Deprecate Jackson 2 support

This commit does not cover webauthn which is a special case (uses
jackson sub-package for Jackson 2 support) which will be handled in
a distinct commit.

See gh-17832
Signed-off-by: Sébastien Deleuze <sdeleuze@users.noreply.github.com>

cas/src/main/java/org/springframework/security/cas/jackson2/AssertionImplMixin.java

@@ -33,6 +33,7 @@ import org.apereo.cas.client.authentication.AttributePrincipal;
  * this class we need to register with
  * {@link com.fasterxml.jackson.databind.ObjectMapper}. Type information will be stored
  * in @class property.
+ *
  * <p>
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
@@ -43,7 +44,11 @@ import org.apereo.cas.client.authentication.AttributePrincipal;
  * @since 4.2
  * @see CasJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.cas.jackson.AssertionImplMixin} based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

cas/src/main/java/org/springframework/security/cas/jackson2/AttributePrincipalImplMixin.java

@@ -30,6 +30,7 @@ import org.apereo.cas.client.proxy.ProxyRetriever;
  * {@link org.apereo.cas.client.authentication.AttributePrincipalImpl} which is used with
  * {@link org.springframework.security.cas.authentication.CasAuthenticationToken}. Type
  * information will be stored in property named @class.
+ *
  * <p>
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
@@ -40,7 +41,12 @@ import org.apereo.cas.client.proxy.ProxyRetriever;
  * @since 4.2
  * @see CasJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.cas.jackson.AttributePrincipalImplMixin} based on
+ * Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

cas/src/main/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixin.java

@@ -40,7 +40,6 @@ import org.springframework.security.core.userdetails.UserDetails;
  * </ol>
  *
  * <p>
- *
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new CasJackson2Module());
@@ -50,7 +49,12 @@ import org.springframework.security.core.userdetails.UserDetails;
  * @since 4.2
  * @see CasJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.cas.jackson.CasAuthenticationTokenMixin} based on
+ * Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE,
 		getterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY)

cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java

@@ -37,11 +37,14 @@ import org.springframework.security.jackson2.SecurityJackson2Modules;
  * </pre> <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list
  * of all security modules on the classpath.</b>
  *
- * @author Jitendra Singh.
+ * @author Jitendra Singh
  * @since 4.2
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@link org.springframework.security.cas.jackson.CasJacksonModule} based on Jackson 3
  */
-@SuppressWarnings("serial")
+@Deprecated(forRemoval = true)
+@SuppressWarnings({ "serial", "removal" })
 public class CasJackson2Module extends SimpleModule {
 
 	public CasJackson2Module() {

cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java

@@ -44,6 +44,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Jitendra Singh
  * @since 4.2
  */
+@SuppressWarnings("removal")
 public class CasAuthenticationTokenMixinTests {
 
 	private static final String KEY = "casKey";

core/src/main/java/org/springframework/security/jackson2/AbstractUnmodifiableCollectionDeserializer.java

@@ -38,7 +38,12 @@ import com.fasterxml.jackson.databind.node.ArrayNode;
  * @param <T> the type of the unmodifiable collection, such as {@link List} or
  * {@link Set}.
  * @author Hyunmin Choi
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.jackson.AbstractUnmodifiableCollectionDeserializer}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 abstract class AbstractUnmodifiableCollectionDeserializer<T> extends JsonDeserializer<T> {
 
 	@Override

core/src/main/java/org/springframework/security/jackson2/AnonymousAuthenticationTokenMixin.java

@@ -43,11 +43,16 @@ import org.springframework.security.core.GrantedAuthority;
  * @since 4.2
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.jackson.AnonymousAuthenticationTokenMixin} based on
+ * Jackson 3
  */
+@SuppressWarnings("removal")
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE,
 		getterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY)
 @JsonIgnoreProperties(ignoreUnknown = true)
+@Deprecated(forRemoval = true)
 class AnonymousAuthenticationTokenMixin {
 
 	/**

core/src/main/java/org/springframework/security/jackson2/BadCredentialsExceptionMixin.java

@@ -38,9 +38,14 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * @author Yannick Lombardi
  * @since 5.0
  * @see CoreJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.jackson.BadCredentialsExceptionMixin} based on
+ * Jackson 3
  */
+@SuppressWarnings("removal")
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonIgnoreProperties(ignoreUnknown = true, value = { "cause", "stackTrace", "authenticationRequest" })
+@Deprecated(forRemoval = true)
 class BadCredentialsExceptionMixin {
 
 	/**

core/src/main/java/org/springframework/security/jackson2/CoreJackson2Module.java

@@ -44,11 +44,14 @@ import org.springframework.security.core.userdetails.User;
  * </pre> <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list
  * of all security modules.</b>
  *
- * @author Jitendra Singh.
+ * @author Jitendra Singh
  * @since 4.2
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@link org.springframework.security.jackson.CoreJacksonModule} based on Jackson 3
  */
-@SuppressWarnings("serial")
+@SuppressWarnings({ "serial", "removal" })
+@Deprecated(forRemoval = true)
 public class CoreJackson2Module extends SimpleModule {
 
 	public CoreJackson2Module() {

core/src/main/java/org/springframework/security/jackson2/FactorGrantedAuthorityMixin.java

