Deprecated API

Contents

• Terminally Deprecated
• Interfaces
• Classes
• Annotation Interfaces
• Methods
• Constructors
• Enum Constants

Terminally Deprecated Elements

Element	Description
org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>)
org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean)
org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.apply(C)	For removal in 7.0. Use AbstractConfiguredSecurityBuilder.with(SecurityConfigurerAdapter, Customizer) instead.
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder(ObjectPostProcessor<Object>)
org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.setObjectPostProcessor(ObjectPostProcessor<Object>)
org.springframework.security.config.annotation.SecurityConfigurerAdapter.addObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.SecurityConfigurerAdapter.and()	For removal in 7.0. Use the lambda based configuration instead.
org.springframework.security.config.annotation.web.builders.HttpSecurity(ObjectPostProcessor<Object>, AuthenticationManagerBuilder, Map<Class<?>, Object>)
org.springframework.security.config.annotation.web.builders.HttpSecurity.anonymous()	For removal in 7.0. Use HttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeHttpRequests()	For removal in 7.0. Use HttpSecurity.authorizeHttpRequests(Customizer) instead
org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests()	For removal in 7.0. Use HttpSecurity.authorizeHttpRequests(Customizer) instead
org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry>)	For removal in 7.0. Use HttpSecurity.authorizeHttpRequests(Customizer) instead
org.springframework.security.config.annotation.web.builders.HttpSecurity.cors()	For removal in 7.0. Use HttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.csrf()	For removal in 7.0. Use HttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.exceptionHandling()	For removal in 7.0. Use HttpSecurity.exceptionHandling(Customizer) or exceptionHandling(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.formLogin()	For removal in 7.0. Use HttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.headers()	For removal in 7.0. Use HttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.httpBasic()	For removal in 7.0. Use HttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.jee()	For removal in 7.0. Use HttpSecurity.jee(Customizer) or jee(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.logout()	For removal in 7.0. Use HttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.oauth2Client()	For removal in 7.0. Use HttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.oauth2Login()	For removal in 7.0. Use HttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.oauth2ResourceServer()	For removal in 7.0. Use HttpSecurity.oauth2ResourceServer(Customizer) instead
org.springframework.security.config.annotation.web.builders.HttpSecurity.portMapper()	For removal in 7.0. Use HttpSecurity.portMapper(Customizer) or portMapper(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.rememberMe()	For removal in 7.0. Use HttpSecurity.rememberMe(Customizer) or rememberMe(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.requestCache()	For removal in 7.0. Use HttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer.and()	Use the lambda based configuration instead. For example: @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .securityMatchers((matchers) -> matchers .requestMatchers("/api/**") ) .authorizeHttpRequests((authorize) -> authorize .anyRequest().hasRole("USER") ) .httpBasic(Customizer.withDefaults()); return http.build(); } }
org.springframework.security.config.annotation.web.builders.HttpSecurity.requiresChannel()	For removal in 7.0. Use HttpSecurity.requiresChannel(Customizer) or requiresChannel(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.saml2Login()	For removal in 7.0. Use HttpSecurity.saml2Login(Customizer) or saml2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.saml2Logout()	For removal in 7.0. Use HttpSecurity.saml2Logout(Customizer) or saml2Logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.saml2Metadata()	For removal in 7.0. Use HttpSecurity.saml2Metadata(Customizer) or saml2Metadata(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.securityContext()	For removal in 7.0. Use HttpSecurity.securityContext(Customizer) or securityContext(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.securityMatchers()	For removal in 7.0. Use HttpSecurity.securityMatchers(Customizer) or securityMatchers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.servletApi()	For removal in 7.0. Use HttpSecurity.servletApi(Customizer) or servletApi(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.sessionManagement()	For removal in 7.0. Use HttpSecurity.sessionManagement(Customizer) or sessionManagement(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.x509()	For removal in 7.0. Use HttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.WebSecurity(ObjectPostProcessor<Object>)
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.and()	For removal in 7.0. Use the lambda based configuration instead.
org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.shouldFilterAllDispatcherTypes(boolean)	Permit access to the DispatcherType instead. @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authorize) -> authorize .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll() // ... ); return http.build(); } }
