Deprecated API
Contents
-
Terminally Deprecated ElementsElementDescriptionFor removal in 7.0. Use the lambda based configuration instead.For removal in 7.0. Use
HttpSecurity.anonymous(Customizer)oranonymous(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.authorizeHttpRequests(Customizer)insteadFor removal in 7.0. UseHttpSecurity.authorizeHttpRequests(Customizer)insteadFor removal in 7.0. UseHttpSecurity.authorizeHttpRequests(Customizer)insteadFor removal in 7.0. UseHttpSecurity.cors(Customizer)orcors(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.csrf(Customizer)orcsrf(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.exceptionHandling(Customizer)orexceptionHandling(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.formLogin(Customizer)orformLogin(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.headers(Customizer)orheaders(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.httpBasic(Customizer)orhttpBasic(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.jee(Customizer)orjee(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.logout(Customizer)orlogout(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.oauth2Client(Customizer)oroauth2Client(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.oauth2Login(Customizer)oroauth2Login(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.oauth2ResourceServer(Customizer)insteadFor removal in 7.0. UseHttpSecurity.portMapper(Customizer)orportMapper(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.rememberMe(Customizer)orrememberMe(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.requestCache(Customizer)orrequestCache(Customizer.withDefaults())to stick with defaults. See the documentation for more details.Use the lambda based configuration instead. For example:@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .securityMatchers((matchers) -> matchers .requestMatchers("/api/**") ) .authorizeHttpRequests((authorize) -> authorize .anyRequest().hasRole("USER") ) .httpBasic(Customizer.withDefaults()); return http.build(); } }For removal in 7.0. UseHttpSecurity.requiresChannel(Customizer)orrequiresChannel(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.saml2Login(Customizer)orsaml2Login(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.saml2Logout(Customizer)orsaml2Logout(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.saml2Metadata(Customizer)orsaml2Metadata(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.securityContext(Customizer)orsecurityContext(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.securityMatchers(Customizer)orsecurityMatchers(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.servletApi(Customizer)orservletApi(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.sessionManagement(Customizer)orsessionManagement(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHttpSecurity.x509(Customizer)orx509(Customizer.withDefaults())to stick with defaults. See the documentation for more details.org.springframework.security.config.annotation.web.builders.WebSecurity(ObjectPostProcessor<Object>) For removal in 7.0. Use the lambda based configuration instead.Permit access to theDispatcherTypeinstead.@Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests((authorize) -> authorize .dispatcherTypeMatchers(DispatcherType.ERROR).permitAll() // ... ); return http.build(); } }For removal in 7.0. UseHttpSecurity.requiresChannel(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.cacheControl(Customizer)orcacheControl(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.cacheControl(Customizer)orcacheControl(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.contentSecurityPolicy(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.contentSecurityPolicy(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.contentTypeOptions(Customizer)orcontentTypeOptions(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.contentTypeOptions(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginEmbedderPolicy(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginEmbedderPolicy(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginOpenerPolicy(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginOpenerPolicy(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginResourcePolicy(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.crossOriginResourcePolicy(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.frameOptions(Customizer)orframeOptions(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.frameOptions(Customizer)orframeOptions(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.httpStrictTransportSecurity(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.httpStrictTransportSecurity(Customizer)insteadorg.springframework.security.config.annotation.web.configurers.HeadersConfigurer.permissionsPolicy()For removal in 7.0. UseHeadersConfigurer.permissionsPolicyHeader(Customizer)orpermissionsPolicy(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.permissionsPolicyHeader(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.permissionsPolicy(Customizer)insteadFor removal in 7.0. UseHeadersConfigurer.referrerPolicy(Customizer)orreferrerPolicy(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.referrerPolicy(Customizer)orreferrerPolicy(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.referrerPolicy(Customizer)orreferrerPolicy(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.xssProtection(Customizer)orxssProtection(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseHeadersConfigurer.xssProtection(Customizer)orxssProtection(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2ClientConfigurer.authorizationCodeGrant(Customizer)insteadFor removal in 7.0. UseOAuth2ClientConfigurer.authorizationCodeGrant(Customizer)insteadFor removal in 7.0. UseOAuth2LoginConfigurer.authorizationEndpoint(Customizer)insteadFor removal in 7.0. UseOAuth2LoginConfigurer.authorizationEndpoint(Customizer)insteadFor removal in 7.0. UseOAuth2LoginConfigurer.redirectionEndpoint(Customizer)insteadFor removal in 7.0. UseOAuth2LoginConfigurer.redirectionEndpoint(Customizer)insteadFor removal in 7.0. UseOAuth2LoginConfigurer.tokenEndpoint(Customizer)ortokenEndpoint(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2LoginConfigurer.tokenEndpoint(Customizer)ortokenEndpoint(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2LoginConfigurer.userInfoEndpoint(Customizer)oruserInfoEndpoint(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2LoginConfigurer.userInfoEndpoint(Customizer)insteadFor removal in 7.0. UseOAuth2ResourceServerConfigurer.jwt(Customizer)orjwt(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2ResourceServerConfigurer.jwt(Customizer)orjwt(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseOAuth2ResourceServerConfigurer.opaqueToken(Customizer)oropaqueToken(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutRequest(Customizer)orlogoutRequest(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutRequest(Customizer)orlogoutRequest(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. UseSaml2LogoutConfigurer.logoutResponse(Customizer)orlogoutResponse(Customizer.withDefaults())to stick with defaults. See the documentation for more details.For removal in 7.0. Use
AbstractConfiguredSecurityBuilder.with(SecurityConfigurerAdapter, Customizer)instead.