@@ -37,7 +37,13 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * @since 7.0
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.jackson.FactorGrantedAuthorityMixin} based on
+ * Jackson 3
+ *
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE,
 		getterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY, isGetterVisibility = JsonAutoDetect.Visibility.NONE)

core/src/main/java/org/springframework/security/jackson2/RememberMeAuthenticationTokenMixin.java

@@ -50,11 +50,16 @@ import org.springframework.security.core.GrantedAuthority;
  * @since 4.2
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.jackson.RememberMeAuthenticationTokenMixin} based
+ * on Jackson 3
  */
+@SuppressWarnings("removal")
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.ANY)
 @JsonIgnoreProperties(ignoreUnknown = true)
+@Deprecated(forRemoval = true)
 class RememberMeAuthenticationTokenMixin {
 
 	/**

core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java

@@ -67,9 +67,12 @@ import org.springframework.util.ClassUtils;
  *     mapper.registerModule(new Saml2Jackson2Module());
  * </pre>
  *
- * @author Jitendra Singh.
+ * @author Jitendra Singh
  * @since 4.2
+ * @deprecated as of 7.0 in favor of
+ * {@link org.springframework.security.jackson.SecurityJacksonModules} based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 public final class SecurityJackson2Modules {
 
 	private static final Log logger = LogFactory.getLog(SecurityJackson2Modules.class);

core/src/main/java/org/springframework/security/jackson2/SimpleGrantedAuthorityMixin.java

@@ -35,11 +35,16 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * @since 4.2
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.jackson.SimpleGrantedAuthorityMixin} based on
+ * Jackson 3
  */
+@SuppressWarnings("removal")
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE,
 		getterVisibility = JsonAutoDetect.Visibility.PUBLIC_ONLY, isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)
+@Deprecated(forRemoval = true)
 public abstract class SimpleGrantedAuthorityMixin {
 
 	/**

core/src/main/java/org/springframework/security/jackson2/UnmodifiableListDeserializer.java

@@ -28,7 +28,10 @@ import java.util.List;
  * @author Hyunmin Choi
  * @since 5.0.2
  * @see UnmodifiableListMixin
+ * @deprecated as of 7.0
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 class UnmodifiableListDeserializer extends AbstractUnmodifiableCollectionDeserializer<List> {
 
 	@Override

core/src/main/java/org/springframework/security/jackson2/UnmodifiableListMixin.java

@@ -36,9 +36,12 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * @see UnmodifiableListDeserializer
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0
  */
+@SuppressWarnings("removal")
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonDeserialize(using = UnmodifiableListDeserializer.class)
+@Deprecated(forRemoval = true)
 class UnmodifiableListMixin {
 
 	/**

core/src/main/java/org/springframework/security/jackson2/UnmodifiableMapDeserializer.java

@@ -33,7 +33,10 @@ import com.fasterxml.jackson.databind.ObjectMapper;
  * @author Ulrich Grave
  * @since 5.7
  * @see UnmodifiableMapMixin
+ * @deprecated as of 7.0
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 class UnmodifiableMapDeserializer extends JsonDeserializer<Map<?, ?>> {
 
 	@Override

core/src/main/java/org/springframework/security/jackson2/UnmodifiableMapMixin.java

@@ -36,9 +36,12 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * @see UnmodifiableMapDeserializer
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0
  */
+@SuppressWarnings("removal")
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonDeserialize(using = UnmodifiableMapDeserializer.class)
+@Deprecated(forRemoval = true)
 class UnmodifiableMapMixin {
 
 	@JsonCreator

core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetDeserializer.java

@@ -28,7 +28,10 @@ import java.util.Set;
  * @author Hyunmin Choi
  * @since 4.2
  * @see UnmodifiableSetMixin
+ * @deprecated as of 7.0
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 class UnmodifiableSetDeserializer extends AbstractUnmodifiableCollectionDeserializer<Set> {
 
 	@Override

core/src/main/java/org/springframework/security/jackson2/UnmodifiableSetMixin.java

@@ -36,9 +36,12 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * @see UnmodifiableSetDeserializer
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0
  */
+@SuppressWarnings("removal")
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonDeserialize(using = UnmodifiableSetDeserializer.class)
+@Deprecated(forRemoval = true)
 class UnmodifiableSetMixin {
 
 	/**

core/src/main/java/org/springframework/security/jackson2/UserDeserializer.java

@@ -39,7 +39,11 @@ import org.springframework.security.core.userdetails.User;
  * @author Jitendra Singh
  * @since 4.2
  * @see UserMixin
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.jackson.UserDeserializer} based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 class UserDeserializer extends JsonDeserializer<User> {
 
 	private static final TypeReference<Set<SimpleGrantedAuthority>> SIMPLE_GRANTED_AUTHORITY_SET = new TypeReference<>() {

core/src/main/java/org/springframework/security/jackson2/UserMixin.java

@@ -41,12 +41,16 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * @see UserDeserializer
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.jackson.UserMixin} based on Jackson 3
  */
+@SuppressWarnings("removal")
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonDeserialize(using = UserDeserializer.class)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)
+@Deprecated(forRemoval = true)
 abstract class UserMixin {
 
 }

core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenDeserializer.java

@@ -48,7 +48,12 @@ import org.springframework.security.core.GrantedAuthority;
  * @author Onur Kagan Ozcan
  * @since 4.2
  * @see UsernamePasswordAuthenticationTokenMixin
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.jackson.UsernamePasswordAuthenticationTokenDeserializer}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 class UsernamePasswordAuthenticationTokenDeserializer extends JsonDeserializer<UsernamePasswordAuthenticationToken> {
 
 	private static final TypeReference<List<GrantedAuthority>> GRANTED_AUTHORITY_LIST = new TypeReference<>() {

core/src/main/java/org/springframework/security/jackson2/UsernamePasswordAuthenticationTokenMixin.java

@@ -42,11 +42,16 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * @since 4.2
  * @see CoreJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.jackson.UsernamePasswordAuthenticationTokenDeserializer}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonDeserialize(using = UsernamePasswordAuthenticationTokenDeserializer.class)
+@Deprecated(forRemoval = true)
 abstract class UsernamePasswordAuthenticationTokenMixin {
 
 }

core/src/test/java/org/springframework/security/jackson2/AbstractMixinTests.java

@@ -26,6 +26,7 @@ import org.springframework.security.core.userdetails.User;
  * @author Jitenra Singh
  * @since 4.2
  */
+@SuppressWarnings("removal")
 public abstract class AbstractMixinTests {
 
 	protected ObjectMapper mapper;

core/src/test/java/org/springframework/security/jackson2/SecurityJackson2ModulesTests.java

@@ -38,6 +38,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
  * @author Rob Winch
  * @since 5.0
  */
+@SuppressWarnings("removal")
 public class SecurityJackson2ModulesTests {
 
 	private ObjectMapper mapper;

ldap/src/main/java/org/springframework/security/ldap/jackson2/InetOrgPersonMixin.java

@@ -29,7 +29,11 @@ import org.springframework.security.ldap.userdetails.InetOrgPerson;
  * @since 5.7
  * @see LdapJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.ldap.jackson.InetOrgPersonMixin} based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

ldap/src/main/java/org/springframework/security/ldap/jackson2/LdapAuthorityMixin.java

@@ -34,7 +34,11 @@ import org.springframework.security.ldap.userdetails.LdapAuthority;
  * @since 5.7
  * @see LdapJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.ldap.jackson.LdapAuthorityMixin} based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)

ldap/src/main/java/org/springframework/security/ldap/jackson2/LdapJackson2Module.java

@@ -45,8 +45,11 @@ import org.springframework.security.ldap.userdetails.Person;
  *
  * @since 5.7
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@link org.springframework.security.ldap.jackson.LdapJacksonModule} based on Jackson 3
  */
-@SuppressWarnings("serial")
+@Deprecated(forRemoval = true)
+@SuppressWarnings({ "serial", "removal" })
 public class LdapJackson2Module extends SimpleModule {
 
 	public LdapJackson2Module() {

ldap/src/main/java/org/springframework/security/ldap/jackson2/LdapUserDetailsImplMixin.java

@@ -29,7 +29,12 @@ import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
  * @since 5.7
  * @see LdapJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.ldap.jackson.LdapUserDetailsImplMixin} based on
+ * Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

ldap/src/main/java/org/springframework/security/ldap/jackson2/PersonMixin.java

@@ -29,7 +29,11 @@ import org.springframework.security.ldap.userdetails.Person;
  * @since 5.7
  * @see LdapJackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.ldap.jackson.PersonMixin} based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

ldap/src/test/java/org/springframework/security/ldap/jackson2/InetOrgPersonMixinTests.java

@@ -36,6 +36,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 /**
  * Tests for {@link InetOrgPersonMixin}.
  */
+@SuppressWarnings("removal")
 public class InetOrgPersonMixinTests {
 
 	private static final String USER_PASSWORD = "Password1234";

ldap/src/test/java/org/springframework/security/ldap/jackson2/LdapUserDetailsImplMixinTests.java

@@ -36,6 +36,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 /**
  * Tests for {@link LdapUserDetailsImplMixin}.
  */
+@SuppressWarnings("removal")
 public class LdapUserDetailsImplMixinTests {
 
 	private static final String USER_PASSWORD = "Password1234";

ldap/src/test/java/org/springframework/security/ldap/jackson2/PersonMixinTests.java

@@ -36,6 +36,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 /**
  * Tests for {@link PersonMixin}.
  */
+@SuppressWarnings("removal")
 public class PersonMixinTests {
 
 	private static final String USER_PASSWORD = "Password1234";