org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry.and()	For removal in 7.0. Use HttpSecurity.requiresChannel(Customizer) instead
org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.cacheControl()	For removal in 7.0. Use HeadersConfigurer.cacheControl(Customizer) or cacheControl(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig.and()	For removal in 7.0. Use HeadersConfigurer.cacheControl(Customizer) or cacheControl(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.contentSecurityPolicy(String)	For removal in 7.0. Use HeadersConfigurer.contentSecurityPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.contentSecurityPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.contentTypeOptions()	For removal in 7.0. Use HeadersConfigurer.contentTypeOptions(Customizer) or contentTypeOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig.and()	For removal in 7.0. Use HeadersConfigurer.contentTypeOptions(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.crossOriginEmbedderPolicy()	For removal in 7.0. Use HeadersConfigurer.crossOriginEmbedderPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.crossOriginEmbedderPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.crossOriginOpenerPolicy()	For removal in 7.0. Use HeadersConfigurer.crossOriginOpenerPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.crossOriginOpenerPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.crossOriginResourcePolicy()	For removal in 7.0. Use HeadersConfigurer.crossOriginResourcePolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.crossOriginResourcePolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.frameOptions()	For removal in 7.0. Use HeadersConfigurer.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig.and()	For removal in 7.0. Use HeadersConfigurer.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig.and()	For removal in 7.0. Use HeadersConfigurer.httpStrictTransportSecurity(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.httpStrictTransportSecurity()	For removal in 7.0. Use HeadersConfigurer.httpStrictTransportSecurity(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.permissionsPolicy()	For removal in 7.0. Use HeadersConfigurer.permissionsPolicyHeader(Customizer) or permissionsPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.permissionsPolicy(Customizer<HeadersConfigurer.PermissionsPolicyConfig>)	For removal in 7.0. Use HeadersConfigurer.permissionsPolicyHeader(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.permissionsPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.referrerPolicy()	For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy)	For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.xssProtection()	For removal in 7.0. Use HeadersConfigurer.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig.and()	For removal in 7.0. Use HeadersConfigurer.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.authorizationCodeGrant()	For removal in 7.0. Use OAuth2ClientConfigurer.authorizationCodeGrant(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer.and()	For removal in 7.0. Use OAuth2ClientConfigurer.authorizationCodeGrant(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.authorizationEndpoint()	For removal in 7.0. Use OAuth2LoginConfigurer.authorizationEndpoint(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig.and()	For removal in 7.0. Use OAuth2LoginConfigurer.authorizationEndpoint(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.redirectionEndpoint()	For removal in 7.0. Use OAuth2LoginConfigurer.redirectionEndpoint(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig.and()	For removal in 7.0. Use OAuth2LoginConfigurer.redirectionEndpoint(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.tokenEndpoint()	For removal in 7.0. Use OAuth2LoginConfigurer.tokenEndpoint(Customizer) or tokenEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig.and()	For removal in 7.0. Use OAuth2LoginConfigurer.tokenEndpoint(Customizer) or tokenEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.userInfoEndpoint()	For removal in 7.0. Use OAuth2LoginConfigurer.userInfoEndpoint(Customizer) or userInfoEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig.and()	For removal in 7.0. Use OAuth2LoginConfigurer.userInfoEndpoint(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.and()
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.jwt()	For removal in 7.0. Use OAuth2ResourceServerConfigurer.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer.and()	For removal in 7.0. Use OAuth2ResourceServerConfigurer.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.opaqueToken()	For removal in 7.0. Use OAuth2ResourceServerConfigurer.opaqueToken(Customizer) or opaqueToken(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.logoutRequest()	For removal in 7.0. Use Saml2LogoutConfigurer.logoutRequest(Customizer) or logoutRequest(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer.and()	For removal in 7.0. Use Saml2LogoutConfigurer.logoutRequest(Customizer) or logoutRequest(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.logoutResponse()	For removal in 7.0. Use Saml2LogoutConfigurer.logoutResponse(Customizer) or logoutResponse(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer.and()	For removal in 7.0. Use Saml2LogoutConfigurer.logoutResponse(Customizer) or logoutResponse(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer.and()	For removal in 7.0. Use SessionManagementConfigurer.sessionConcurrency(Customizer) instead
org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.web.RequestMatcherFactory
org.springframework.security.config.web.server.ServerHttpSecurity.anonymous()	For removal in 7.0. Use ServerHttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec.and()	For removal in 7.0. Use ServerHttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.authorizeExchange()	For removal in 7.0. Use ServerHttpSecurity.authorizeExchange(Customizer) or authorizeExchange(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.and()	For removal in 7.0. Use ServerHttpSecurity.authorizeExchange(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.cors()	For removal in 7.0. Use ServerHttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec.and()	For removal in 7.0. Use ServerHttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.csrf()	For removal in 7.0. Use ServerHttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec.and()	For removal in 7.0. Use ServerHttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.exceptionHandling()	For removal in 7.0. Use ServerHttpSecurity.exceptionHandling(Customizer) or exceptionHandling(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec.and()	For removal in 7.0. Use ServerHttpSecurity.exceptionHandling(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.formLogin()	For removal in 7.0. Use ServerHttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec.and()	For removal in 7.0. Use ServerHttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.headers()	For removal in 7.0. Use ServerHttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.and()	For removal in 7.0. Use ServerHttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.cache()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.cache(Customizer) or cache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.contentSecurityPolicy(String)	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.contentTypeOptions()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.contentTypeOptions(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec.and()	For removal in 7.0. Use #featurePolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.frameOptions()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.hsts()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.hsts(Customizer) or hsts(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.hsts(Customizer) or hsts(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.permissionsPolicy()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.referrerPolicy()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy)	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.xssProtection()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.httpBasic()	For removal in 7.0. Use ServerHttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec.and()	For removal in 7.0. Use ServerHttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec.and()	use ServerHttpSecurity.redirectToHttps(Customizer)
org.springframework.security.config.web.server.ServerHttpSecurity.logout()	For removal in 7.0. Use ServerHttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec.and()	For removal in 7.0. Use ServerHttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.oauth2Client()	For removal in 7.0. Use ServerHttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec.and()	For removal in 7.0. Use ServerHttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.oauth2Login()	For removal in 7.0. Use ServerHttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec.and()	For removal in 7.0. Use ServerHttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.oauth2ResourceServer()	For removal in 7.0. Use ServerHttpSecurity.oauth2ResourceServer(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.and()	For removal in 7.0. Use ServerHttpSecurity.oauth2ResourceServer(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.jwt()	For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec.and()	For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken()	For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer) or opaqueToken(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec.and()	For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.and()
org.springframework.security.config.web.server.ServerHttpSecurity.passwordManagement()	For removal in 7.0. Use ServerHttpSecurity.passwordManagement(Customizer) or passwordManagement(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec.and()	For removal in 7.0. Use ServerHttpSecurity.passwordManagement(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.redirectToHttps()	For removal in 7.0. Use ServerHttpSecurity.redirectToHttps(Customizer) or redirectToHttps(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.requestCache()	For removal in 7.0. Use ServerHttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec.and()	For removal in 7.0. Use ServerHttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.x509()	For removal in 7.0. Use ServerHttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec.and()	For removal in 7.0. Use ServerHttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

