Deprecated List (spring-security-docs-manual 5.5.1 API)

Interfaces
Interface	Description
org.springframework.security.openid.AxFetchListFactory	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.openid.OpenIDConsumer	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.saml2.provider.service.authentication.Saml2ErrorCodes	Use `Saml2ErrorCodes` instead
org.springframework.security.web.header.writers.frameoptions.AllowFromStrategy	ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
org.springframework.security.web.util.matcher.RequestVariablesExtractor	use `RequestMatcher.MatchResult` from `RequestMatcher.matcher(HttpServletRequest)`

Classes
Class	Description
org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer	It is not recommended to use the implicit flow due to the inherent risks of returning access tokens in an HTTP redirect without any confirmation that it has been received by the client. See reference OAuth 2.0 Implicit Grant.
org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration	This is applied internally using SpringWebMvcImportSelector
org.springframework.security.crypto.codec.Base64	Use java.util.Base64
org.springframework.security.crypto.password.LdapShaPasswordEncoder	Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use `DelegatingPasswordEncoder` which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.
org.springframework.security.crypto.password.Md4PasswordEncoder	Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use `DelegatingPasswordEncoder` which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.
org.springframework.security.crypto.password.MessageDigestPasswordEncoder	Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use `DelegatingPasswordEncoder` which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.
org.springframework.security.crypto.password.NoOpPasswordEncoder	This PasswordEncoder is not secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use `DelegatingPasswordEncoder` which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.
org.springframework.security.crypto.password.StandardPasswordEncoder	Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better use `DelegatingPasswordEncoder` which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.
org.springframework.security.ldap.server.ApacheDSContainer	Use `UnboundIdContainer` instead because ApacheDS 1.x is no longer supported with no GA version to replace it.
org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient	Use `DefaultAuthorizationCodeTokenResponseClient`
org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService	It is recommended to use a delegation-based strategy of an `OAuth2UserService` to support custom `OAuth2User` types, as it provides much greater flexibility compared to this implementation. See the reference manual for details on how to implement.
org.springframework.security.oauth2.client.web.server.UnAuthenticatedServerOAuth2AuthorizedClientRepository	Use `AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager` instead
org.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport	Use `NimbusJwtDecoder` or `JwtDecoders` instead
org.springframework.security.openid.NullAxFetchListFactory	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.openid.OpenID4JavaConsumer	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.openid.OpenIDAttribute	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.openid.OpenIDAuthenticationFilter	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.openid.OpenIDAuthenticationProvider	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.openid.OpenIDAuthenticationToken	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.openid.RegexBasedAxFetchListFactory	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.rsocket.metadata.BasicAuthenticationDecoder	Basic Authentication did not evolve into a standard. Use Simple Authentication instead.
org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder	Basic Authentication did not evolve into a standard. use `SimpleAuthenticationEncoder`
org.springframework.security.saml2.credentials.Saml2X509Credential	Use `Saml2X509Credential` instead
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest	use `Saml2AuthenticationRequestContext`
org.springframework.security.saml2.provider.service.authentication.Saml2Error	Use `Saml2Error` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails	Use `RelyingPartyRegistration.AssertingPartyDetails` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails.Builder	Use `RelyingPartyRegistration.AssertingPartyDetails.Builder` instead
org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver	Use `AuthenticationPrincipalArgumentResolver` instead.
org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy	ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy	ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy	ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy	ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
org.springframework.security.web.server.ServerFormLoginAuthenticationConverter	use `ServerFormLoginAuthenticationConverter` instead.
org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter	Use `ServerHttpBasicAuthenticationConverter` instead.

Enums
Enum	Description
org.springframework.security.openid.OpenIDAuthenticationStatus	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType	Use `Saml2X509Credential.Saml2X509CredentialType` instead

Exceptions
Exceptions	Description
org.springframework.security.openid.AuthenticationCancelledException	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.openid.OpenIDConsumerException	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.

Annotation Types
Annotation Type	Description
org.springframework.security.access.method.P	use @{code org.springframework.security.core.parameters.P}
org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity	Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.
org.springframework.security.web.bind.annotation.AuthenticationPrincipal	Use `AuthenticationPrincipal` instead.

Fields
Field	Description
org.springframework.security.messaging.util.matcher.AbstractMessageMatcherComposite.LOGGER	since 5.4 in favor of `AbstractMessageMatcherComposite.logger`
org.springframework.security.oauth2.core.AuthorizationGrantType.IMPLICIT
org.springframework.security.oauth2.core.ClientAuthenticationMethod.BASIC	Use `ClientAuthenticationMethod.CLIENT_SECRET_BASIC`
org.springframework.security.oauth2.core.ClientAuthenticationMethod.POST	Use `ClientAuthenticationMethod.CLIENT_SECRET_POST`
org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType.TOKEN
org.springframework.security.rsocket.metadata.BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE	Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())
org.springframework.security.rsocket.metadata.UsernamePasswordMetadata.BASIC_AUTHENTICATION_MIME_TYPE	Basic did not evolve into the standard. Instead use Simple Authentication MimeTypeUtils.parseMimeType(WellKnownMimeType.MESSAGE_RSOCKET_AUTHENTICATION.getString())

