Deprecated API
Contents
-
Terminally Deprecated ElementsElementDescriptionPermit access to the
DispatcherTypeinstead.@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authorize) -> authorize .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll() // ... ); return http.build(); } }This existed for an old IE bug and is no longer need.This existed for an old IE bug and is no longer need.This is deprecated for removal. Users can compareDefaultSavedRequest.getRedirectUrl()to theHttpServletRequestURL instead.Please usePathPatternRequestMatcherinsteadplease usePathPatternRequestMatcherinsteadLobHandleris deprecated without replacement, as such this method will also be removed without replacement
-
Deprecated InterfacesInterfaceDescriptionno replacement is planned, though consider using a custom
RequestMatcherfor any sophisticated decision-makingplease useHttpsRedirectFilterand its associatedPortMapperno replacement is planned, though consider using a customRequestMatcherfor any sophisticated decision-makingIn modern Spring Security APIs, each API manages its own configuration context. As such there is no direct replacement for this interface. In the case of method security, please seeSecurityAnnotationScannerandAuthorizationManager. In the case of channel security, please seeHttpsRedirectFilter. In the case of web security, please seeAuthorizationManager.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.This existed for an old IE bug and is no longer need.
-
Deprecated ClassesClassDescriptionplease use
HttpsRedirectFilterand its associatedPortMapperno replacement is planned, though consider using a customRequestMatcherfor any sophisticated decision-makingno replacement is planned, though consider using a customRequestMatcherfor any sophisticated decision-makingplease useHttpsRedirectFilterand its associatedPortMapperplease useHttpsRedirectFilterand its associatedPortMapperno replacement is planned, though consider using a customRequestMatcherfor any sophisticated decision-makingIn modern Spring Security APIs, each API manages its own configuration context. As such there is no direct replacement for this interface. In the case of method security, please seeSecurityAnnotationScannerandAuthorizationManager. In the case of channel security, please seeHttpsRedirectFilter. In the case of web security, please seeAuthorizationManager.UseWebExpressionAuthorizationManagerinsteadplease usePathPatternRequestTransformerinsteadIn modern Spring Security APIs, each API manages its own configuration context. As such there is no direct replacement for this interface. In the case of method security, please seeSecurityAnnotationScannerandAuthorizationManager. In the case of channel security, please seeHttpsRedirectFilter. In the case of web security, please seeAuthorizationManager.UseAuthorizationFilterinsteadplease useAuthorizationManagerWebInvocationPrivilegeEvaluatorand adapt any delegateWebInvocationPrivilegeEvaluators intoAuthorizationManagersUseAuthenticationPrincipalArgumentResolverinstead.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.see Certificate and Public Key Pinning for more contextThis existed for an old IE bug and is no longer need.useServerFormLoginAuthenticationConverterinstead.UseServerHttpBasicAuthenticationConverterinstead.Please usePathPatternRequestMatcherinsteadplease usePathPatternRequestMatcherinstead
-
Deprecated Annotation InterfacesAnnotation InterfaceDescriptionUse
AuthenticationPrincipalinstead.
-
Deprecated MethodsMethodDescriptionPermit access to the
DispatcherTypeinstead.@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authorize) -> authorize .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll() // ... ); return http.build(); } }please useAuthorizationManager.authorize(Supplier, Object)insteadUseStrictHttpFirewall.getEncodedUrlBlocklist()insteadThis is deprecated for removal. Users can compareDefaultSavedRequest.getRedirectUrl()to theHttpServletRequestURL instead.As of 5.1 in favor ofAuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter)please useReactiveAuthorizationManager.authorize(Mono, Object)insteadorg.springframework.security.web.server.csrf.CookieServerCsrfTokenRepository.setCookieDomain(String) LobHandleris deprecated without replacement, as such this method will also be removed without replacement
-
Deprecated ConstructorsConstructorDescriptionALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
-
Deprecated Enum ConstantsEnum ConstantDescriptionALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
PathPatternRequestTransformerinstead