Deprecated Interfaces

Interface	Description
org.springframework.security.config.annotation.ObjectPostProcessor	please use ObjectPostProcessor instead

Deprecated Classes

Class	Description
org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration	Use PrePostMethodSecurityConfiguration, SecuredMethodSecurityConfiguration, or Jsr250MethodSecurityConfiguration instead
org.springframework.security.config.annotation.web.configurers.AbstractConfigAttributeRequestMatcherRegistry	In modern Spring Security APIs, each API manages its own configuration context. As such there is no direct replacement for this interface. In the case of method security, please see SecurityAnnotationScanner and AuthorizationManager. In the case of channel security, please see HttpsRedirectFilter. In the case of web security, please see AuthorizationManager.
org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer	Use AuthorizeHttpRequestsConfigurer instead
org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.AbstractInterceptUrlRegistry
org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer	please use HttpsRedirectConfigurer instead
org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry	no replacement planned
org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.RequiresChannelUrl	no replacement planned
org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer	Use AuthorizeHttpRequestsConfigurer instead
org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HpkpConfig	see Certificate and Public Key Pinning for more context
org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer	Use AuthorizeHttpRequestsConfigurer instead
org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.StandardInterceptUrlRegistry
org.springframework.security.config.annotation.web.messaging.MessageSecurityMetadataSourceRegistry	Use MessageMatcherDelegatingAuthorizationManager instead
org.springframework.security.config.annotation.web.RequestMatcherFactory
org.springframework.security.config.annotation.web.servlet.configuration.WebMvcSecurityConfiguration	This is applied internally using SpringWebMvcImportSelector
org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer	Use EnableWebSocketSecurity instead
org.springframework.security.config.http.ChannelAttributeFactory	In modern Spring Security APIs, each API manages its own configuration context. As such there is no direct replacement for this interface. In the case of method security, please see SecurityAnnotationScanner and AuthorizationManager. In the case of channel security, please see HttpsRedirectFilter. In the case of web security, please see AuthorizationManager.
org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser	Use `use-authorization-manager` property instead
org.springframework.security.config.http.RequestMatcherFactoryBean
org.springframework.security.config.method.GlobalMethodSecurityBeanDefinitionParser	Use MethodSecurityBeanDefinitionParser instead
org.springframework.security.config.method.MethodSecurityMetadataSourceBeanDefinitionParser	Use <intercept-methods>, <method-security>, or @EnableMethodSecurity

Deprecated Annotation Interfaces

Annotation Interface	Description
org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity	Use EnableMethodSecurity instead
org.springframework.security.config.annotation.web.servlet.configuration.EnableWebMvcSecurity	Use EnableWebSecurity instead which will automatically add the Spring MVC related Security items.

