Deprecated List (spring-security-config 5.4.1 API)

Deprecated Classes
Class and Description
org.springframework.security.config.annotation.web.configurers.oauth2.client.ImplicitGrantConfigurer It is not recommended to use the implicit flow due to the inherent risks of returning access tokens in an HTTP redirect without any confirmation that it has been received by the client. See reference OAuth 2.0 Implicit Grant.
org.springframework.security.config.annotation.web.configurers.openid.OpenIDLoginConfigurer The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration This is applied internally using SpringWebMvcImportSelector

Deprecated Annotation Types
Annotation Type and Description
org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.

Deprecated Methods
Method and Description
org.springframework.security.config.annotation.rsocket.RSocketSecurity.basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>) Use `RSocketSecurity.simpleAuthentication(Customizer)`
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig.customUserType(Class<? extends OAuth2User>, String) See `CustomUserTypesOAuth2UserService` for alternative usage.
org.springframework.security.config.annotation.web.builders.HttpSecurity.openidLogin() The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.config.annotation.web.builders.HttpSecurity.openidLogin(Customizer<OpenIDLoginConfigurer<HttpSecurity>>) The OpenID 1.0 and 2.0 protocols have been deprecated and users are encouraged to migrate to OpenID Connect, which is supported by `spring-security-oauth2`.
org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer.setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>)

Deprecated API