From 3f8503f1b4948c6fc317fd1b23177815e37ad317 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Tue, 31 May 2022 10:13:11 -0600 Subject: [PATCH] Deprecate AccessDecisionManager et al Closes gh-11302 --- .../aspectj/aspect/AnnotationSecurityAspect.aj | 4 +++- .../configuration/EnableGlobalMethodSecurity.java | 4 +++- .../GlobalMethodSecurityAspectJAutoProxyRegistrar.java | 4 +++- .../GlobalMethodSecurityConfiguration.java | 4 ++++ .../configuration/GlobalMethodSecuritySelector.java | 4 +++- .../Jsr250MetadataSourceConfiguration.java | 3 ++- .../MethodSecurityMetadataSourceAdvisorRegistrar.java | 4 +++- .../config/annotation/web/builders/HttpSecurity.java | 4 ++++ .../configurers/AbstractInterceptUrlConfigurer.java | 2 ++ .../ExpressionUrlAuthorizationConfigurer.java | 4 +++- .../web/configurers/UrlAuthorizationConfigurer.java | 4 +++- .../FilterInvocationSecurityMetadataSourceParser.java | 4 +++- .../GlobalMethodSecurityBeanDefinitionParser.java | 4 +++- .../InterceptMethodsBeanDefinitionDecorator.java | 4 ++++ ...thodSecurityMetadataSourceBeanDefinitionParser.java | 5 ++++- .../config/method/ProtectPointcutPostProcessor.java | 4 +++- .../security/access/AccessDecisionManager.java | 3 +++ .../security/access/AccessDecisionVoter.java | 3 +++ .../security/access/AfterInvocationProvider.java | 5 +++++ .../access/annotation/AnnotationMetadataExtractor.java | 6 +++++- .../annotation/Jsr250MethodSecurityMetadataSource.java | 4 ++++ .../access/annotation/Jsr250SecurityConfig.java | 5 ++++- .../security/access/annotation/Jsr250Voter.java | 6 +++++- .../SecuredAnnotationSecurityMetadataSource.java | 3 +++ .../access/event/AbstractAuthorizationEvent.java | 4 ++++ .../event/AuthenticationCredentialsNotFoundEvent.java | 4 ++++ .../access/event/AuthorizationFailureEvent.java | 4 ++++ .../security/access/event/AuthorizedEvent.java | 4 ++++ .../security/access/event/LoggerListener.java | 3 +++ .../security/access/event/PublicInvocationEvent.java | 5 +++++ .../AbstractExpressionBasedMethodConfigAttribute.java | 5 ++++- .../ExpressionBasedAnnotationAttributeFactory.java | 5 ++++- .../method/ExpressionBasedPostInvocationAdvice.java | 6 +++++- .../method/ExpressionBasedPreInvocationAdvice.java | 6 +++++- .../method/PostInvocationExpressionAttribute.java | 6 +++++- .../method/PreInvocationExpressionAttribute.java | 6 +++++- .../access/intercept/AbstractSecurityInterceptor.java | 10 ++++++++++ .../access/intercept/AfterInvocationManager.java | 5 +++++ .../intercept/AfterInvocationProviderManager.java | 5 +++++ .../access/intercept/InterceptorStatusToken.java | 5 +++++ .../intercept/MethodInvocationPrivilegeEvaluator.java | 3 +++ .../intercept/RunAsImplAuthenticationProvider.java | 5 +++++ .../security/access/intercept/RunAsManager.java | 4 ++++ .../security/access/intercept/RunAsManagerImpl.java | 4 ++++ .../security/access/intercept/RunAsUserToken.java | 4 ++++ .../aopalliance/MethodSecurityInterceptor.java | 6 ++++++ .../MethodSecurityMetadataSourceAdvisor.java | 2 ++ .../AbstractFallbackMethodSecurityMetadataSource.java | 7 ++++++- .../method/AbstractMethodSecurityMetadataSource.java | 5 +++++ .../method/DelegatingMethodSecurityMetadataSource.java | 7 ++++++- .../method/MapBasedMethodSecurityMetadataSource.java | 5 +++++ .../access/method/MethodSecurityMetadataSource.java | 6 ++++++ .../access/prepost/PostInvocationAdviceProvider.java | 6 +++++- .../access/prepost/PostInvocationAttribute.java | 6 +++++- .../prepost/PostInvocationAuthorizationAdvice.java | 6 +++++- .../access/prepost/PreInvocationAttribute.java | 6 +++++- .../prepost/PreInvocationAuthorizationAdvice.java | 6 +++++- .../prepost/PreInvocationAuthorizationAdviceVoter.java | 6 +++++- .../PrePostAnnotationSecurityMetadataSource.java | 8 +++++++- .../prepost/PrePostInvocationAttributeFactory.java | 6 +++++- .../access/vote/AbstractAccessDecisionManager.java | 4 ++++ .../security/access/vote/AbstractAclVoter.java | 3 +++ .../security/access/vote/AffirmativeBased.java | 4 ++++ .../security/access/vote/AuthenticatedVoter.java | 4 ++++ .../security/access/vote/ConsensusBased.java | 4 ++++ .../security/access/vote/RoleHierarchyVoter.java | 6 +++++- .../security/access/vote/RoleVoter.java | 4 ++++ .../security/access/vote/UnanimousBased.java | 4 ++++ .../access/DefaultWebInvocationPrivilegeEvaluator.java | 4 +++- .../web/access/expression/WebExpressionVoter.java | 4 +++- .../access/intercept/FilterSecurityInterceptor.java | 2 ++ 71 files changed, 297 insertions(+), 34 deletions(-) diff --git a/aspects/src/main/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspect.aj b/aspects/src/main/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspect.aj index cdbbdad0a1..ce5d7b772f 100644 --- a/aspects/src/main/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspect.aj +++ b/aspects/src/main/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspect.aj @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -37,7 +37,9 @@ import org.springframework.security.access.prepost.PreFilter; * @author Mike Wiesner * @author Luke Taylor * @since 3.1 + * @deprecated Use aspects in {@link org.springframework.security.authorization.method.aspectj} instead */ +@Deprecated public aspect AnnotationSecurityAspect implements InitializingBean { /** diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java index 34517d6beb..26e732f747 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2013 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,7 +43,9 @@ import org.springframework.security.config.annotation.authentication.configurati * * @author Rob Winch * @since 3.2 + * @deprecated Use {@link EnableMethodSecurity} instead */ +@Deprecated @Retention(RetentionPolicy.RUNTIME) @Target(ElementType.TYPE) @Documented diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java index b2c44c9280..b047135fd3 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2013 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,7 +36,9 @@ import org.springframework.core.type.AnnotationMetadata; * * @author Rob Winch * @since 3.2 + * @deprecated Use {@link