Deprecated API

Contents

• Classes
• Annotation Interfaces
• Methods

Deprecated Classes

Class	Description
org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration	Use PrePostMethodSecurityConfiguration, SecuredMethodSecurityConfiguration, or Jsr250MethodSecurityConfiguration instead
org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer	Use AuthorizeHttpRequestsConfigurer instead
org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer	Use AuthorizeHttpRequestsConfigurer instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig	see Certificate and Public Key Pinning for more context
org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer	Use AuthorizeHttpRequestsConfigurer instead
org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry	Use MessageMatcherDelegatingAuthorizationManager instead
org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration	This is applied internally using SpringWebMvcImportSelector
org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer	Use EnableWebSocketSecurity instead
org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser	Use `use-authorization-manager` property instead
org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser	Use MethodSecurityBeanDefinitionParser instead
org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser	Use <intercept-methods>, <method-security>, or @EnableMethodSecurity

Deprecated Annotation Interfaces

Annotation Interface	Description
org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity	Use EnableMethodSecurity instead
org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity	Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.

Deprecated Methods

Method	Description
org.springframework.security.config.annotation.rsocket.RSocketSecurity.basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>)	Use RSocketSecurity.simpleAuthentication(Customizer)
org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests()	Use HttpSecurity.authorizeHttpRequests() instead
org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry>)	Use HttpSecurity.authorizeHttpRequests() instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.featurePolicy(String)	Use HeadersConfigurer.permissionsPolicy(Customizer) instead.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.httpPublicKeyPinning()	see Certificate and Public Key Pinning for more context
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.httpPublicKeyPinning(Customizer<HeadersConfigurer.HpkpConfig>)	see Certificate and Public Key Pinning for more context
org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer.setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>)
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.featurePolicy(String)	Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead.