8 months ago · 2ed1cafed8
--- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java
@@ -79,6 +79,15 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 
				 		this(objectPostProcessor, false);
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated
			
 
				+	 */
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	protected AbstractConfiguredSecurityBuilder(
			
 
				+			org.springframework.security.config.annotation.ObjectPostProcessor<Object> objectPostProcessor) {
			
 
				+		this(objectPostProcessor, false);
			
 
				+	}
			
 
				+
			
 
				 	/***
			
 
				 	 * Creates a new instance with the provided {@link ObjectPostProcessor}. This post
			
 
				 	 * processor must support Object since there are many types of objects that may be
			
@@ -94,6 +103,18 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 
				 		this.allowConfigurersOfSameType = allowConfigurersOfSameType;
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated
			
 
				+	 */
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	protected AbstractConfiguredSecurityBuilder(
			
 
				+			org.springframework.security.config.annotation.ObjectPostProcessor<Object> objectPostProcessor,
			
 
				+			boolean allowConfigurersOfSameType) {
			
 
				+		Assert.notNull(objectPostProcessor, "objectPostProcessor cannot be null");
			
 
				+		this.objectPostProcessor = objectPostProcessor;
			
 
				+		this.allowConfigurersOfSameType = allowConfigurersOfSameType;
			
 
				+	}
			
 
				+
			
 
				 	/**
			
 
				 	 * Similar to {@link #build()} and {@link #getObject()} but checks the state to
			
 
				 	 * determine if {@link #build()} needs to be called first.
			
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
@@ -92,6 +92,15 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 
				 		this.objectPostProcessor.addObjectPostProcessor(objectPostProcessor);
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated
			
 
				+	 */
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	public void addObjectPostProcessor(
			
 
				+			org.springframework.security.config.annotation.ObjectPostProcessor<?> objectPostProcessor) {
			
 
				+		this.objectPostProcessor.addObjectPostProcessor(objectPostProcessor);
			
 
				+	}
			
 
				+
			
 
				 	/**
			
 
				 	 * Sets the {@link SecurityBuilder} to be used. This is automatically set when using
			
 
				 	 * {@link AbstractConfiguredSecurityBuilder#apply(SecurityConfigurerAdapter)}
			
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java
@@ -70,19 +70,17 @@ public class AuthenticationManagerBuilder
 
				 	 * @param objectPostProcessor the
			
 
				 	 * {@link org.springframework.security.config.annotation.ObjectPostProcessor} instance
			
 
				 	 * to use.
			
 
				-	 * @deprecated
			
 
				 	 */
			
 
				-	@Deprecated(since = "6.4", forRemoval = true)
			
 
				-	public AuthenticationManagerBuilder(
			
 
				-			org.springframework.security.config.annotation.ObjectPostProcessor<Object> objectPostProcessor) {
			
 
				+	public AuthenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor) {
			
 
				 		super(objectPostProcessor, true);
			
 
				 	}
			
 
				 
			
 
				 	/**
			
 
				-	 * Creates a new instance
			
 
				-	 * @param objectPostProcessor the {@link ObjectPostProcessor} instance to use.
			
 
				+	 * @deprecated
			
 
				 	 */
			
 
				-	public AuthenticationManagerBuilder(ObjectPostProcessor<Object> objectPostProcessor) {
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	public AuthenticationManagerBuilder(
			
 
				+			org.springframework.security.config.annotation.ObjectPostProcessor<Object> objectPostProcessor) {
			
 
				 		super(objectPostProcessor, true);
			
 
				 	}
			
 
				 
			
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java
@@ -140,6 +140,16 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 
				 		return this;
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated
			
 
				+	 */
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	public LdapAuthenticationProviderConfigurer<B> withObjectPostProcessor(
			
 
				+			org.springframework.security.config.annotation.ObjectPostProcessor<?> objectPostProcessor) {
			
 
				+		addObjectPostProcessor(objectPostProcessor);
			
 
				+		return this;
			