Deprecated Methods

Method	Description
org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.apply(C)	For removal in 7.0. Use AbstractConfiguredSecurityBuilder.with(SecurityConfigurerAdapter, Customizer) instead.
org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.authentication.configurers.userdetails.AbstractDaoAuthenticationConfigurer.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration.setObjectPostProcessor(ObjectPostProcessor<Object>)
org.springframework.security.config.annotation.rsocket.RSocketSecurity.basicAuthentication(Customizer<RSocketSecurity.BasicAuthenticationSpec>)	Use RSocketSecurity.simpleAuthentication(Customizer)
org.springframework.security.config.annotation.SecurityConfigurerAdapter.addObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.SecurityConfigurerAdapter.and()	For removal in 7.0. Use the lambda based configuration instead.
org.springframework.security.config.annotation.web.builders.HttpSecurity.anonymous()	For removal in 7.0. Use HttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeHttpRequests()	For removal in 7.0. Use HttpSecurity.authorizeHttpRequests(Customizer) instead
org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests()	For removal in 7.0. Use HttpSecurity.authorizeHttpRequests(Customizer) instead
org.springframework.security.config.annotation.web.builders.HttpSecurity.authorizeRequests(Customizer<ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry>)	For removal in 7.0. Use HttpSecurity.authorizeHttpRequests(Customizer) instead
org.springframework.security.config.annotation.web.builders.HttpSecurity.cors()	For removal in 7.0. Use HttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.csrf()	For removal in 7.0. Use HttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.exceptionHandling()	For removal in 7.0. Use HttpSecurity.exceptionHandling(Customizer) or exceptionHandling(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.formLogin()	For removal in 7.0. Use HttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.headers()	For removal in 7.0. Use HttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.httpBasic()	For removal in 7.0. Use HttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.jee()	For removal in 7.0. Use HttpSecurity.jee(Customizer) or jee(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.logout()	For removal in 7.0. Use HttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.oauth2Client()	For removal in 7.0. Use HttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.oauth2Login()	For removal in 7.0. Use HttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.oauth2ResourceServer()	For removal in 7.0. Use HttpSecurity.oauth2ResourceServer(Customizer) instead
org.springframework.security.config.annotation.web.builders.HttpSecurity.portMapper()	For removal in 7.0. Use HttpSecurity.portMapper(Customizer) or portMapper(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.rememberMe()	For removal in 7.0. Use HttpSecurity.rememberMe(Customizer) or rememberMe(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.requestCache()	For removal in 7.0. Use HttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.RequestMatcherConfigurer.and()	Use the lambda based configuration instead. For example: @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .securityMatchers((matchers) -> matchers .requestMatchers("/api/**") ) .authorizeHttpRequests((authorize) -> authorize .anyRequest().hasRole("USER") ) .httpBasic(Customizer.withDefaults()); return http.build(); } }
org.springframework.security.config.annotation.web.builders.HttpSecurity.requiresChannel()	For removal in 7.0. Use HttpSecurity.requiresChannel(Customizer) or requiresChannel(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.requiresChannel(Customizer<ChannelSecurityConfigurer.ChannelRequestMatcherRegistry>)	Use HttpSecurity.redirectToHttps(org.springframework.security.config.Customizer<org.springframework.security.config.annotation.web.configurers.HttpsRedirectConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>>)
org.springframework.security.config.annotation.web.builders.HttpSecurity.saml2Login()	For removal in 7.0. Use HttpSecurity.saml2Login(Customizer) or saml2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.saml2Logout()	For removal in 7.0. Use HttpSecurity.saml2Logout(Customizer) or saml2Logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.saml2Metadata()	For removal in 7.0. Use HttpSecurity.saml2Metadata(Customizer) or saml2Metadata(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.securityContext()	For removal in 7.0. Use HttpSecurity.securityContext(Customizer) or securityContext(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.securityMatchers()	For removal in 7.0. Use HttpSecurity.securityMatchers(Customizer) or securityMatchers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.servletApi()	For removal in 7.0. Use HttpSecurity.servletApi(Customizer) or servletApi(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.sessionManagement()	For removal in 7.0. Use HttpSecurity.sessionManagement(Customizer) or sessionManagement(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.builders.HttpSecurity.x509()	For removal in 7.0. Use HttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.and()	For removal in 7.0. Use the lambda based configuration instead.
org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.shouldFilterAllDispatcherTypes(boolean)	Permit access to the DispatcherType instead. @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authorize) -> authorize .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll() // ... ); return http.build(); } }
