Deprecated API
Contents
-
Packages Package Description org.springframework.security.authentication.rcp as of 5.6.0 with no replacement
-
Classes Class Description org.springframework.security.acls.domain.EhCacheBasedAclCache since 5.6. In favor of JCache based implementationsorg.springframework.security.authentication.rcp.RemoteAuthenticationManagerImpl as of 5.6.0 with no replacementorg.springframework.security.authentication.rcp.RemoteAuthenticationProvider as of 5.6.0 with no replacementorg.springframework.security.cas.authentication.EhCacheBasedTicketCache since 5.6. In favor of JCache based implementationsorg.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer It is not recommended to use the implicit flow due to the inherent risks of returning access tokens in an HTTP redirect without any confirmation that it has been received by the client. See reference OAuth 2.0 Implicit Grant.org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration This is applied internally using SpringWebMvcImportSelectororg.springframework.security.core.userdetails.cache.EhCacheBasedUserCache since 5.6. In favor of JCache based implementationsorg.springframework.security.crypto.codec.Base64 Use java.util.Base64org.springframework.security.crypto.password.LdapShaPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.Md4PasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.MessageDigestPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.NoOpPasswordEncoder This PasswordEncoder is not secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.crypto.password.StandardPasswordEncoder Digest based password encoding is not considered secure. Instead use an adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder. Even better useDelegatingPasswordEncoder
which supports password upgrades. There are no plans to remove this support. It is deprecated to indicate that this is a legacy implementation and using it is considered insecure.org.springframework.security.ldap.server.ApacheDSContainer UseUnboundIdContainer
instead because ApacheDS 1.x is no longer supported with no GA version to replace it.org.springframework.security.oauth2.client.endpoint.NimbusAuthorizationCodeTokenResponseClient org.springframework.security.oauth2.client.userinfo.CustomUserTypesOAuth2UserService It is recommended to use a delegation-based strategy of anOAuth2UserService
to support customOAuth2User
types, as it provides much greater flexibility compared to this implementation. See the reference manual for details on how to implement.org.springframework.security.oauth2.client.web.server.UnAuthenticatedServerOAuth2AuthorizedClientRepository org.springframework.security.oauth2.core.endpoint.MapOAuth2AccessTokenResponseConverter UseDefaultMapOAuth2AccessTokenResponseConverter
insteadorg.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponseMapConverter UseDefaultOAuth2AccessTokenResponseMapConverter
insteadorg.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport UseNimbusJwtDecoder
orJwtDecoders
insteadorg.springframework.security.openid.NullAxFetchListFactory The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenID4JavaConsumer The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDAttribute The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDAuthenticationFilter The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDAuthenticationProvider The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDAuthenticationToken The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.RegexBasedAxFetchListFactory The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.remoting.dns.JndiDnsResolver as of 5.6.0 with no replacementorg.springframework.security.remoting.httpinvoker.AuthenticationSimpleHttpInvokerRequestExecutor as of 5.6.0 with no replacementorg.springframework.security.remoting.rmi.ContextPropagatingRemoteInvocation as of 5.6.0 with no replacementorg.springframework.security.remoting.rmi.ContextPropagatingRemoteInvocationFactory as of 5.6.0 with no replacementorg.springframework.security.rsocket.metadata.BasicAuthenticationDecoder Basic Authentication did not evolve into a standard. Use Simple Authentication instead.org.springframework.security.rsocket.metadata.BasicAuthenticationEncoder Basic Authentication did not evolve into a standard. useSimpleAuthenticationEncoder
org.springframework.security.saml2.credentials.Saml2X509Credential UseSaml2X509Credential
insteadorg.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationRequest org.springframework.security.saml2.provider.service.authentication.Saml2Error UseSaml2Error
insteadorg.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails UseRelyingPartyRegistration.AssertingPartyDetails
insteadorg.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.ProviderDetails.Builder org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver UseAuthenticationPrincipalArgumentResolver
instead.org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.org.springframework.security.web.server.ServerFormLoginAuthenticationConverter useServerFormLoginAuthenticationConverter
instead.org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter UseServerHttpBasicAuthenticationConverter
instead.
-
Enums Enum Description org.springframework.security.openid.OpenIDAuthenticationStatus The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.saml2.credentials.Saml2X509Credential.Saml2X509CredentialType UseSaml2X509Credential.Saml2X509CredentialType
instead
-
Exceptions Exceptions Description org.springframework.security.authentication.rcp.RemoteAuthenticationException as of 5.6.0 with no replacementorg.springframework.security.openid.AuthenticationCancelledException The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.openid.OpenIDConsumerException The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported byspring-security-oauth2
.org.springframework.security.remoting.dns.DnsEntryNotFoundException as of 5.6.0 with no replacementorg.springframework.security.remoting.dns.DnsLookupException as of 5.6.0 with no replacement
-
Annotation Types Annotation Type Description org.springframework.security.access.method.P use @{code org.springframework.security.core.parameters.P}org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.org.springframework.security.web.bind.annotation.AuthenticationPrincipal UseAuthenticationPrincipal
instead.
-
Enum Constants Enum Constant Description org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.