Deprecated List (spring-security-web 5.4.1 API)

Skip navigation links

Prev
Next

All Classes

Deprecated Interfaces
Interface and Description
org.springframework.security.web.header.writers.frameoptions.AllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
org.springframework.security.web.util.matcher.RequestVariablesExtractor use `RequestMatcher.MatchResult` from `RequestMatcher.matcher(HttpServletRequest)`

Deprecated Classes
Class and Description
org.springframework.security.web.header.writers.frameoptions.AbstractRequestParameterAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
org.springframework.security.web.bind.support.AuthenticationPrincipalArgumentResolver Use `AuthenticationPrincipalArgumentResolver` instead.
org.springframework.security.web.header.writers.frameoptions.RegExpAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
org.springframework.security.web.server.ServerFormLoginAuthenticationConverter use `ServerFormLoginAuthenticationConverter` instead.
org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter Use `ServerHttpBasicAuthenticationConverter` instead.
org.springframework.security.web.header.writers.frameoptions.StaticAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.
org.springframework.security.web.header.writers.frameoptions.WhiteListedAllowFromStrategy ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

Deprecated Annotation Types
Annotation Type and Description

org.springframework.security.web.bind.annotation.AuthenticationPrincipal
Use AuthenticationPrincipal instead.

Deprecated Methods
Method and Description
org.springframework.security.web.server.ServerFormLoginAuthenticationConverter.apply(ServerWebExchange)
org.springframework.security.web.server.ServerHttpBasicAuthenticationConverter.apply(ServerWebExchange)
org.springframework.security.web.session.ConcurrentSessionFilter.determineExpiredUrl(HttpServletRequest, SessionInformation) Use `ConcurrentSessionFilter.ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)` instead.
org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher.extractUriTemplateVariables(HttpServletRequest)
org.springframework.security.web.util.matcher.AntPathRequestMatcher.extractUriTemplateVariables(HttpServletRequest)
org.springframework.security.web.firewall.StrictHttpFirewall.getEncodedUrlBlacklist() Use `StrictHttpFirewall.getEncodedUrlBlocklist()` instead
org.springframework.security.web.server.authentication.AuthenticationWebFilter.setAuthenticationConverter(Function<ServerWebExchange, Mono<Authentication>>) As of 5.1 in favor of `AuthenticationWebFilter.setServerAuthenticationConverter(ServerAuthenticationConverter)`
org.springframework.security.web.session.ConcurrentSessionFilter.setRedirectStrategy(RedirectStrategy) use `ConcurrentSessionFilter.ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)` instead.

Deprecated Constructors
Constructor and Description
org.springframework.security.web.session.ConcurrentSessionFilter(SessionRegistry, String) use `ConcurrentSessionFilter.ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)` with `SimpleRedirectSessionInformationExpiredStrategy` instead.
org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter(AllowFromStrategy) ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

Deprecated Enum Constants
Enum Constant and Description
org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode.ALLOW_FROM ALLOW-FROM is an obsolete directive that no longer works in modern browsers. Instead use Content-Security-Policy with the frame-ancestors directive.

Skip navigation links

Prev
Next

All Classes