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/DurationMixin.java

@@ -30,11 +30,13 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * @author Joe Grandja
  * @since 7.0
  * @see Duration
+ * @deprecated as of 7.0
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE, setterVisibility = JsonAutoDetect.Visibility.NONE,
 		creatorVisibility = JsonAutoDetect.Visibility.NONE)
+@Deprecated(forRemoval = true)
 abstract class DurationMixin {
 
 	@JsonCreator

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/HashSetMixin.java

@@ -28,8 +28,10 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * @author Steve Riesenberg
  * @since 7.0
  * @see HashSet
+ * @deprecated as of 7.0
  */
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
+@Deprecated(forRemoval = true)
 abstract class HashSetMixin {
 
 	@JsonCreator

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/JsonNodeUtils.java

@@ -28,7 +28,11 @@ import com.fasterxml.jackson.databind.ObjectMapper;
  *
  * @author Joe Grandja
  * @since 7.0
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.server.authorization.jackson.JsonNodeUtils}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 abstract class JsonNodeUtils {
 
 	static final TypeReference<Set<String>> STRING_SET = new TypeReference<>() {

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/JwsAlgorithmMixin.java

@@ -27,7 +27,11 @@ import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
  * @author Joe Grandja
  * @since 7.0
  * @see SignatureAlgorithm
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.server.authorization.jackson.JwsAlgorithmMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestDeserializer.java

@@ -36,7 +36,12 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
  * @since 7.0
  * @see OAuth2AuthorizationRequest
  * @see OAuth2AuthorizationRequestMixin
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.server.authorization.jackson.OAuth2AuthorizationRequestDeserializer}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 final class OAuth2AuthorizationRequestDeserializer extends JsonDeserializer<OAuth2AuthorizationRequest> {
 
 	@Override

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationRequestMixin.java

@@ -31,7 +31,12 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
  * @since 7.0
  * @see OAuth2AuthorizationRequest
  * @see OAuth2AuthorizationRequestDeserializer
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.server.authorization.jackson.OAuth2AuthorizationRequestMixin}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonDeserialize(using = OAuth2AuthorizationRequestDeserializer.class)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2Module.java

@@ -69,8 +69,12 @@ import org.springframework.security.oauth2.server.authorization.settings.OAuth2T
  * @see JwsAlgorithmMixin
  * @see OAuth2TokenFormatMixin
  * @see StringArrayMixin
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.server.authorization.jackson.OAuth2AuthorizationServerJacksonModule}
+ * based on Jackson 3
  */
-@SuppressWarnings("serial")
+@SuppressWarnings({ "serial", "removal" })
+@Deprecated(forRemoval = true)
 public class OAuth2AuthorizationServerJackson2Module extends SimpleModule {
 
 	public OAuth2AuthorizationServerJackson2Module() {

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2TokenExchangeActorMixin.java

@@ -32,7 +32,11 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
  * @author Steve Riesenberg
  * @since 7.0
  * @see OAuth2TokenExchangeActor
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.server.authorization.jackson.OAuth2TokenExchangeActorMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2TokenExchangeCompositeAuthenticationTokenMixin.java

@@ -34,7 +34,11 @@ import org.springframework.security.oauth2.server.authorization.authentication.O
  * @author Steve Riesenberg
  * @since 7.0
  * @see OAuth2TokenExchangeCompositeAuthenticationToken
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.server.authorization.jackson.OAuth2TokenExchangeCompositeAuthenticationTokenMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE, creatorVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2TokenFormatMixin.java

@@ -29,7 +29,11 @@ import org.springframework.security.oauth2.server.authorization.settings.OAuth2T
  * @author Joe Grandja
  * @since 7.0
  * @see OAuth2TokenFormat
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.server.authorization.jackson.OAuth2TokenFormatMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/StringArrayMixin.java

@@ -25,7 +25,9 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * @author Nikola Jovanovic
  * @since 7.0
  * @see String
+ * @deprecated as of 7.0
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 abstract class StringArrayMixin {
 

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapDeserializer.java

@@ -34,7 +34,10 @@ import com.fasterxml.jackson.databind.ObjectMapper;
  * @since 7.0
  * @see Collections#unmodifiableMap(Map)
  * @see UnmodifiableMapMixin
+ * @deprecated as of 7.0
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 final class UnmodifiableMapDeserializer extends JsonDeserializer<Map<?, ?>> {
 
 	@Override

oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/jackson2/UnmodifiableMapMixin.java

@@ -32,7 +32,10 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * @since 7.0
  * @see Collections#unmodifiableMap(Map)
  * @see UnmodifiableMapDeserializer
+ * @deprecated as of 7.0
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonDeserialize(using = UnmodifiableMapDeserializer.class)
 abstract class UnmodifiableMapMixin {

oauth2/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/jackson2/OAuth2AuthorizationServerJackson2ModuleTests.java