EnableMethodSecurity} instead */ +@Deprecated class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinitionRegistrar { /** diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java index 36afc9e496..d0f6196370 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java @@ -86,7 +86,11 @@ import org.springframework.util.Assert; * @author EddĂș MelĂ©ndez * @since 3.2 * @see EnableGlobalMethodSecurity + * @deprecated Use {@link PrePostMethodSecurityConfiguration}, + * {@link SecuredMethodSecurityConfiguration}, or + * {@link Jsr250MethodSecurityConfiguration} instead */ +@Deprecated @Configuration(proxyBeanMethods = false) @Role(BeanDefinition.ROLE_INFRASTRUCTURE) public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInitializingSingleton, BeanFactoryAware { diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java index 516835b0a4..ba61ce49a2 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -34,7 +34,9 @@ import org.springframework.util.ClassUtils; * * @author Rob Winch * @since 3.2 + * @deprecated Use {@link MethodSecuritySelector} instead */ +@Deprecated final class GlobalMethodSecuritySelector implements ImportSelector { @Override diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java index 147e8c6070..858d9195fb 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -24,6 +24,7 @@ import org.springframework.security.access.annotation.Jsr250MethodSecurityMetada @Configuration(proxyBeanMethods = false) @Role(BeanDefinition.ROLE_INFRASTRUCTURE) +@Deprecated class Jsr250MetadataSourceConfiguration { @Bean diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java index 84a33b00cd..c5f13379bd 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,7 +32,9 @@ import org.springframework.util.MultiValueMap; * @author Rob Winch * @since 4.0.2 * @see GlobalMethodSecuritySelector + * @deprecated Use {@link MethodSecuritySelector} instead */ +@Deprecated class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefinitionRegistrar { /** diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 4d4c33cf0a..3a230d6940 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -1281,8 +1281,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations * @throws Exception + * @deprecated Use {@link #authorizeHttpRequests()} instead * @see #requestMatcher(RequestMatcher) */ + @Deprecated public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests() throws Exception { ApplicationContext context = getContext(); @@ -1395,8 +1397,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer) throws Exception { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java index 54a0a37e56..ceec4c1201 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java @@ -60,7 +60,9 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept * @since 3.2 * @see ExpressionUrlAuthorizationConfigurer * @see UrlAuthorizationConfigurer + * @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead */ +@Deprecated public abstract class AbstractInterceptUrlConfigurer, H extends HttpSecurityBuilder> extends AbstractHttpConfigurer { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java index 0a990fa876..bf191c4db1 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -79,7 +79,9 @@ import org.springframework.util.StringUtils; * @author Yanming Zhou * @since 3.2 * @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests() + * @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead */ +@Deprecated public final class ExpressionUrlAuthorizationConfigurer> extends AbstractInterceptUrlConfigurer, H> { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java index 0fae7eff10..2cbb1a68b4 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -85,7 +85,9 @@ import org.springframework.util.Assert; * @author Rob Winch * @since 3.2 * @see ExpressionUrlAuthorizationConfigurer + * @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead */ +@Deprecated public final class UrlAuthorizationConfigurer> extends AbstractInterceptUrlConfigurer, H> { diff --git a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java index abc7929438..d6a06696a9 100644 --- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java +++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -46,7 +46,9 @@ import org.springframework.util.xml.DomUtils; * for use with a FilterSecurityInterceptor. * * @author Luke Taylor + * @deprecated Use `use-authorization-manager` property instead */ +@Deprecated public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinitionParser { private static final String ATT_USE_EXPRESSIONS = "use-expressions"; diff --git a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java index c87b32e169..628db4211b 100644 --- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -89,7 +89,9 @@ import org.springframework.util.xml.DomUtils; * @author Luke Taylor * @author Rob Winch * @since 2.0 + * @deprecated Use {@link MethodSecurityBeanDefinitionParser} instead */ +@Deprecated public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser { private final Log logger = LogFactory.getLog(getClass()); diff --git a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java index a6f1fe3e22..17a69335c0 100644 --- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java +++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java @@ -125,7 +125,11 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe /** * This is the real class which does the work. We need access to the ParserContext in * order to do bean registration. + * + * @deprecated Use + * {@link InternalAuthorizationManagerInterceptMethodsBeanDefinitionDecorator} */ + @Deprecated static class InternalInterceptMethodsBeanDefinitionDecorator extends AbstractInterceptorDrivenBeanDefinitionDecorator { diff --git a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java index 6b0228de93..d1130117ad 100644 --- a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java +++ b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,7 +36,10 @@ import org.springframework.util.xml.DomUtils; /** * @author Luke Taylor * @since 3.1 + * @deprecated Use {@code }, {@code }, or + * {@code @EnableMethodSecurity} */ +@Deprecated public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBeanDefinitionParser { static final String ATT_METHOD = "method"; diff --git a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java index f35ecc9a88..1ca166e4ac 100644 --- a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java +++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -63,7 +63,9 @@ import org.springframework.util.StringUtils; * * @author Ben Alex * @since 2.0 + * @deprecated Use {@code use-authorization-manager} flag instead */ +@Deprecated final class ProtectPointcutPostProcessor implements BeanPostProcessor { private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class); diff --git a/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java b/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java index eabb82e25d..7163b3634b 100644 --- a/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java +++ b/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java @@ -19,13 +19,16 @@ package org.springframework.security.access; import java.util.Collection; import org.springframework.security.authentication.InsufficientAuthenticationException; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; /** * Makes a final access control (authorization) decision. * * @author Ben Alex + * @deprecated Use {@link AuthorizationManager} instead */ +@Deprecated public interface AccessDecisionManager { /** diff --git a/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java b/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java index e1d98fc8f3..8666352a51 100644 --- a/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java +++ b/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java @@ -18,6 +18,7 @@ package org.springframework.security.access; import java.util.Collection; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; /** @@ -28,7 +29,9 @@ import org.springframework.security.core.Authentication; * {@link org.springframework.security.access.AccessDecisionManager}. * * @author Ben Alex + * @deprecated Use {@link AuthorizationManager} instead */ +@Deprecated public interface AccessDecisionVoter { int ACCESS_GRANTED = 1; diff --git a/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java b/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java index 92691877f0..bae49ad37f 100644 --- a/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java +++ b/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java @@ -19,6 +19,7 @@ package org.springframework.security.access; import java.util.Collection; import org.springframework.security.access.intercept.AfterInvocationProviderManager; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; /** @@ -26,7 +27,11 @@ import org.springframework.security.core.Authentication; * {@link AfterInvocationProviderManager} decision. * * @author Ben Alex + * @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor + * @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor + * @deprecated Use delegation with {@link AuthorizationManager} */ +@Deprecated public interface AfterInvocationProvider { Object decide(Authentication authentication, Object object, Collection attributes, diff --git a/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java b/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java index 274856f9dd..503d73a229 100644 --- a/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java +++ b/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,7 +28,11 @@ import org.springframework.security.access.ConfigAttribute; * Used by {@code SecuredAnnotationSecurityMetadataSource}. * * @author Luke Taylor + * @deprecated Used only by now-deprecated classes. Consider + * {@link org.springframework.security.authorization.method.SecuredAuthorizationManager} + * for `@Secured` methods. */ +@Deprecated public interface AnnotationMetadataExtractor { Collection extractAttributes(A securityAnnotation); diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java index 2cc9700280..fe20aff8a4 100644 --- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java @@ -35,7 +35,11 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity * * @author Ben Alex * @since 2.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.Jsr250AuthorizationManager} + * instead */ +@Deprecated public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource { private String defaultRolePrefix = "ROLE_"; diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java index 133498535b..9213c02dd5 100644 --- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java +++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,13 +20,16 @@ import javax.annotation.security.DenyAll; import javax.annotation.security.PermitAll; import org.springframework.security.access.SecurityConfig; +import org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor; /** * Security config applicable as a JSR 250 annotation attribute. * * @author Ryan Heaton * @since 2.0 + * @deprecated Use {@link AuthorizationManagerBeforeMethodInterceptor#jsr250()} instead */ +@Deprecated public class Jsr250SecurityConfig extends SecurityConfig { public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName()); diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java index d94ae1d3da..0281114606 100644 --- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java +++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -28,7 +28,11 @@ import org.springframework.security.core.GrantedAuthority; * * @author Ryan Heaton * @since 2.