org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer.AuthorizationManagerRequestMatcherRegistry.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry.and()	For removal in 7.0. Use HttpSecurity.requiresChannel(Customizer) instead
org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer.ChannelRequestMatcherRegistry.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.cacheControl()	For removal in 7.0. Use HeadersConfigurer.cacheControl(Customizer) or cacheControl(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CacheControlConfig.and()	For removal in 7.0. Use HeadersConfigurer.cacheControl(Customizer) or cacheControl(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.contentSecurityPolicy(String)	For removal in 7.0. Use HeadersConfigurer.contentSecurityPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentSecurityPolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.contentSecurityPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.contentTypeOptions()	For removal in 7.0. Use HeadersConfigurer.contentTypeOptions(Customizer) or contentTypeOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ContentTypeOptionsConfig.and()	For removal in 7.0. Use HeadersConfigurer.contentTypeOptions(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.crossOriginEmbedderPolicy()	For removal in 7.0. Use HeadersConfigurer.crossOriginEmbedderPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginEmbedderPolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.crossOriginEmbedderPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.crossOriginOpenerPolicy()	For removal in 7.0. Use HeadersConfigurer.crossOriginOpenerPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginOpenerPolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.crossOriginOpenerPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.crossOriginResourcePolicy()	For removal in 7.0. Use HeadersConfigurer.crossOriginResourcePolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.CrossOriginResourcePolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.crossOriginResourcePolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.featurePolicy(String)	For removal in 7.0. Use HeadersConfigurer.permissionsPolicy(Customizer) or permissionsPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.frameOptions()	For removal in 7.0. Use HeadersConfigurer.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.FrameOptionsConfig.and()	For removal in 7.0. Use HeadersConfigurer.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.HstsConfig.and()	For removal in 7.0. Use HeadersConfigurer.httpStrictTransportSecurity(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.httpPublicKeyPinning()	see Certificate and Public Key Pinning for more context
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.httpPublicKeyPinning(Customizer<HeadersConfigurer.HpkpConfig>)	see Certificate and Public Key Pinning for more context
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.httpStrictTransportSecurity()	For removal in 7.0. Use HeadersConfigurer.httpStrictTransportSecurity(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.permissionsPolicy()	For removal in 7.0. Use HeadersConfigurer.permissionsPolicyHeader(Customizer) or permissionsPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.permissionsPolicy(Customizer<HeadersConfigurer.PermissionsPolicyConfig>)	For removal in 7.0. Use HeadersConfigurer.permissionsPolicyHeader(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.PermissionsPolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.permissionsPolicy(Customizer) instead
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.referrerPolicy()	For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.referrerPolicy(ReferrerPolicyHeaderWriter.ReferrerPolicy)	For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.ReferrerPolicyConfig.and()	For removal in 7.0. Use HeadersConfigurer.referrerPolicy(Customizer) or referrerPolicy(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.xssProtection()	For removal in 7.0. Use HeadersConfigurer.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.HeadersConfigurer.XXssConfig.and()	For removal in 7.0. Use HeadersConfigurer.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.authorizationCodeGrant()	For removal in 7.0. Use OAuth2ClientConfigurer.authorizationCodeGrant(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer.AuthorizationCodeGrantConfigurer.and()	For removal in 7.0. Use OAuth2ClientConfigurer.authorizationCodeGrant(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.authorizationEndpoint()	For removal in 7.0. Use OAuth2LoginConfigurer.authorizationEndpoint(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.AuthorizationEndpointConfig.and()	For removal in 7.0. Use OAuth2LoginConfigurer.authorizationEndpoint(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.redirectionEndpoint()	For removal in 7.0. Use OAuth2LoginConfigurer.redirectionEndpoint(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.RedirectionEndpointConfig.and()	For removal in 7.0. Use OAuth2LoginConfigurer.redirectionEndpoint(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.tokenEndpoint()	For removal in 7.0. Use OAuth2LoginConfigurer.tokenEndpoint(Customizer) or tokenEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.TokenEndpointConfig.and()	For removal in 7.0. Use OAuth2LoginConfigurer.tokenEndpoint(Customizer) or tokenEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.userInfoEndpoint()	For removal in 7.0. Use OAuth2LoginConfigurer.userInfoEndpoint(Customizer) or userInfoEndpoint(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer.UserInfoEndpointConfig.and()	For removal in 7.0. Use OAuth2LoginConfigurer.userInfoEndpoint(Customizer) instead