@@ -46,6 +46,7 @@ import static org.assertj.core.api.Assertions.assertThat;
  * @author Steve Riesenberg
  * @author Joe Grandja
  */
+@SuppressWarnings("removal")
 public class OAuth2AuthorizationServerJackson2ModuleTests {
 
 	private static final TypeReference<Map<String, Object>> STRING_OBJECT_MAP = new TypeReference<>() {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationDeserializer.java

@@ -37,7 +37,11 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
  * @since 5.3
  * @see ClientRegistration
  * @see ClientRegistrationMixin
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.ClientRegistrationDeserializer}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 final class ClientRegistrationDeserializer extends JsonDeserializer<ClientRegistration> {
 
 	private static final StdConverter<JsonNode, ClientAuthenticationMethod> CLIENT_AUTHENTICATION_METHOD_CONVERTER = new StdConverters.ClientAuthenticationMethodConverter();

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/ClientRegistrationMixin.java

@@ -32,7 +32,11 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
  * @see ClientRegistration
  * @see ClientRegistrationDeserializer
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.ClientRegistrationMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonDeserialize(using = ClientRegistrationDeserializer.class)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOAuth2UserMixin.java

@@ -35,7 +35,11 @@ import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
  * @since 5.3
  * @see DefaultOAuth2User
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.DefaultOAuth2UserMixin} based
+ * on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/DefaultOidcUserMixin.java

@@ -36,7 +36,11 @@ import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
  * @since 5.3
  * @see DefaultOidcUser
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.DefaultOidcUserMixin} based
+ * on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/JsonNodeUtils.java

@@ -28,7 +28,11 @@ import com.fasterxml.jackson.databind.ObjectMapper;
  *
  * @author Joe Grandja
  * @since 5.3
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.JsonNodeUtils} based on
+ * Jackson 3
  */
+@Deprecated(forRemoval = true)
 abstract class JsonNodeUtils {
 
 	static final TypeReference<Set<String>> STRING_SET = new TypeReference<>() {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AccessTokenMixin.java

@@ -35,7 +35,11 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
  * @since 5.3
  * @see OAuth2AccessToken
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OAuth2AccessTokenMixin} based
+ * on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixin.java

@@ -34,7 +34,11 @@ import org.springframework.security.oauth2.core.OAuth2Error;
  * @since 5.3.4
  * @see OAuth2AuthenticationException
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OAuth2AuthenticationExceptionMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixin.java

@@ -35,7 +35,11 @@ import org.springframework.security.oauth2.core.user.OAuth2User;
  * @since 5.3
  * @see OAuth2AuthenticationToken
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OAuth2AuthenticationTokenMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestDeserializer.java

@@ -37,7 +37,11 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
  * @since 5.3
  * @see OAuth2AuthorizationRequest
  * @see OAuth2AuthorizationRequestMixin
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OAuth2AuthorizationRequestDeserializer}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 final class OAuth2AuthorizationRequestDeserializer extends JsonDeserializer<OAuth2AuthorizationRequest> {
 
 	private static final StdConverter<JsonNode, AuthorizationGrantType> AUTHORIZATION_GRANT_TYPE_CONVERTER = new StdConverters.AuthorizationGrantTypeConverter();

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixin.java

@@ -32,7 +32,11 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
  * @see OAuth2AuthorizationRequest
  * @see OAuth2AuthorizationRequestDeserializer
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OAuth2AuthorizationRequestMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonDeserialize(using = OAuth2AuthorizationRequestDeserializer.class)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixin.java

@@ -34,7 +34,11 @@ import org.springframework.security.oauth2.core.OAuth2RefreshToken;
  * @since 5.3
  * @see OAuth2AuthorizedClient
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OAuth2AuthorizedClientMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java

@@ -85,8 +85,12 @@ import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
  * @see OAuth2AuthenticationTokenMixin
  * @see OAuth2AuthenticationExceptionMixin
  * @see OAuth2ErrorMixin
+ * @deprecated as of 7.0 in favor of
+ * {@link org.springframework.security.oauth2.client.jackson.OAuth2ClientJacksonModule}
+ * based on Jackson 3
  */
-@SuppressWarnings("serial")
+@Deprecated(forRemoval = true)
+@SuppressWarnings({ "serial", "removal" })
 public class OAuth2ClientJackson2Module extends SimpleModule {
 
 	public OAuth2ClientJackson2Module() {

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ErrorMixin.java

@@ -33,7 +33,11 @@ import org.springframework.security.oauth2.core.OAuth2Error;
  * @see OAuth2Error
  * @see OAuth2AuthenticationExceptionMixin
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OAuth2ErrorMixin} based on
+ * Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2RefreshTokenMixin.java

@@ -33,7 +33,11 @@ import org.springframework.security.oauth2.core.OAuth2RefreshToken;
  * @since 5.3
  * @see OAuth2RefreshToken
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OAuth2RefreshTokenMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2UserAuthorityMixin.java

@@ -33,7 +33,11 @@ import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
  * @since 5.3
  * @see OAuth2UserAuthority
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OAuth2UserAuthorityMixin}
+ * based on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcIdTokenMixin.java

