4 месяцев назад · 2ad859a63c
--- a/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java
@@ -33,12 +33,16 @@ public enum PayloadInterceptorOrder implements Ordered {
 
				 	/**
			
 
				 	 * Where basic authentication is placed.
			
 
				 	 * @see RSocketSecurity#basicAuthentication(Customizer)
			
 
				+	 * @deprecated please see {@link PayloadInterceptorOrder#AUTHENTICATION}
			
 
				 	 */
			
 
				+	@Deprecated
			
 
				 	BASIC_AUTHENTICATION,
			
 
				 	/**
			
 
				 	 * Where JWT based authentication is performed.
			
 
				 	 * @see RSocketSecurity#jwt(Customizer)
			
 
				+	 * @deprecated please see {@link PayloadInterceptorOrder#AUTHENTICATION}
			
 
				 	 */
			
 
				+	@Deprecated
			
 
				 	JWT_AUTHENTICATION,
			
 
				 	/**
			
 
				 	 * A generic placeholder for other types of authentication.
			
--- a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
+++ b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
@@ -24,6 +24,7 @@ import org.springframework.security.access.AccessDecisionVoter;
 
				 import org.springframework.security.access.vote.AffirmativeBased;
			
 
				 import org.springframework.security.access.vote.AuthenticatedVoter;
			
 
				 import org.springframework.security.access.vote.RoleVoter;
			
 
				+import org.springframework.security.authorization.AuthorizationManager;
			
 
				 import org.springframework.security.config.BeanIds;
			
 
				 
			
 
				 /**
			
@@ -32,7 +33,9 @@ import org.springframework.security.config.BeanIds;
 
				  * @author Luke Taylor
			
 
				  * @author Ben Alex
			
 
				  * @author Rob Winch
			
 
				+ * @deprecated Please use {@link AuthorizationManager} instead
			
 
				  */
			
 
				+@Deprecated
			
 
				 abstract class MethodConfigUtils {
			
 
				 
			
 
				 	@SuppressWarnings("unchecked")
			
--- a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
+++ b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
@@ -43,7 +43,9 @@ public final class RoleHierarchyUtils {
 
				 	 * @return a string representation of a role hierarchy
			
 
				 	 * @throws IllegalArgumentException if roleHierarchyMap is null or empty or if a role
			
 
				 	 * name is null or empty or if an implied role name(s) is null or empty
			
 
				+	 * @deprecated please see {@link RoleHierarchyImpl#setHierarchy} deprecation notice
			
 
				 	 */
			
 
				+	@Deprecated
			
 
				 	public static String roleHierarchyFromMap(Map<String, List<String>> roleHierarchyMap) {
			
 
				 		Assert.notEmpty(roleHierarchyMap, "roleHierarchyMap cannot be empty");
			
 
				 		StringWriter result = new StringWriter();
			
--- a/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
@@ -28,7 +28,9 @@ import org.springframework.security.core.Authentication;
 
				  * functionality.
			
 
				  *
			
 
				  * @author Ben Alex
			
 
				+ * @deprecated please see {@link RunAsManager} deprecation notice
			
 
				  */
			
 
				+@Deprecated
			
 
				 final class NullRunAsManager implements RunAsManager {
			
 
				 
			
 
				 	@Override
			
--- a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManager.java
@@ -59,7 +59,10 @@ public final class PostAuthorizeReactiveAuthorizationManager
 
				 	 * not be resolved.
			
 
				 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
			
 
				 	 * @since 6.3
			
 
				+	 * @deprecated please use
			
 
				+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
			
 
				 	 */
			
 
				+	@Deprecated
			
 
				 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
			
 
				 		this.registry.setTemplateDefaults(defaults);
			
 
				 	}
			
--- a/core/src/main/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptor.java
+++ b/core/src/main/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptor.java
@@ -74,7 +74,10 @@ public final class PostFilterAuthorizationReactiveMethodInterceptor implements A
 
				 	 * not be resolved.
			
 
				 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
			
 
				 	 * @since 6.3
			
 
				+	 * @deprecated please use
			
 
				+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
			
 
				 	 */
			
 
				+	@Deprecated
			
 
				 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
			
 
				 		this.registry.setTemplateDefaults(defaults);
			
 
				 	}
			
--- a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManager.java
+++ b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManager.java
@@ -59,7 +59,10 @@ public final class PreAuthorizeReactiveAuthorizationManager
 
				 	 * not be resolved.
			
 
				 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
			
 
				 	 * @since 6.3
			
 
				+	 * @deprecated please use
			
 
				+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
			
 
				 	 */
			
 
				+	@Deprecated
			
 
				 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
			
 
				 		this.registry.setTemplateDefaults(defaults);
			
 
				 	}
			
--- a/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java
+++ b/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java
@@ -77,7 +77,10 @@ public final class PreFilterAuthorizationReactiveMethodInterceptor implements Au
 
				 	 * not be resolved.
			