 
				+	}
			
 
				+
			
 
				 	/**
			
 
				 	 * Gets the {@link LdapAuthoritiesPopulator} and defaults to
			
 
				 	 * {@link DefaultLdapAuthoritiesPopulator}
			
--- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java
@@ -63,6 +63,17 @@ public abstract class AbstractDaoAuthenticationConfigurer<B extends ProviderMana
 
				 		return (C) this;
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated
			
 
				+	 */
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	@SuppressWarnings("unchecked")
			
 
				+	public C withObjectPostProcessor(
			
 
				+			org.springframework.security.config.annotation.ObjectPostProcessor<?> objectPostProcessor) {
			
 
				+		addObjectPostProcessor(objectPostProcessor);
			
 
				+		return (C) this;
			
 
				+	}
			
 
				+
			
 
				 	/**
			
 
				 	 * Allows specifying the {@link PasswordEncoder} to use with the
			
 
				 	 * {@link DaoAuthenticationProvider}. The default is to use plain text.
			
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@@ -407,6 +407,16 @@ public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInit
 
				 		this.objectPostProcessor = objectPostProcessor;
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated
			
 
				+	 */
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	@Autowired(required = false)
			
 
				+	public void setObjectPostProcessor(
			
 
				+			org.springframework.security.config.annotation.ObjectPostProcessor<Object> objectPostProcessor) {
			
 
				+		this.objectPostProcessor = objectPostProcessor;
			
 
				+	}
			
 
				+
			
 
				 	@Autowired(required = false)
			
 
				 	public void setMethodSecurityExpressionHandler(List<MethodSecurityExpressionHandler> handlers) {
			
 
				 		if (handlers.size() != 1) {
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -188,6 +188,23 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
				 		this.requestMatcherConfigurer = new RequestMatcherConfigurer(context);
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated
			
 
				+	 */
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	@SuppressWarnings("unchecked")
			
 
				+	public HttpSecurity(org.springframework.security.config.annotation.ObjectPostProcessor<Object> objectPostProcessor,
			
 
				+			AuthenticationManagerBuilder authenticationBuilder, Map<Class<?>, Object> sharedObjects) {
			
 
				+		super(objectPostProcessor);
			
 
				+		Assert.notNull(authenticationBuilder, "authenticationBuilder cannot be null");
			
 
				+		setSharedObject(AuthenticationManagerBuilder.class, authenticationBuilder);
			
 
				+		for (Map.Entry<Class<?>, Object> entry : sharedObjects.entrySet()) {
			
 
				+			setSharedObject((Class<Object>) entry.getKey(), entry.getValue());
			
 
				+		}
			
 
				+		ApplicationContext context = (ApplicationContext) sharedObjects.get(ApplicationContext.class);
			
 
				+		this.requestMatcherConfigurer = new RequestMatcherConfigurer(context);
			
 
				+	}
			
 
				+
			
 
				 	private ApplicationContext getContext() {
			
 
				 		return getSharedObject(ApplicationContext.class);
			
 
				 	}
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
@@ -135,6 +135,14 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 
				 		super(objectPostProcessor);
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated
			
 
				+	 */
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	public WebSecurity(org.springframework.security.config.annotation.ObjectPostProcessor<Object> objectPostProcessor) {
			
 
				+		super(objectPostProcessor);
			
 
				+	}
			
 
				+
			
 
				 	/**
			
 
				 	 * <p>
			
 
				 	 * Allows adding {@link RequestMatcher} instances that Spring Security should ignore.
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java
@@ -178,6 +178,17 @@ class HttpSecurityConfiguration {
 
				 			this.defaultPasswordEncoder = defaultPasswordEncoder;
			
 
				 		}
			
 
				 
			
 
				+		/**
			
 
				+		 * @deprecated
			
 
				+		 */
			
 
				+		@Deprecated(since = "6.4", forRemoval = true)
			
 
				+		DefaultPasswordEncoderAuthenticationManagerBuilder(
			
 
				+				org.springframework.security.config.annotation.ObjectPostProcessor<Object> objectPostProcessor,
			
 
				+				PasswordEncoder defaultPasswordEncoder) {
			
 
				+			super(objectPostProcessor);
			
 
				+			this.defaultPasswordEncoder = defaultPasswordEncoder;
			