@@ -34,7 +34,11 @@ import org.springframework.security.oauth2.core.oidc.OidcIdToken;
  * @since 5.3
  * @see OidcIdToken
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OidcIdTokenMixin} based on
+ * Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserAuthorityMixin.java

@@ -33,7 +33,11 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
  * @since 5.3
  * @see OidcUserAuthority
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OidcUserAuthorityMixin} based
+ * on Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OidcUserInfoMixin.java

@@ -33,7 +33,11 @@ import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
  * @since 5.3
  * @see OidcUserInfo
  * @see OAuth2ClientJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.OidcUserInfoMixin} based on
+ * Jackson 3
  */
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/StdConverters.java

@@ -29,7 +29,11 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
  *
  * @author Joe Grandja
  * @since 5.3
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.oauth2.client.jackson.StdConverters} based on
+ * Jackson 3
  */
+@Deprecated(forRemoval = true)
 abstract class StdConverters {
 
 	static final class AccessTokenTypeConverter extends StdConverter<JsonNode, OAuth2AccessToken.TokenType> {

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationExceptionMixinTests.java

@@ -35,6 +35,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
  * @author Dennis Neufeld
  * @since 5.3.4
  */
+@SuppressWarnings("removal")
 public class OAuth2AuthenticationExceptionMixinTests {
 
 	private ObjectMapper mapper;

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthenticationTokenMixinTests.java

@@ -56,6 +56,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
  *
  * @author Joe Grandja
  */
+@SuppressWarnings("removal")
 public class OAuth2AuthenticationTokenMixinTests {
 
 	private ObjectMapper mapper;

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizationRequestMixinTests.java

@@ -41,6 +41,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
  *
  * @author Joe Grandja
  */
+@SuppressWarnings("removal")
 public class OAuth2AuthorizationRequestMixinTests {
 
 	private ObjectMapper mapper;

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/OAuth2AuthorizedClientMixinTests.java

@@ -48,6 +48,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
  *
  * @author Joe Grandja
  */
+@SuppressWarnings("removal")
 public class OAuth2AuthorizedClientMixinTests {
 
 	private ObjectMapper mapper;

oauth2/oauth2-client/src/test/java/org/springframework/security/oauth2/client/jackson2/StdConvertersTests.java

@@ -30,6 +30,7 @@ import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+@SuppressWarnings("removal")
 public class StdConvertersTests {
 
 	private final StdConverter<JsonNode, ClientAuthenticationMethod> clientAuthenticationMethodConverter = new StdConverters.ClientAuthenticationMethodConverter();

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/DefaultSaml2AuthenticatedPrincipalMixin.java

@@ -40,7 +40,12 @@ import org.springframework.security.saml2.provider.service.authentication.Defaul
  * @since 5.7
  * @see Saml2Jackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.saml2.jackson.DefaultSaml2AuthenticatedPrincipalMixin}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2AssertionAuthenticationMixin.java

@@ -42,7 +42,12 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2R
  * @since 7.0
  * @see Saml2Jackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.saml2.jackson.Saml2AssertionAuthenticationMixin}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2AuthenticationExceptionMixin.java

@@ -32,7 +32,12 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2A
  * @since 5.7
  * @see Saml2AuthenticationException
  * @see Saml2Jackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.saml2.jackson.Saml2AuthenticationExceptionMixin}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.NONE, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2AuthenticationMixin.java

@@ -41,7 +41,12 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2A
  * @since 5.7
  * @see Saml2Jackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.saml2.jackson.Saml2AuthenticationMixin} based on
+ * Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2ErrorMixin.java

@@ -31,7 +31,11 @@ import org.springframework.security.saml2.core.Saml2Error;
  * @since 5.7
  * @see Saml2Error
  * @see Saml2Jackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.saml2.jackson.Saml2ErrorMixin} based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2Jackson2Module.java

@@ -40,8 +40,12 @@ import org.springframework.security.saml2.provider.service.authentication.logout
  * @author Ulrich Grave
  * @since 5.7
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@link org.springframework.security.saml2.jackson.Saml2JacksonModule} based on Jackson
+ * 3
  */
-@SuppressWarnings("serial")
+@Deprecated(forRemoval = true)
+@SuppressWarnings({ "serial", "removal" })
 public class Saml2Jackson2Module extends SimpleModule {
 
 	public Saml2Jackson2Module() {
@@ -50,6 +54,7 @@ public class Saml2Jackson2Module extends SimpleModule {
 
 	@Override
 	public void setupModule(SetupContext context) {
+		// TODO Is it expected that default typing in not configured here?
 		context.setMixInAnnotations(Saml2Authentication.class, Saml2AuthenticationMixin.class);
 		context.setMixInAnnotations(Saml2AssertionAuthentication.class, Saml2AssertionAuthenticationMixin.class);
 		context.setMixInAnnotations(Saml2ResponseAssertion.class, SimpleSaml2ResponseAssertionAccessorMixin.class);