 
				 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
			
 
				 	 * @since 6.3
			
 
				+	 * @deprecated please use
			
 
				+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
			
 
				 	 */
			
 
				+	@Deprecated
			
 
				 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
			
 
				 		this.registry.setTemplateDefaults(defaults);
			
 
				 	}
			
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
@@ -36,7 +36,9 @@ import org.springframework.util.MimeTypeUtils;
 
				  *
			
 
				  * @author Rob Winch
			
 
				  * @since 5.2
			
 
				+ * @deprecated please use {@link AuthenticationPayloadExchangeConverter} instead
			
 
				  */
			
 
				+@Deprecated
			
 
				 public class BasicAuthenticationPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {
			
 
				 
			
 
				 	private MimeType metadataMimetype = MimeTypeUtils
			
--- a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java
+++ b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java
@@ -34,7 +34,9 @@ import org.springframework.security.rsocket.metadata.BearerTokenMetadata;
 
				  *
			
 
				  * @author Rob Winch
			
 
				  * @since 5.2
			
 
				+ * @deprecated please use {@link AuthenticationPayloadExchangeConverter} instead
			
 
				  */
			
 
				+@Deprecated
			
 
				 public class BearerPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {
			
 
				 
			
 
				 	private static final String BEARER_MIME_TYPE_VALUE = BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE.toString();
			
--- a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -34,7 +34,11 @@ import org.springframework.util.Assert;
 
				 
			
 
				 /**
			
 
				  * @author Luke Taylor
			
 
				+ * @deprecated please use
			
 
				+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
			
 
				+ * associated {@link PortMapper}
			
 
				  */
			
 
				+@Deprecated
			
 
				 public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
			
 
				 
			
 
				 	protected final Log logger = LogFactory.getLog(getClass());
			
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
@@ -22,6 +22,8 @@ import jakarta.servlet.ServletException;
 
				 import jakarta.servlet.http.HttpServletRequest;
			
 
				 import jakarta.servlet.http.HttpServletResponse;
			
 
				 
			
 
				+import org.springframework.security.web.PortMapper;
			
 
				+
			
 
				 /**
			
 
				  * May be used by a {@link ChannelProcessor} to launch a web channel.
			
 
				  *
			
@@ -31,7 +33,11 @@ import jakarta.servlet.http.HttpServletResponse;
 
				  * interface to assist <code>ChannelProcessor</code>s in performing this delegation.
			
 
				  *
			
 
				  * @author Ben Alex
			
 
				+ * @deprecated please use
			
 
				+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
			
 
				+ * associated {@link PortMapper}
			
 
				  */
			
 
				+@Deprecated
			
 
				 public interface ChannelEntryPoint {
			
 
				 
			
 
				 	/**
			
--- a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java
@@ -16,6 +16,8 @@
 
				 
			
 
				 package org.springframework.security.web.access.channel;
			
 
				 
			
 
				+import org.springframework.security.web.PortMapper;
			
 
				+
			
 
				 /**
			
 
				  * Commences an insecure channel by retrying the original request using HTTP.
			
 
				  * <p>
			
@@ -24,7 +26,11 @@ package org.springframework.security.web.access.channel;
 
				  * issue.
			
 
				  *
			
 
				  * @author Ben Alex
			
 
				+ * @deprecated please use
			
 
				+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
			
 
				+ * associated {@link PortMapper}
			
 
				  */
			
 
				+@Deprecated(since = "6.5")
			
 
				 public class RetryWithHttpEntryPoint extends AbstractRetryEntryPoint {
			
 
				 
			
 
				 	public RetryWithHttpEntryPoint() {
			
--- a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java
@@ -16,6 +16,8 @@
 
				 
			
 
				 package org.springframework.security.web.access.channel;
			
 
				 
			
 
				+import org.springframework.security.web.PortMapper;
			
 
				+
			
 
				 /**
			
 
				  * Commences a secure channel by retrying the original request using HTTPS.
			
 
				  * <p>
			
@@ -25,7 +27,11 @@ package org.springframework.security.web.access.channel;
 
				  * </p>
			
 
				  *
			
 
				  * @author Ben Alex
			
 
				+ * @deprecated please use
			
 
				+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
			
 
				+ * associated {@link PortMapper}
			
 
				  */
			
 
				+@Deprecated(since = "6.5")
			
 
				 public class RetryWithHttpsEntryPoint extends AbstractRetryEntryPoint {
			
 
				 
			
 
				 	public RetryWithHttpsEntryPoint() {
			
--- a/web/src/main/java/org/springframework/security/web/context/DelegatingSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/DelegatingSecurityContextRepository.java
@@ -44,7 +44,12 @@ public final class DelegatingSecurityContextRepository implements SecurityContex
 
				 		this.delegates = delegates;
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated
			
 
				+	 * @see SecurityContextRepository#loadContext
			
 
				+	 */
			
 
				 	@Override
			
 
				+	@Deprecated
			
 
				 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
			
 
				 		SecurityContext result = null;
			
 
				 		for (SecurityContextRepository delegate : this.delegates) {
			
--- a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -115,7 +115,9 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 
				 	 * If the session is null, the context object is null or the context object stored in
			
 
				 	 * the session is not an instance of {@code SecurityContext}, a new context object
			
 
				 	 * will be generated and returned.
			
 
				+	 * @deprecated please see {@link SecurityContextRepository#loadContext}
			
 
				 	 */
			
 
				+	@Deprecated
			
 
				 	@Override
			
 
				 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
			
 
				 		HttpServletRequest request = requestResponseHolder.getRequest();
			
--- a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
@@ -38,7 +38,11 @@ public final class NullSecurityContextRepository implements SecurityContextRepos
 
				 		return false;
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated please see {@link SecurityContextRepository#loadContext}
			
 
				+	 */
			
 
				 	@Override
			
 
				+	@Deprecated
			
 
				 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
			
 
				 		return this.securityContextHolderStrategy.createEmptyContext();
			
 
				 	}
			
--- a/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java
+++ b/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java
@@ -75,7 +75,11 @@ public final class RequestAttributeSecurityContextRepository implements Security
 
				 		return getContext(request) != null;
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated please see {@link SecurityContextRepository#loadContext}
			
 
				+	 */
			
 
				 	@Override
			
 
				+	@Deprecated
			
 
				 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
			
 
				 		return loadDeferredContext(requestResponseHolder.getRequest()).get();
			
 
				 	}