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.Jsr250AuthorizationManager} + * instead */ +@Deprecated public class Jsr250Voter implements AccessDecisionVoter { /** diff --git a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java index 152b52ec43..5643ec6201 100644 --- a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java @@ -38,7 +38,10 @@ import org.springframework.util.Assert; * * @author Ben Alex * @author Luke Taylor + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor#secured} */ +@Deprecated @SuppressWarnings({ "unchecked" }) public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource { diff --git a/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java b/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java index a285007615..d71c4339a9 100644 --- a/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java +++ b/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java @@ -22,7 +22,11 @@ import org.springframework.context.ApplicationEvent; * Abstract superclass for all security interception related events. * * @author Ben Alex + * @deprecated Authorization events have moved. Consider + * {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent} and + * {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent} */ +@Deprecated public abstract class AbstractAuthorizationEvent extends ApplicationEvent { /** diff --git a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java index 2474a81059..daae07eec9 100644 --- a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java +++ b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java @@ -27,7 +27,11 @@ import org.springframework.util.Assert; * could not be obtained from the SecurityContextHolder. * * @author Ben Alex + * @deprecated Authentication is now separated from authorization. Consider + * {@link org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent} + * instead. */ +@Deprecated public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizationEvent { private final AuthenticationCredentialsNotFoundException credentialsNotFoundException; diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java index de6a301c6a..eac534ba6d 100644 --- a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java +++ b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java @@ -34,7 +34,11 @@ import org.springframework.util.Assert; * AfterInvocationManager}. * * @author Ben Alex + * @deprecated Use + * {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent} + * instead */ +@Deprecated public class AuthorizationFailureEvent extends AbstractAuthorizationEvent { private final AccessDeniedException accessDeniedException; diff --git a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java index f3b05d655b..7697dea90d 100644 --- a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java +++ b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java @@ -29,7 +29,11 @@ import org.springframework.util.Assert; *

* * @author Ben Alex + * @deprecated Use + * {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent} + * instead */ +@Deprecated public class AuthorizedEvent extends AbstractAuthorizationEvent { private final Authentication authentication; diff --git a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java index 02247ceb15..3c091f1518 100644 --- a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java +++ b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java @@ -30,7 +30,10 @@ import org.springframework.core.log.LogMessage; *

* * @author Ben Alex + * @deprecated Logging is now embedded in Spring Security components. If you need further + * logging, please consider using your own {@link ApplicationListener} */ +@Deprecated public class LoggerListener implements ApplicationListener { private static final Log logger = LogFactory.getLog(LoggerListener.class); diff --git a/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java b/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java index 2ce5db3a85..2aab5dba91 100644 --- a/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java +++ b/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java @@ -16,6 +16,8 @@ package org.springframework.security.access.event; +import org.springframework.security.authorization.event.AuthorizationGrantedEvent; + /** * Event that is generated whenever a public secure object is invoked. *

@@ -28,7 +30,10 @@ package org.springframework.security.access.event; *

* * @author Ben Alex + * @deprecated Only used by now-deprecated classes. Consider + * {@link AuthorizationGrantedEvent#getSource()} to deduce public invocations. */ +@Deprecated public class PublicInvocationEvent extends AbstractAuthorizationEvent { /** diff --git a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java index 722505f22a..95a2725a6b 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,7 +32,10 @@ import org.springframework.util.Assert; * * @author Luke Taylor * @since 3.0 + * @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager} + * interceptors instead */ +@Deprecated abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAttribute { private final Expression filterExpression; diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java index d6fb761966..b309e890a8 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -30,7 +30,10 @@ import org.springframework.security.access.prepost.PrePostInvocationAttributeFac * @author Luke Taylor * @author Rob Winch * @since 3.0 + * @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager} + * interceptors instead */ +@Deprecated public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocationAttributeFactory { private final Object parserLock = new Object(); diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java index 664f97102e..9e6131d081 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,7 +32,11 @@ import org.springframework.security.core.Authentication; /** * @author Luke Taylor * @since 3.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor} + * instead */ +@Deprecated public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthorizationAdvice { protected final Log logger = LogFactory.getLog(getClass()); diff --git a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java index 19c7659407..82f295ab23 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -33,7 +33,11 @@ import org.springframework.util.Assert; * * @author Luke Taylor * @since 3.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor} + * instead */ +@Deprecated public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthorizationAdvice { private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler(); diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java index 08d9c6f2b8..3dc86cc5a1 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,7 +23,11 @@ import org.springframework.security.access.prepost.PostInvocationAttribute; /** * @author Luke Taylor * @since 3.