Methods
Method	Description
org.springframework.security.authentication.DefaultAuthenticationEventPublisher.setAdditionalExceptionMappings(Properties)	use `DefaultAuthenticationEventPublisher.setAdditionalExceptionMappings(Map)`
org.springframework.security.config.annotation.rsocket.RSocketSecurity.basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>)	Use `RSocketSecurity.simpleAuthentication(Customizer)`
org.springframework.security.config.annotation.web.builders.HttpSecurity.openidLogin()	The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.featurePolicy(String)	Use `HeadersConfigurer.permissionsPolicy(Customizer)` instead.
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig.customUserType(Class<? extends OAuth2User>, String)	See `CustomUserTypesOAuth2UserService` for alternative usage.
org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer.setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>)
org.springframework.security.core.userdetails.User.withDefaultPasswordEncoder()	Using this method is not considered safe for production, but is acceptable for demos and getting started. For production purposes, ensure the password is encoded externally. See the method Javadoc for additional details. There are no plans to remove this support. It is deprecated to indicate that this is considered insecure for production purposes.
org.springframework.security.crypto.encrypt.Encryptors.queryableText(CharSequence, CharSequence)	This encryptor is not secure. Instead, look to your data store for a mechanism to query encrypted data.
org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler.setPostLogoutRedirectUri(URI)	`OidcClientInitiatedLogoutSuccessHandler.setPostLogoutRedirectUri(String)`
org.springframework.security.oauth2.client.oidc.web.server.logout.OidcClientInitiatedServerLogoutSuccessHandler.setPostLogoutRedirectUri(URI)	`OidcClientInitiatedServerLogoutSuccessHandler.setPostLogoutRedirectUri(String)`
org.springframework.security.oauth2.client.registration.ClientRegistration.Builder.redirectUriTemplate(String)	Use `ClientRegistration.Builder.redirectUri(String)` instead
org.springframework.security.oauth2.client.registration.ClientRegistration.getRedirectUriTemplate()	Use `ClientRegistration.getRedirectUri()` instead
org.springframework.security.oauth2.client.web.AuthorizationRequestRepository.removeAuthorizationRequest(HttpServletRequest)	Use `AuthorizationRequestRepository.removeAuthorizationRequest(HttpServletRequest, HttpServletResponse)` instead
org.springframework.security.oauth2.client.web.HttpSessionOAuth2AuthorizationRequestRepository.setAllowMultipleAuthorizationRequests(boolean)
org.springframework.security.oauth2.client.web.method.annotation.OAuth2AuthorizedClientArgumentResolver.setClientCredentialsTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>)	Use `OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)` instead. Create an instance of `ClientCredentialsOAuth2AuthorizedClientProvider` configured with a `DefaultClientCredentialsTokenResponseClient` (or a custom one) and than supply it to `DefaultOAuth2AuthorizedClientManager`.
org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.setAccessTokenExpiresSkew(Duration)	The `accessTokenExpiresSkew` should be configured with the specific `ReactiveOAuth2AuthorizedClientProvider` implementation, e.g. `ClientCredentialsReactiveOAuth2AuthorizedClientProvider` or `RefreshTokenReactiveOAuth2AuthorizedClientProvider`.
org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction.setClientCredentialsTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>)	Use `ServerOAuth2AuthorizedClientExchangeFilterFunction(ReactiveOAuth2AuthorizedClientManager)` instead. Create an instance of `ClientCredentialsReactiveOAuth2AuthorizedClientProvider` configured with a `WebClientReactiveClientCredentialsTokenResponseClient` (or a custom one) and than supply it to `DefaultReactiveOAuth2AuthorizedClientManager`.
org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.setAccessTokenExpiresSkew(Duration)	The `accessTokenExpiresSkew` should be configured with the specific `OAuth2AuthorizedClientProvider` implementation, e.g. `ClientCredentialsOAuth2AuthorizedClientProvider` or `RefreshTokenOAuth2AuthorizedClientProvider`.
org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.setClientCredentialsTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest>)	Use `ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)` instead. Create an instance of `ClientCredentialsOAuth2AuthorizedClientProvider` configured with a `DefaultClientCredentialsTokenResponseClient` (or a custom one) and than supply it to `DefaultOAuth2AuthorizedClientManager`.
org.springframework.security.oauth2.client.web.server.WebSessionOAuth2ServerAuthorizationRequestRepository.setAllowMultipleAuthorizationRequests(boolean)
org.springframework.security.oauth2.core.ClaimAccessor.containsClaim(String)	Use `ClaimAccessor.hasClaim(java.lang.String)` instead.
org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest.implicit()	It is not recommended to use the implicit flow due to the inherent risks of returning access tokens in an HTTP redirect without any confirmation that it has been received by the client.
org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter.extractAuthorities(Jwt)	Since 5.2. Use your own custom converter instead
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException.getError()	Use `Saml2AuthenticationException.getSaml2Error()` instead
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequestFactory.createAuthenticationRequest(Saml2AuthenticationRequest)	please use `Saml2AuthenticationRequestFactory.createRedirectAuthenticationRequest(Saml2AuthenticationRequestContext)` or `Saml2AuthenticationRequestFactory.createPostAuthenticationRequest(Saml2AuthenticationRequestContext)` This method will be removed in future versions of Spring Security
