Deprecated API
Contents
-
Interfaces Interface Description org.springframework.security.openid.AxFetchListFactory The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDConsumer The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.saml2.provider.service.authentication.Saml2ErrorCodes UseSaml2ErrorCodes
insteadorg.springframework.security.web.header.writers.frameoptions.AllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.util.matcher.RequestVariablesExtractor
-
Classes Class Description org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer It is not recommended to use the implicit flow due to the inherent risks of returning access tokens in an HTTP redirect without any confirmation that it has been received by the client. See reference OAuth 2.0 Implicit Grant.org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration This is applied internally using SpringWebMvcImportSelectororg.springframework.security.crypto.codec.Base64 Use java.util.Base64org.springframework.security.crypto.password.LdapShaPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.Md4PasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.MessageDigestPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.NoOpPasswordEncoder This PasswordEncoder is not secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.StandardPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.ldap.server.ApacheDSContainer UseUnboundIdContainer
instead because ApacheDS 1.x is no longer supported with no GA version to replace it.org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService It is recommended to use a delegation-based strategy of anOAuth2UserService
to support customOAuth2User
types, as it provides much greater flexibility compared to this implementation. See the reference manual for details on how to implement.org.springframework.security.oauth2.client.web.server.UnAuthenticatedServerOAuth2AuthorizedClientRepository org.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport UseNimbusJwtDecoder
orJwtDecoders
insteadorg.springframework.security.openid.NullAxFetchListFactory The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenID4JavaConsumer The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDAttribute The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDAuthenticationFilter The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDAuthenticationProvider The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDAuthenticationToken The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.RegexBasedAxFetchListFactory The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder Basic Authentication did not evolve into a standard. Use Simple Authentication instead.org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder Basic Authentication did not evolve into a standard. useSimpleAuthenticationEncoder
org.springframework.security.saml2.credentials.Saml2X509Credential UseSaml2X509Credential
insteadorg.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest org.springframework.security.saml2.provider.service.authentication.Saml2Error UseSaml2Error
insteadorg.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails UseRelyingPartyRegistration.AssertingPartyDetails
insteadorg.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails.Builder org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver UseAuthenticationPrincipalArgumentResolver
instead.org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.server.ServerFormLoginAuthenticationConverter useServerFormLoginAuthenticationConverter
instead.org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter UseServerHttpBasicAuthenticationConverter
instead.
-
Enums Enum Description org.springframework.security.openid.OpenIDAuthenticationStatus The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType UseSaml2X509Credential.Saml2X509CredentialType
instead
-
Exceptions Exceptions Description org.springframework.security.openid.AuthenticationCancelledException The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDConsumerException The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.
-
Annotation Types Annotation Type Description org.springframework.security.access.method.P use @{code org.springframework.security.core.parameters.P}org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.org.springframework.security.web.bind.annotation.AuthenticationPrincipal UseAuthenticationPrincipal
instead.
-
Fields Field Description org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite.LOGGER since 5.4 in favor ofAbstractMessageMatcherComposite.logger
org.springframework.security.oauth2.core.AuthorizationGrantType.IMPLICIT org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC org.springframework.security.oauth2.core.ClientAuthenticationMethod.POST org.springframework.security.rsocket.metadata.BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())org.springframework.security.rsocket.metadata.UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
-
Constructors Constructor Description org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException(Saml2Error) UseSaml2Error
constructor insteadorg.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken(String, String, String, String, List<Saml2X509Credential>) org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository) use the constructor that takes aSaml2AuthenticationRequestFactory
org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter(AllowFromStrategy) ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String)
-
Enum Constants Enum Constant Description org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.