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor} + * instead */ +@Deprecated class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute implements PostInvocationAttribute { diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java index f8c3bae329..26af51a6f1 100644 --- a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java +++ b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,7 +23,11 @@ import org.springframework.security.access.prepost.PreInvocationAttribute; /** * @author Luke Taylor * @since 3.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor} + * instead */ +@Deprecated class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute implements PreInvocationAttribute { diff --git a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java index 2c51a8e6d8..0e8bff01ee 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java +++ b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java @@ -104,7 +104,17 @@ import org.springframework.util.CollectionUtils; * * @author Ben Alex * @author Rob Winch + * @deprecated Use + * {@link org.springframework.security.web.access.intercept.AuthorizationFilter} instead + * for filter security, + * {@link org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor} + * for messaging security, or + * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor} + * and + * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor} + * for method security. */ +@Deprecated public abstract class AbstractSecurityInterceptor implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware { diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java index 679b495d54..39d712f880 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java +++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java @@ -20,6 +20,7 @@ import java.util.Collection; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; /** @@ -41,7 +42,11 @@ import org.springframework.security.core.Authentication; *

* * @author Ben Alex + * @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor + * @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor + * @deprecated Use delegation with {@link AuthorizationManager} */ +@Deprecated public interface AfterInvocationManager { /** diff --git a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java index 44d42d850a..4003aa4659 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java +++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java @@ -28,6 +28,7 @@ import org.springframework.core.log.LogMessage; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AfterInvocationProvider; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; import org.springframework.util.Assert; import org.springframework.util.CollectionUtils; @@ -47,7 +48,11 @@ import org.springframework.util.CollectionUtils; * given provider is configured to respond to). * * @author Ben Alex + * @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor + * @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor + * @deprecated Use delegation with {@link AuthorizationManager} */ +@Deprecated public class AfterInvocationProviderManager implements AfterInvocationManager, InitializingBean { protected static final Log logger = LogFactory.getLog(AfterInvocationProviderManager.class); diff --git a/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java b/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java index de97aebf60..56abcc0d57 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java +++ b/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java @@ -19,6 +19,7 @@ package org.springframework.security.access.intercept; import java.util.Collection; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.context.SecurityContext; /** @@ -29,7 +30,11 @@ import org.springframework.security.core.context.SecurityContext; * can tidy up correctly. * * @author Ben Alex + * @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor + * @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor + * @deprecated Use delegation with {@link AuthorizationManager} */ +@Deprecated public class InterceptorStatusToken { private SecurityContext securityContext; diff --git a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java index 95b98e2622..4101ed4c8d 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java +++ b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java @@ -43,7 +43,10 @@ import org.springframework.util.Assert; *

* * @author Ben Alex + * @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager} + * instead */ +@Deprecated public class MethodInvocationPrivilegeEvaluator implements InitializingBean { protected static final Log logger = LogFactory.getLog(MethodInvocationPrivilegeEvaluator.class); diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java index eb0fa743aa..c43dd2b17b 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java +++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java @@ -39,7 +39,12 @@ import org.springframework.util.Assert; *

* If the key does not match, a BadCredentialsException is thrown. *

+ * + * @deprecated Authentication is now separated from authorization in Spring Security. This + * class is only used by now-deprecated components. There is not yet an equivalent + * replacement in Spring Security. */ +@Deprecated public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware { protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java index e121b9bb5b..bb3b8f8ac2 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java +++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java @@ -57,7 +57,11 @@ import org.springframework.security.core.Authentication; *