org.springframework.security.config.annotation.web.configurers.oauth2.client.OidcLogoutConfigurer.and()
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.jwt()	For removal in 7.0. Use OAuth2ResourceServerConfigurer.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.JwtConfigurer.and()	For removal in 7.0. Use OAuth2ResourceServerConfigurer.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer.opaqueToken()	For removal in 7.0. Use OAuth2ResourceServerConfigurer.opaqueToken(Customizer) or opaqueToken(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer.authenticationFailureHandler(AuthenticationFailureHandler)	Use AbstractAuthenticationFilterConfigurer.failureHandler(AuthenticationFailureHandler) instead
org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer.authenticationSuccessHandler(AuthenticationSuccessHandler)	Use AbstractAuthenticationFilterConfigurer.successHandler(AuthenticationSuccessHandler) instead
org.springframework.security.config.annotation.web.configurers.ott.OneTimeTokenLoginConfigurer.getContext()	Use this.context instead
org.springframework.security.config.annotation.web.configurers.saml2.Saml2LoginConfigurer.authenticationRequestUri(String)	Use Saml2LoginConfigurer.authenticationRequestUriQuery(java.lang.String) instead
org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.logoutRequest()	For removal in 7.0. Use Saml2LogoutConfigurer.logoutRequest(Customizer) or logoutRequest(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutRequestConfigurer.and()	For removal in 7.0. Use Saml2LogoutConfigurer.logoutRequest(Customizer) or logoutRequest(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.logoutResponse()	For removal in 7.0. Use Saml2LogoutConfigurer.logoutResponse(Customizer) or logoutResponse(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.saml2.Saml2LogoutConfigurer.LogoutResponseConfigurer.and()	For removal in 7.0. Use Saml2LogoutConfigurer.logoutResponse(Customizer) or logoutResponse(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer.ConcurrencyControlConfigurer.and()	For removal in 7.0. Use SessionManagementConfigurer.sessionConcurrency(Customizer) instead
org.springframework.security.config.annotation.web.configurers.UrlAuthorizationConfigurer.withObjectPostProcessor(ObjectPostProcessor<?>)
org.springframework.security.config.annotation.web.socket.AbstractSecurityWebSocketMessageBrokerConfigurer.setMessageExpessionHandler(List<SecurityExpressionHandler<Message<Object>>>)
org.springframework.security.config.web.server.ServerHttpSecurity.anonymous()	For removal in 7.0. Use ServerHttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.AnonymousSpec.and()	For removal in 7.0. Use ServerHttpSecurity.anonymous(Customizer) or anonymous(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.authorizeExchange()	For removal in 7.0. Use ServerHttpSecurity.authorizeExchange(Customizer) or authorizeExchange(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.AuthorizeExchangeSpec.and()	For removal in 7.0. Use ServerHttpSecurity.authorizeExchange(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.cors()	For removal in 7.0. Use ServerHttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.CorsSpec.and()	For removal in 7.0. Use ServerHttpSecurity.cors(Customizer) or cors(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.csrf()	For removal in 7.0. Use ServerHttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.CsrfSpec.and()	For removal in 7.0. Use ServerHttpSecurity.csrf(Customizer) or csrf(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.exceptionHandling()	For removal in 7.0. Use ServerHttpSecurity.exceptionHandling(Customizer) or exceptionHandling(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.ExceptionHandlingSpec.and()	For removal in 7.0. Use ServerHttpSecurity.exceptionHandling(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.formLogin()	For removal in 7.0. Use ServerHttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.FormLoginSpec.and()	For removal in 7.0. Use ServerHttpSecurity.formLogin(Customizer) or formLogin(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.headers()	For removal in 7.0. Use ServerHttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.and()	For removal in 7.0. Use ServerHttpSecurity.headers(Customizer) or headers(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.cache()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.cache(Customizer) or cache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.contentSecurityPolicy(String)	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ContentSecurityPolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.contentSecurityPolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.contentTypeOptions()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.contentTypeOptions(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginEmbedderPolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginEmbedderPolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginOpenerPolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginOpenerPolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.CrossOriginResourcePolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.crossOriginResourcePolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.featurePolicy(String)	