 
				+		}
			
 
				+
			
 
				 		@Override
			
 
				 		public InMemoryUserDetailsManagerConfigurer<AuthenticationManagerBuilder> inMemoryAuthentication()
			
 
				 				throws Exception {
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java
@@ -54,6 +54,17 @@ public abstract class AbstractHttpConfigurer<T extends AbstractHttpConfigurer<T,
 
				 		return (T) this;
			
 
				 	}
			
 
				 
			
 
				+	/**
			
 
				+	 * @deprecated
			
 
				+	 */
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	@SuppressWarnings("unchecked")
			
 
				+	public T withObjectPostProcessor(
			
 
				+			org.springframework.security.config.annotation.ObjectPostProcessor<?> objectPostProcessor) {
			
 
				+		addObjectPostProcessor(objectPostProcessor);
			
 
				+		return (T) this;
			
 
				+	}
			
 
				+
			
 
				 	protected SecurityContextHolderStrategy getSecurityContextHolderStrategy() {
			
 
				 		if (this.securityContextHolderStrategy != null) {
			
 
				 			return this.securityContextHolderStrategy;
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
@@ -193,6 +193,16 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
				 			return this;
			
 
				 		}
			
 
				 
			
 
				+		/**
			
 
				+		 * @deprecated
			
 
				+		 */
			
 
				+		@Deprecated(since = "6.4", forRemoval = true)
			
 
				+		public AuthorizationManagerRequestMatcherRegistry withObjectPostProcessor(
			
 
				+				org.springframework.security.config.annotation.ObjectPostProcessor<?> objectPostProcessor) {
			
 
				+			addObjectPostProcessor(objectPostProcessor);
			
 
				+			return this;
			
 
				+		}
			
 
				+
			
 
				 		/**
			
 
				 		 * Sets whether all dispatcher types should be filtered.
			
 
				 		 * @param shouldFilter should filter all dispatcher types. Default is {@code true}
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
@@ -169,6 +169,16 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
 
				 			return this;
			
 
				 		}
			
 
				 
			
 
				+		/**
			
 
				+		 * @deprecated
			
 
				+		 */
			
 
				+		@Deprecated(since = "6.4", forRemoval = true)
			
 
				+		public ChannelRequestMatcherRegistry withObjectPostProcessor(
			
 
				+				org.springframework.security.config.annotation.ObjectPostProcessor<?> objectPostProcessor) {
			
 
				+			addObjectPostProcessor(objectPostProcessor);
			
 
				+			return this;
			
 
				+		}
			
 
				+
			
 
				 		/**
			
 
				 		 * Sets the {@link ChannelProcessor} instances to use in
			
 
				 		 * {@link ChannelDecisionManagerImpl}
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@@ -238,6 +238,16 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
				 			return this;
			
 
				 		}
			
 
				 
			
 
				+		/**
			
 
				+		 * @deprecated
			
 
				+		 */
			
 
				+		@Deprecated(since = "6.4", forRemoval = true)
			
 
				+		public ExpressionInterceptUrlRegistry withObjectPostProcessor(
			
 
				+				org.springframework.security.config.annotation.ObjectPostProcessor<?> objectPostProcessor) {
			
 
				+			addObjectPostProcessor(objectPostProcessor);
			
 
				+			return this;
			
 
				+		}
			
 
				+
			
 
				 		public H and() {
			
 
				 			return ExpressionUrlAuthorizationConfigurer.this.and();
			
 
				 		}
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
@@ -117,6 +117,14 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 
				 		return this;
			
 
				 	}
			
 
				 
			
 
				+	@Deprecated(since = "6.4", forRemoval = true)
			
 
				+	@Override
			
 
				+	public UrlAuthorizationConfigurer<H> withObjectPostProcessor(
			
 
				+			org.springframework.security.config.annotation.ObjectPostProcessor<?> objectPostProcessor) {
			
 
				+		addObjectPostProcessor(objectPostProcessor);
			
 
				+		return this;
			
 
				+	}
			
 
				+
			
 
				 	/**
			
 
				 	 * Creates the default {@link AccessDecisionVoter} instances used if an
			
 
				 	 * {@link AccessDecisionManager} was not specified.