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.getIdpEntityId()	Use `getRelyingPartyRegistration().getAssertingPartyDetails().getEntityId()` instead
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.getLocalSpEntityId()	Use `getRelyingPartyRegistration().getEntityId()` instead
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.getRecipientUri()	Use `getRelyingPartyRegistration().getAssertionConsumerServiceLocation()` instead
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.getX509Credentials()	Get the credentials through `Saml2AuthenticationToken.getRelyingPartyRegistration()` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder.assertionConsumerServiceUrlTemplate(String)	Use `RelyingPartyRegistration.Builder.assertionConsumerServiceLocation` instead.
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder.credentials(Consumer<Collection<Saml2X509Credential>>)	Use `RelyingPartyRegistration.Builder.signingX509Credentials` or `RelyingPartyRegistration.Builder.decryptionX509Credentials` instead for relying party keys or `RelyingPartyRegistration.AssertingPartyDetails.Builder.verificationX509Credentials` or `RelyingPartyRegistration.AssertingPartyDetails.Builder.encryptionX509Credentials` for asserting party keys
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder.idpWebSsoUrl(String)	use `#assertingPartyDetails(Consumer<AssertingPartyDetails.Builder >)`
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder.localEntityIdTemplate(String)	Use `RelyingPartyRegistration.Builder.entityId` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder.providerDetails(Consumer<RelyingPartyRegistration.ProviderDetails.Builder>)	Use `RelyingPartyRegistration.Builder.assertingPartyDetails(java.util.function.Consumer<org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails.Builder>)` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.Builder.remoteIdpEntityId(String)	use `#assertingPartyDetails(Consumer<AssertingPartyDetails.Builder >)`
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.getAssertionConsumerServiceUrlTemplate()	Use `RelyingPartyRegistration.getAssertionConsumerServiceLocation()` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.getCredentials()	Instead of retrieving all credentials, use the appropriate method for obtaining the correct type
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.getDecryptionCredentials()	Use `RelyingPartyRegistration.getDecryptionX509Credentials()` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.getEncryptionCredentials()	Use `RelyingPartyRegistration.AssertingPartyDetails.getEncryptionX509Credentials()` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.getIdpWebSsoUrl()	use `RelyingPartyRegistration.AssertingPartyDetails.getSingleSignOnServiceLocation()` from `RelyingPartyRegistration.getAssertingPartyDetails()`
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.getLocalEntityIdTemplate()	Use `RelyingPartyRegistration.getEntityId()` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.getProviderDetails()	Use `RelyingPartyRegistration.getAssertingPartyDetails()` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.getRemoteIdpEntityId()	use `RelyingPartyRegistration.AssertingPartyDetails.getEntityId()` from `RelyingPartyRegistration.getAssertingPartyDetails()`
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.getSigningCredentials()	Use `RelyingPartyRegistration.getSigningX509Credentials()` instead
org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.getVerificationCredentials()	Use {code #getAssertingPartyDetails().getSigningX509Credentials()} instead
org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter.setAuthenticationRequestFactory(Saml2AuthenticationRequestFactory)	use the constructor instead
org.springframework.security.web.firewall.StrictHttpFirewall.getEncodedUrlBlacklist()	Use `StrictHttpFirewall.getEncodedUrlBlocklist()` instead
org.springframework.security.web.server.authentication.AuthenticationWebFilter.setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>>)	As of 5.1 in favor of `AuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter)`
org.springframework.security.web.server.ServerFormLoginAuthenticationConverter.apply(ServerWebExchange)
org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter.apply(ServerWebExchange)
org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.extractUriTemplateVariables(HttpServletRequest)
org.springframework.security.web.session.ConcurrentSessionFilter.determineExpiredUrl(HttpServletRequest, SessionInformation)	Use `ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)` instead.
org.springframework.security.web.session.ConcurrentSessionFilter.setRedirectStrategy(RedirectStrategy)	use `ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)` instead.
org.springframework.security.web.util.matcher.AntPathRequestMatcher.extractUriTemplateVariables(HttpServletRequest)

Constructors
Constructor	Description
org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType)	Use `AbstractOAuth2AuthorizationGrantRequest(AuthorizationGrantType, ClientRegistration)` instead
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException(Saml2Error)	Use `Saml2Error` constructor instead
org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken(String, String, String, String, List<Saml2X509Credential>)	Use `Saml2AuthenticationToken(RelyingPartyRegistration, String)` instead
org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationRequestFilter(RelyingPartyRegistrationRepository)	use the constructor that takes a `Saml2AuthenticationRequestFactory`
org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter(AllowFromStrategy)	ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String)	use `ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)` with `SimpleRedirectSessionInformationExpiredStrategy` instead.

Enum Constants
Enum Constant	Description
org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM	ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

Deprecated API

Contents