Deprecated API
Contents
- 
Interfaces Interface Description org.springframework.security.openid.AxFetchListFactory The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.openid.OpenIDConsumer The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.saml2.provider.service.authentication.Saml2ErrorCodes UseSaml2ErrorCodesinsteadorg.springframework.security.web.header.writers.frameoptions.AllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.util.matcher.RequestVariablesExtractor 
- 
Classes Class Description org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer It is not recommended to use the implicit flow due to the inherent risks of returning access tokens in an HTTP redirect without any confirmation that it has been received by the client. See reference OAuth 2.0 Implicit Grant.org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration This is applied internally using SpringWebMvcImportSelectororg.springframework.security.crypto.codec.Base64 Use java.util.Base64org.springframework.security.crypto.password.LdapShaPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoderwhich supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.Md4PasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoderwhich supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.MessageDigestPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoderwhich supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.NoOpPasswordEncoder This PasswordEncoder is not secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoderwhich supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.StandardPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoderwhich supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.ldap.server.ApacheDSContainer UseUnboundIdContainerinstead because ApacheDS 1.x is no longer supported with no GA version to replace it.org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService It is recommended to use a delegation-based strategy of anOAuth2UserServiceto support customOAuth2Usertypes, as it provides much greater flexibility compared to this implementation. See the reference manual for details on how to implement.org.springframework.security.oauth2.client.web.server.UnAuthenticatedServerOAuth2AuthorizedClientRepository org.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport UseNimbusJwtDecoderorJwtDecodersinsteadorg.springframework.security.openid.NullAxFetchListFactory The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.openid.OpenID4JavaConsumer The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.openid.OpenIDAttribute The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.openid.OpenIDAuthenticationFilter The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.openid.OpenIDAuthenticationProvider The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.openid.OpenIDAuthenticationToken The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.openid.RegexBasedAxFetchListFactory The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder Basic Authentication did not evolve into a standard. Use Simple Authentication instead.org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder Basic Authentication did not evolve into a standard. useSimpleAuthenticationEncoderorg.springframework.security.saml2.credentials.Saml2X509Credential UseSaml2X509Credentialinsteadorg.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest org.springframework.security.saml2.provider.service.authentication.Saml2Error UseSaml2Errorinsteadorg.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails UseRelyingPartyRegistration.AssertingPartyDetailsinsteadorg.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails.Builder org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver UseAuthenticationPrincipalArgumentResolverinstead.org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.server.ServerFormLoginAuthenticationConverter useServerFormLoginAuthenticationConverterinstead.org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter UseServerHttpBasicAuthenticationConverterinstead.
- 
Enums Enum Description org.springframework.security.openid.OpenIDAuthenticationStatus The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType UseSaml2X509Credential.Saml2X509CredentialTypeinstead
- 
Exceptions Exceptions Description org.springframework.security.openid.AuthenticationCancelledException The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.org.springframework.security.openid.OpenIDConsumerException The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2.
- 
Annotation Types Annotation Type Description org.springframework.security.access.method.P use @{code org.springframework.security.core.parameters.P}org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.org.springframework.security.web.bind.annotation.AuthenticationPrincipal UseAuthenticationPrincipalinstead.
- 
Fields Field Description org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite.LOGGER since 5.4 in favor ofAbstractMessageMatcherComposite.loggerorg.springframework.security.oauth2.core.AuthorizationGrantType.IMPLICIT org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC org.springframework.security.oauth2.core.ClientAuthenticationMethod.POST org.springframework.security.rsocket.metadata.BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())org.springframework.security.rsocket.metadata.UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
- 
Constructors Constructor Description org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException(Saml2Error) UseSaml2Errorconstructor insteadorg.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken(String, String, String, String, List<Saml2X509Credential>) org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository) use the constructor that takes aSaml2AuthenticationRequestFactoryorg.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter(AllowFromStrategy) ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String) 
- 
Enum Constants Enum Constant Description org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.