Deprecated API

Contents

• Deprecated Interfaces
• Deprecated Classes
• Deprecated Methods
• Deprecated Constructors

Deprecated Interfaces

org.springframework.security.core.authority.MutableGrantedAuthoritiesContainer

org.springframework.security.core.session.SessionIdentifierAware
Legacy of former concurrency control implementation. Will be removed in a future version.

Deprecated Classes

org.springframework.security.authentication.AuthenticationDetails

org.springframework.security.authentication.AuthenticationDetailsSourceImpl
Write an implementation of AuthenticationDetailsSource which returns the desired type directly.

org.springframework.security.access.ConfigAttributeEditor

org.springframework.security.core.authority.GrantedAuthoritiesContainerImpl

org.springframework.security.core.authority.GrantedAuthorityImpl
Use the final class SimpleGrantedAuthority or implement your own.

org.springframework.security.core.userdetails.memory.InMemoryDaoImpl
Use InMemoryUserDetailsManager instead (or write your own implementation)

org.springframework.security.access.hierarchicalroles.UserDetailsServiceWrapper
use a RoleHierarchyVoter or use a RoleHierarchyAuthoritiesMapper to populate the Authentication object with the additional authorities.

org.springframework.security.access.hierarchicalroles.UserDetailsWrapper
use a RoleHierarchyVoter or RoleHierarchyAuthoritiesMapper instead.

org.springframework.security.core.userdetails.memory.UserMap
Use a plain map instead

org.springframework.security.core.userdetails.memory.UserMapEditor

Deprecated Methods

org.springframework.security.core.AuthenticationException.clearExtraInformation()

org.springframework.security.access.SecurityConfig.createSingleAttributeList(String)
Use createList instead

org.springframework.security.core.AuthenticationException.getAuthentication()
to avoid potential leaking of sensitive information (e.g. through serialization/remoting).

org.springframework.security.core.AuthenticationException.getExtraInformation()
Use the exception message or use a custom exception if you really need additional information.

org.springframework.security.core.AuthenticationException.setAuthentication(Authentication)

org.springframework.security.authentication.ProviderManager.setClearExtraInformation(boolean)
the extraInformation property is deprecated

org.springframework.security.access.vote.AbstractAccessDecisionManager.setDecisionVoters(List)
Use constructor

org.springframework.security.authentication.AnonymousAuthenticationProvider.setKey(String)
Use constructor injection

org.springframework.security.authentication.RememberMeAuthenticationProvider.setKey(String)
Use constructor injection

org.springframework.security.authentication.ProviderManager.setParent(AuthenticationManager)
Use constructor injection

org.springframework.security.authentication.ProviderManager.setProviders(List)
Use constructor injection

Deprecated Constructors

org.springframework.security.authentication.AccountExpiredException(String, Object)

org.springframework.security.authentication.AccountStatusException(String, Object)

org.springframework.security.access.vote.AffirmativeBased()
Use constructor which takes voter list

org.springframework.security.authentication.AnonymousAuthenticationProvider()
Use constructor injection

org.springframework.security.core.AuthenticationException(String, Object)
Use the exception message or use a custom exception if you really need additional information.

org.springframework.security.authentication.BadCredentialsException(String, Object)

org.springframework.security.access.vote.ConsensusBased()
Use constructor which takes voter list

org.springframework.security.authentication.CredentialsExpiredException(String, Object)

org.springframework.security.authentication.DisabledException(String, Object)

org.springframework.security.authentication.LockedException(String, Object)

org.springframework.security.authentication.ProviderManager()
Use constructor which takes provider list

org.springframework.security.authentication.RememberMeAuthenticationProvider()
Use constructor injection

org.springframework.security.access.vote.UnanimousBased()
Use constructor which takes voter list

org.springframework.security.core.userdetails.UsernameNotFoundException(String, Object)