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2LogoutRequestMixin.java

@@ -42,7 +42,12 @@ import org.springframework.security.saml2.provider.service.registration.Saml2Mes
  * @since 5.7
  * @see Saml2Jackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.saml2.jackson.Saml2LogoutRequestMixin} based on
+ * Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2PostAuthenticationRequestMixin.java

@@ -38,7 +38,12 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2P
  * @since 5.7
  * @see Saml2Jackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.saml2.jackson.Saml2PostAuthenticationRequestMixin}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2RedirectAuthenticationRequestMixin.java

@@ -38,7 +38,12 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2R
  * @since 5.7
  * @see Saml2Jackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.saml2.jackson.Saml2RedirectAuthenticationRequestMixin}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/SimpleSaml2ResponseAssertionAccessorMixin.java

@@ -40,7 +40,12 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2R
  * @since 7.0
  * @see Saml2Jackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.saml2.jackson.SimpleSaml2ResponseAssertionAccessorMixin}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/DefaultSaml2AuthenticatedPrincipalMixinTests.java

@@ -26,6 +26,7 @@ import org.springframework.security.saml2.provider.service.authentication.Defaul
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+@SuppressWarnings("removal")
 class DefaultSaml2AuthenticatedPrincipalMixinTests {
 
 	private ObjectMapper mapper;

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/Saml2AuthenticationExceptionMixinTests.java

@@ -27,6 +27,7 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2A
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+@SuppressWarnings("removal")
 class Saml2AuthenticationExceptionMixinTests {
 
 	private ObjectMapper mapper;

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/Saml2AuthenticationMixinTests.java

@@ -26,6 +26,7 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2A
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+@SuppressWarnings("removal")
 class Saml2AuthenticationMixinTests {
 
 	private ObjectMapper mapper;

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/Saml2LogoutRequestMixinTests.java

@@ -32,6 +32,7 @@ import org.springframework.security.saml2.provider.service.registration.Saml2Mes
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+@SuppressWarnings("removal")
 class Saml2LogoutRequestMixinTests {
 
 	private ObjectMapper mapper;

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/Saml2PostAuthenticationRequestMixinTests.java

@@ -26,6 +26,7 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2P
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+@SuppressWarnings("removal")
 class Saml2PostAuthenticationRequestMixinTests {
 
 	private ObjectMapper mapper;

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/jackson2/Saml2RedirectAuthenticationRequestMixinTests.java

@@ -26,6 +26,7 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2R
 
 import static org.assertj.core.api.Assertions.assertThat;
 
+@SuppressWarnings("removal")
 class Saml2RedirectAuthenticationRequestMixinTests {
 
 	private ObjectMapper mapper;

web/src/main/java/org/springframework/security/web/jackson2/CookieDeserializer.java

@@ -37,7 +37,11 @@ import jakarta.servlet.http.Cookie;
  * @author Jitendra Singh
  * @since 4.2
  * @see CookieMixin
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.web.jackson.CookieDeserializer} based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 class CookieDeserializer extends JsonDeserializer<Cookie> {
 
 	@Override

web/src/main/java/org/springframework/security/web/jackson2/CookieMixin.java

@@ -32,7 +32,11 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
  * @since 4.2
  * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.web.jackson.CookieMixin} based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonDeserialize(using = CookieDeserializer.class)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, isGetterVisibility = JsonAutoDetect.Visibility.NONE)

web/src/main/java/org/springframework/security/web/jackson2/DefaultCsrfTokenMixin.java

@@ -34,7 +34,12 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * @since 4.2
  * @see WebJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.web.jackson.DefaultCsrfTokenMixin} based on Jackson
+ * 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
 @JsonIgnoreProperties(ignoreUnknown = true)
 class DefaultCsrfTokenMixin {

web/src/main/java/org/springframework/security/web/jackson2/DefaultSavedRequestMixin.java

@@ -39,7 +39,12 @@ import org.springframework.security.web.savedrequest.DefaultSavedRequest;
  * @since 4.2
  * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.web.jackson.DefaultCsrfTokenMixin} based on Jackson
+ * 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonDeserialize(builder = DefaultSavedRequest.Builder.class)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)

web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenDeserializer.java

@@ -43,7 +43,12 @@ import org.springframework.security.web.authentication.preauth.PreAuthenticatedA
  * @author Jitendra Singh
  * @since 4.2
  * @see PreAuthenticatedAuthenticationTokenMixin
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.web.jackson.PreAuthenticatedAuthenticationTokenDeserializer}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 class PreAuthenticatedAuthenticationTokenDeserializer extends JsonDeserializer<PreAuthenticatedAuthenticationToken> {
 
 	private static final TypeReference<List<GrantedAuthority>> GRANTED_AUTHORITY_LIST = new TypeReference<>() {

web/src/main/java/org/springframework/security/web/jackson2/PreAuthenticatedAuthenticationTokenMixin.java