* * @author Ben Alex + * @deprecated Authentication is now separated from authorization in Spring Security. This + * class is only used by now-deprecated components. There is not yet an equivalent + * replacement in Spring Security. */ +@Deprecated public interface RunAsManager { /** diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java index 352ff66f9f..f16bd5b13b 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java +++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java @@ -52,7 +52,11 @@ import org.springframework.util.Assert; * * @author Ben Alex * @author colin sampaleanu + * @deprecated Authentication is now separated from authorization in Spring Security. This + * class is only used by now-deprecated components. There is not yet an equivalent + * replacement in Spring Security. */ +@Deprecated public class RunAsManagerImpl implements RunAsManager, InitializingBean { private String key; diff --git a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java index 1019947440..2fc19b0ca7 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java +++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java @@ -28,7 +28,11 @@ import org.springframework.security.core.SpringSecurityCoreVersion; * that supports {@link RunAsManagerImpl}. * * @author Ben Alex + * @deprecated Authentication is now separated from authorization in Spring Security. This + * class is only used by now-deprecated components. There is not yet an equivalent + * replacement in Spring Security. */ +@Deprecated public class RunAsUserToken extends AbstractAuthenticationToken { private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java index fadf5baf42..4287231eb5 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java +++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java @@ -36,7 +36,13 @@ import org.springframework.security.access.method.MethodSecurityMetadataSource; * * @author Ben Alex * @author Rob Winch + * @deprecated Please use + * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor} + * and + * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor} + * instead */ +@Deprecated public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor { private MethodSecurityMetadataSource securityMetadataSource; diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java index 1d8902d82c..4bc3d19b5b 100644 --- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java +++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java @@ -51,7 +51,9 @@ import org.springframework.util.CollectionUtils; * * @author Ben Alex * @author Luke Taylor + * @deprecated Use {@link EnableMethodSecurity} or publish interceptors directly */ +@Deprecated public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware { private transient MethodSecurityMetadataSource attributeSource; diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java index 3b3be3effb..ef2feb7505 100644 --- a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -22,6 +22,7 @@ import java.util.Collections; import org.springframework.aop.support.AopUtils; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; /** * Abstract implementation of {@link MethodSecurityMetadataSource} that supports both @@ -43,7 +44,11 @@ import org.springframework.security.access.ConfigAttribute; * @author Ben Alex * @author Luke taylor * @since 2.0 + * @deprecated Use the {@code use-authorization-manager} attribute for + * {@code } and {@code } instead or use + * annotation-based or {@link AuthorizationManager}-based authorization */ +@Deprecated public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource { @Override diff --git a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java index 3ed17acc70..219b3f7eb8 100644 --- a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java @@ -24,6 +24,7 @@ import org.apache.commons.logging.LogFactory; import org.springframework.aop.framework.AopProxyUtils; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; /** * Abstract implementation of MethodSecurityMetadataSource which resolves the @@ -31,7 +32,11 @@ import org.springframework.security.access.ConfigAttribute; * * @author Ben Alex * @author Luke Taylor + * @deprecated Use the {@code use-authorization-manager} attribute for + * {@code } and {@code } instead or use + * annotation-based or {@link AuthorizationManager}-based authorization */ +@Deprecated public abstract class AbstractMethodSecurityMetadataSource implements MethodSecurityMetadataSource { protected final Log logger = LogFactory.getLog(getClass()); diff --git a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java index 2591d099fc..3b4c5c2eec 100644 --- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,6 +27,7 @@ import java.util.Set; import org.springframework.core.log.LogMessage; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.util.Assert; import org.springframework.util.ObjectUtils; @@ -37,7 +38,11 @@ import org.springframework.util.ObjectUtils; * * @author Ben Alex * @author Luke Taylor + * @deprecated Use the {@code use-authorization-manager} attribute for + * {@code } and {@code } instead or use + * annotation-based or {@link AuthorizationManager}-based authorization */ +@Deprecated public final class DelegatingMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource { private static final List NULL_CONFIG_ATTRIBUTE = Collections.emptyList(); diff --git a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java index 4fb00cc78e..1c41d40d98 100644 --- a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java @@ -28,6 +28,7 @@ import java.util.Set; import org.springframework.beans.factory.BeanClassLoaderAware; import org.springframework.core.log.LogMessage; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.util.Assert; import org.springframework.util.ClassUtils; @@ -42,7 +43,11 @@ import org.springframework.util.ClassUtils; * * @author Ben Alex * @since 2.0 + * @deprecated Use the {@code use-authorization-manager} attribute for + * {@code } and {@code } instead or use + * annotation-based or {@link AuthorizationManager}-based authorization */ +@Deprecated public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource implements BeanClassLoaderAware { diff --git a/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java index 5cfb3ff9ca..2243236fa9 100644 --- a/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java @@ -21,12 +21,18 @@ import java.util.Collection; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityMetadataSource; +import org.springframework.security.authorization.AuthorizationManager; /** * Interface for SecurityMetadataSource implementations that are designed to * perform lookups keyed on Methods. * * @author Ben Alex + * @see org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager + * @see org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager + * @deprecated Use the {@code use-authorization-manager} attribute for + * {@code } and {@code } instead or use + * annotation-based or {@link AuthorizationManager}-based authorization */ public interface MethodSecurityMetadataSource extends SecurityMetadataSource { diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java index f1de8dc0d1..f974735509 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,7 +36,11 @@ import org.springframework.security.core.Authentication; * @author Luke Taylor * @author Alexander Furer * @since 3.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor} + * instead */ +@Deprecated public class PostInvocationAdviceProvider implements AfterInvocationProvider { protected final Log logger = LogFactory.getLog(getClass()); diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java index c5f6d280fa..737b47c7cb 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,7 +26,11 @@ import org.springframework.security.access.ConfigAttribute; * * @author Luke Taylor * @since 3.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor} + * instead */ +@Deprecated public interface PostInvocationAttribute extends ConfigAttribute { } diff --git a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java index 31501ce000..c57fed585f 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -27,7 +27,11 @@ import org.springframework.security.core.Authentication; * * @author Luke Taylor * @since 3.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor} + * instead */ +@Deprecated public interface PostInvocationAuthorizationAdvice extends AopInfrastructureBean { Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute pia, Object returnedObject) diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java index 1fa478c32e..3da5c99be9 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,7 +26,11 @@ import org.springframework.security.access.ConfigAttribute; * * @author Luke Taylor * @since 3.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor} + * instead */ +@Deprecated public interface PreInvocationAttribute extends ConfigAttribute { } diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java index b0647568e7..741bbd83fe 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,7 +26,11 @@ import org.springframework.security.core.Authentication; * * @author Luke Taylor * @since 3.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor} + * instead */ +@Deprecated public interface PreInvocationAuthorizationAdvice extends AopInfrastructureBean { /** diff --git a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java index 2b9979290a..9a94601e1d 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -38,7 +38,11 @@ import org.springframework.security.core.Authentication; * * @author Luke Taylor * @since 3.0 + * @deprecated Use + * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor} + * instead */ +@Deprecated public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVoter { protected final Log logger = LogFactory.getLog(getClass()); diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java index 24334a99b1..02d8230033 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -48,7 +48,13 @@ import org.springframework.util.ClassUtils; * @author Luke Taylor * @since 3.0 * @see PreInvocationAuthorizationAdviceVoter + * @deprecated Use + * {@link org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager} + * and + * {@link org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager} + * instead */ +@Deprecated public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecurityMetadataSource { private final PrePostInvocationAttributeFactory attributeFactory; diff --git a/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java b/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java index 1feaba1395..90ef060207 100644 --- a/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java +++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -17,10 +17,14 @@ package org.springframework.security.access.prepost; import org.springframework.aop.framework.AopInfrastructureBean; +import org.springframework.security.authorization.AuthorizationManager; /** * @author Luke Taylor * @since 3.0 + * @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor + * @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor + * @deprecated Use delegation with {@link AuthorizationManager} */ public interface PrePostInvocationAttributeFactory extends AopInfrastructureBean { diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java index 75b41a54ae..b9b2390cfd 100644 --- a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java +++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java @@ -29,6 +29,7 @@ import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.util.Assert; @@ -39,7 +40,10 @@ import org.springframework.util.Assert; * Handles configuration of a bean context defined list of {@link AccessDecisionVoter}s * and the access control behaviour if all voters abstain from voting (defaults to deny * access). + * + * @deprecated Use {@link AuthorizationManager} instead */ +@Deprecated public abstract class AbstractAccessDecisionManager implements AccessDecisionManager, InitializingBean, MessageSourceAware { diff --git a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java index 5e1fd32180..8417d368e4 100644 --- a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java +++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java @@ -27,7 +27,10 @@ import org.springframework.util.Assert; * particular ACL system. * * @author Ben Alex + * @deprecated Now used by only-deprecated classes. Generally