use
AuthenticationPrincipalArgumentResolver instead. |
org.springframework.security.crypto.codec.Base64
Use java.util.Base64
|
org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder
Basic Authentication did not evolve into a standard. Use Simple Authentication instead.
|
org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder
Basic Authentication did not evolve into a standard. use
SimpleAuthenticationEncoder |
org.springframework.security.crypto.password.LdapShaPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.crypto.password.Md4PasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.crypto.password.MessageDigestPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient |
org.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport
Use
NimbusJwtDecoder or JwtDecoders instead |
org.springframework.security.crypto.password.NoOpPasswordEncoder
This PasswordEncoder is not secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. |
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest |
org.springframework.security.web.server.ServerFormLoginAuthenticationConverter
use
ServerFormLoginAuthenticationConverter
instead. |
org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter
Use
ServerHttpBasicAuthenticationConverter
instead. |
org.springframework.security.crypto.password.StandardPasswordEncoder
Digest based password encoding is not considered secure. Instead use an
adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
SCryptPasswordEncoder. Even better use
DelegatingPasswordEncoder which supports
password upgrades. There are no plans to remove this support. It is deprecated to indicate
that this is a legacy implementation and using it is considered insecure. |
org.springframework.security.oauth2.client.web.server.UnAuthenticatedServerOAuth2AuthorizedClientRepository |
org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration
This is applied internally using SpringWebMvcImportSelector
|
Annotation Type and Description |
---|
org.springframework.security.web.bind.annotation.AuthenticationPrincipal
Use
AuthenticationPrincipal instead. |
org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity
Use EnableWebSecurity instead which will automatically add the Spring MVC
related Security items.
|
org.springframework.security.access.method.P
use @{code org.springframework.security.core.parameters.P}
|
Field and Description |
---|
org.springframework.security.rsocket.metadata.UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE
Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
|
org.springframework.security.rsocket.metadata.BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE
Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
|
org.springframework.security.oauth2.core.AuthorizationGrantType.IMPLICIT |
Constructor and Description |
---|
org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String) |
org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository)
use the constructor that takes a
Saml2AuthenticationRequestFactory |