@@ -31,9 +31,7 @@ import org.springframework.security.jackson2.SimpleGrantedAuthorityMixin;
  *
  * In order to use this mixin you'll need to add 3 more mixin classes.
  * <ol>
- * <li>{@link UnmodifiableSetMixin}</li>
  * <li>{@link SimpleGrantedAuthorityMixin}</li>
- * <li>{@link UserMixin}</li>
  * </ol>
  *
  * <pre>
@@ -43,9 +41,13 @@ import org.springframework.security.jackson2.SimpleGrantedAuthorityMixin;
  *
  * @author Jitendra Singh
  * @since 4.2
- * @see Webackson2Module
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.web.jackson.PreAuthenticatedAuthenticationTokenMixin}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

web/src/main/java/org/springframework/security/web/jackson2/SavedCookieMixin.java

@@ -32,11 +32,15 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  *		mapper.registerModule(new WebServletJackson2Module());
  * </pre>
  *
- * @author Jitendra Singh.
+ * @author Jitendra Singh
  * @since 4.2
  * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.web.jackson.SavedCookieMixin} based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE)
 @JsonIgnoreProperties(ignoreUnknown = true)

web/src/main/java/org/springframework/security/web/jackson2/SwitchUserGrantedAuthorityMixIn.java

@@ -33,7 +33,12 @@ import org.springframework.security.web.authentication.switchuser.SwitchUserGran
  * @see WebJackson2Module
  * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.web.jackson.SwitchUserGrantedAuthorityMixIn} based
+ * on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,
 		isGetterVisibility = JsonAutoDetect.Visibility.NONE)

web/src/main/java/org/springframework/security/web/jackson2/WebAuthenticationDetailsMixin.java

@@ -35,7 +35,12 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * @since 4.2
  * @see WebServletJackson2Module
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.web.jackson.SwitchUserGrantedAuthorityMixIn} based
+ * on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY)
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, getterVisibility = JsonAutoDetect.Visibility.NONE,

web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java

@@ -35,14 +35,19 @@ import org.springframework.security.web.csrf.DefaultCsrfToken;
  * <pre>
  *     ObjectMapper mapper = new ObjectMapper();
  *     mapper.registerModule(new WebJackson2Module());
- * </pre> <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list
- * of all security modules.</b>
+ * </pre>
+ *
+ * <b>Note: use {@link SecurityJackson2Modules#getModules(ClassLoader)} to get list of all
+ * security modules.</b>
  *
  * @author Jitendra Singh
  * @since 4.2
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@link org.springframework.security.web.jackson.WebJacksonModule} based on Jackson 3
  */
-@SuppressWarnings("serial")
+@Deprecated(forRemoval = true)
+@SuppressWarnings({ "serial", "removal" })
 public class WebJackson2Module extends SimpleModule {
 
 	public WebJackson2Module() {

web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java

@@ -43,8 +43,12 @@ import org.springframework.security.web.savedrequest.SavedCookie;
  * @author Boris Finkelshteyn
  * @since 5.1
  * @see SecurityJackson2Modules
+ * @deprecated as of 7.0 in favor of
+ * {@link org.springframework.security.web.jackson.WebServletJacksonModule} based on
+ * Jackson 3
  */
-@SuppressWarnings("serial")
+@Deprecated(forRemoval = true)
+@SuppressWarnings({ "serial", "removal" })
 public class WebServletJackson2Module extends SimpleModule {
 
 	public WebServletJackson2Module() {

web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java

@@ -27,7 +27,6 @@ import java.util.Objects;
 import java.util.TreeMap;
 
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
-import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
 import jakarta.servlet.http.Cookie;
 import jakarta.servlet.http.HttpServletRequest;
 import org.apache.commons.logging.Log;
@@ -337,7 +336,8 @@ public class DefaultSavedRequest implements SavedRequest {
 	 * @since 4.2
 	 */
 	@JsonIgnoreProperties(ignoreUnknown = true)
-	@JsonPOJOBuilder(withPrefix = "set")
+	@com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder(withPrefix = "set")
+	@tools.jackson.databind.annotation.JsonPOJOBuilder(withPrefix = "set")
 	public static class Builder {
 
 		private @Nullable List<SavedCookie> cookies = null;

web/src/main/java/org/springframework/security/web/server/jackson2/DefaultCsrfServerTokenMixin.java

@@ -34,7 +34,12 @@ import com.fasterxml.jackson.annotation.JsonTypeInfo;
  * @author Boris Finkelshteyn
  * @since 5.1
  * @see WebServerJackson2Module
+ * @deprecated as of 7.0 in favor of
+ * {@code org.springframework.security.web.server.jackson.DefaultCsrfServerTokenMixin}
+ * based on Jackson 3
  */
+@SuppressWarnings("removal")
+@Deprecated(forRemoval = true)
 @JsonTypeInfo(use = JsonTypeInfo.Id.CLASS, include = JsonTypeInfo.As.PROPERTY, property = "@class")
 @JsonIgnoreProperties(ignoreUnknown = true)
 class DefaultCsrfServerTokenMixin {