speaking, in-memory ACL is + * no longer advised, so no replacement is planned at this point. */ +@Deprecated public abstract class AbstractAclVoter implements AccessDecisionVoter { private Class processDomainObjectClass; diff --git a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java index 86841e1f05..1d691dabcc 100644 --- a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java +++ b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java @@ -22,13 +22,17 @@ import java.util.List; import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; /** * Simple concrete implementation of * {@link org.springframework.security.access.AccessDecisionManager} that grants access if * any AccessDecisionVoter returns an affirmative response. + * + * @deprecated Use {@link AuthorizationManager} instead */ +@Deprecated public class AffirmativeBased extends AbstractAccessDecisionManager { public AffirmativeBased(List> decisionVoters) { diff --git a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java index eec33f2d53..6a6731b498 100644 --- a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java +++ b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java @@ -45,7 +45,11 @@ import org.springframework.util.Assert; * All comparisons and prefixes are case sensitive. * * @author Ben Alex + * @deprecated Use + * {@link org.springframework.security.authorization.AuthorityAuthorizationManager} + * instead */ +@Deprecated public class AuthenticatedVoter implements AccessDecisionVoter { public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY"; diff --git a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java index 4f217e7af8..d9cfea4955 100644 --- a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java +++ b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java @@ -22,6 +22,7 @@ import java.util.List; import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; /** @@ -32,7 +33,10 @@ import org.springframework.security.core.Authentication; * "Consensus" here means majority-rule (ignoring abstains) rather than unanimous * agreement (ignoring abstains). If you require unanimity, please see * {@link UnanimousBased}. + * + * @deprecated Use {@link AuthorizationManager} instead */ +@Deprecated public class ConsensusBased extends AbstractAccessDecisionManager { private boolean allowIfEqualGrantedDeniedDecisions = true; diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java index 6dc1cbcb6d..4a923557a6 100644 --- a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java +++ b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -29,7 +29,11 @@ import org.springframework.util.Assert; * * @author Luke Taylor * @since 2.0.4 + * @deprecated Use + * {@link org.springframework.security.authorization.AuthorityAuthorizationManager#setRoleHierarchy} + * instead */ +@Deprecated public class RoleHierarchyVoter extends RoleVoter { private RoleHierarchy roleHierarchy = null; diff --git a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java index 546507df12..a6c6dce89f 100644 --- a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java +++ b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java @@ -48,7 +48,11 @@ import org.springframework.security.core.GrantedAuthority; * * @author Ben Alex * @author colin sampaleanu + * @deprecated Use + * {@link org.springframework.security.authorization.AuthorityAuthorizationManager} + * instead */ +@Deprecated public class RoleVoter implements AccessDecisionVoter { private String rolePrefix = "ROLE_"; diff --git a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java index 6bd4b27243..9850bf3581 100644 --- a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java +++ b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java @@ -23,13 +23,17 @@ import java.util.List; import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; +import org.springframework.security.authorization.AuthorizationManager; import org.springframework.security.core.Authentication; /** * Simple concrete implementation of * {@link org.springframework.security.access.AccessDecisionManager} that requires all * voters to abstain or grant access. + * + * @deprecated Use {@link AuthorizationManager} instead */ +@Deprecated public class UnanimousBased extends AbstractAccessDecisionManager { public UnanimousBased(List> decisionVoters) { diff --git a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java index 0563636dd5..fe9dfe0a1a 100644 --- a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java +++ b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -38,7 +38,9 @@ import org.springframework.web.context.ServletContextAware; * @author Ben Alex * @author Luke Taylor * @since 3.0 + * @deprecated Use {@link AuthorizationManagerWebInvocationPrivilegeEvaluator} instead */ +@Deprecated public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator, ServletContextAware { protected static final Log logger = LogFactory.getLog(DefaultWebInvocationPrivilegeEvaluator.class); diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java index 577a0a3263..b6997eecdc 100644 --- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java +++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2016 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -35,7 +35,9 @@ import org.springframework.util.Assert; * * @author Luke Taylor * @since 3.0 + * @deprecated Use {@link WebExpressionAuthorizationManager} instead */ +@Deprecated public class WebExpressionVoter implements AccessDecisionVoter { private final Log logger = LogFactory.getLog(getClass()); diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java index 1472a1a05e..7f5b0a9f61 100644 --- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java +++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java @@ -41,7 +41,9 @@ import org.springframework.security.web.FilterInvocation; * * @author Ben Alex * @author Rob Winch + * @deprecated Use {@link AuthorizationFilter} instead */ +@Deprecated public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter { private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";