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.FeaturePolicySpec.and()	For removal in 7.0. Use #featurePolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.frameOptions()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.frameOptions(Customizer) or frameOptions(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.hsts()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.hsts(Customizer) or hsts(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.HstsSpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.hsts(Customizer) or hsts(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.permissionsPolicy()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.PermissionsPolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.permissionsPolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.referrerPolicy()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.referrerPolicy(ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy)	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer) instead.
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.ReferrerPolicySpec.and()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.referrerPolicy(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.HeaderSpec.xssProtection()	For removal in 7.0. Use ServerHttpSecurity.HeaderSpec.xssProtection(Customizer) or xssProtection(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.httpBasic()	For removal in 7.0. Use ServerHttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HttpBasicSpec.and()	For removal in 7.0. Use ServerHttpSecurity.httpBasic(Customizer) or httpBasic(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.HttpsRedirectSpec.and()	use ServerHttpSecurity.redirectToHttps(Customizer)
org.springframework.security.config.web.server.ServerHttpSecurity.logout()	For removal in 7.0. Use ServerHttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.LogoutSpec.and()	For removal in 7.0. Use ServerHttpSecurity.logout(Customizer) or logout(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.oauth2Client()	For removal in 7.0. Use ServerHttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ClientSpec.and()	For removal in 7.0. Use ServerHttpSecurity.oauth2Client(Customizer) or oauth2Client(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.oauth2Login()	For removal in 7.0. Use ServerHttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2LoginSpec.and()	For removal in 7.0. Use ServerHttpSecurity.oauth2Login(Customizer) or oauth2Login(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.oauth2ResourceServer()	For removal in 7.0. Use ServerHttpSecurity.oauth2ResourceServer(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.and()	For removal in 7.0. Use ServerHttpSecurity.oauth2ResourceServer(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.jwt()	For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec.and()	For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.jwt(Customizer) or jwt(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken()	For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer) or opaqueToken(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.OAuth2ResourceServerSpec.OpaqueTokenSpec.and()	For removal in 7.0. Use ServerHttpSecurity.OAuth2ResourceServerSpec.opaqueToken(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.OidcLogoutSpec.and()
org.springframework.security.config.web.server.ServerHttpSecurity.passwordManagement()	For removal in 7.0. Use ServerHttpSecurity.passwordManagement(Customizer) or passwordManagement(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.PasswordManagementSpec.and()	For removal in 7.0. Use ServerHttpSecurity.passwordManagement(Customizer) instead
org.springframework.security.config.web.server.ServerHttpSecurity.redirectToHttps()	For removal in 7.0. Use ServerHttpSecurity.redirectToHttps(Customizer) or redirectToHttps(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.requestCache()	For removal in 7.0. Use ServerHttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.RequestCacheSpec.and()	For removal in 7.0. Use ServerHttpSecurity.requestCache(Customizer) or requestCache(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.x509()	For removal in 7.0. Use ServerHttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.
org.springframework.security.config.web.server.ServerHttpSecurity.X509Spec.and()	For removal in 7.0. Use ServerHttpSecurity.x509(Customizer) or x509(Customizer.withDefaults()) to stick with defaults. See the documentation for more details.

Deprecated Constructors

Constructor	Description
org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>)
org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder(ObjectPostProcessor<Object>, boolean)
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder(ObjectPostProcessor<Object>)
org.springframework.security.config.annotation.web.builders.HttpSecurity(ObjectPostProcessor<Object>, AuthenticationManagerBuilder, Map<Class<?>, Object>)
org.springframework.security.config.annotation.web.builders.WebSecurity(ObjectPostProcessor<Object>)

Deprecated Enum Constants

Enum Constant	Description
org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder.BASIC_AUTHENTICATION	please see PayloadInterceptorOrder.AUTHENTICATION
org.springframework.security.config.annotation.rsocket.PayloadInterceptorOrder.JWT_AUTHENTICATION	please see PayloadInterceptorOrder.AUTHENTICATION