Deprecate AccessDecisionManager et al

Closes gh-11302
This commit is contained in:
Josh Cummings 2022-05-31 10:13:11 -06:00
parent 983ca6ea27
commit 3f8503f1b4
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
71 changed files with 297 additions and 34 deletions

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -37,7 +37,9 @@ import org.springframework.security.access.prepost.PreFilter;
* @author Mike Wiesner * @author Mike Wiesner
* @author Luke Taylor * @author Luke Taylor
* @since 3.1 * @since 3.1
* @deprecated Use aspects in {@link org.springframework.security.authorization.method.aspectj} instead
*/ */
@Deprecated
public aspect AnnotationSecurityAspect implements InitializingBean { public aspect AnnotationSecurityAspect implements InitializingBean {
/** /**

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2013 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -43,7 +43,9 @@ import org.springframework.security.config.annotation.authentication.configurati
* *
* @author Rob Winch * @author Rob Winch
* @since 3.2 * @since 3.2
* @deprecated Use {@link EnableMethodSecurity} instead
*/ */
@Deprecated
@Retention(RetentionPolicy.RUNTIME) @Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.TYPE) @Target(ElementType.TYPE)
@Documented @Documented

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2013 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -36,7 +36,9 @@ import org.springframework.core.type.AnnotationMetadata;
* *
* @author Rob Winch * @author Rob Winch
* @since 3.2 * @since 3.2
* @deprecated Use {@link EnableMethodSecurity} instead
*/ */
@Deprecated
class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinitionRegistrar { class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinitionRegistrar {
/** /**

View File

@ -86,7 +86,11 @@ import org.springframework.util.Assert;
* @author Eddú Meléndez * @author Eddú Meléndez
* @since 3.2 * @since 3.2
* @see EnableGlobalMethodSecurity * @see EnableGlobalMethodSecurity
* @deprecated Use {@link PrePostMethodSecurityConfiguration},
* {@link SecuredMethodSecurityConfiguration}, or
* {@link Jsr250MethodSecurityConfiguration} instead
*/ */
@Deprecated
@Configuration(proxyBeanMethods = false) @Configuration(proxyBeanMethods = false)
@Role(BeanDefinition.ROLE_INFRASTRUCTURE) @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInitializingSingleton, BeanFactoryAware { public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInitializingSingleton, BeanFactoryAware {

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -34,7 +34,9 @@ import org.springframework.util.ClassUtils;
* *
* @author Rob Winch * @author Rob Winch
* @since 3.2 * @since 3.2
* @deprecated Use {@link MethodSecuritySelector} instead
*/ */
@Deprecated
final class GlobalMethodSecuritySelector implements ImportSelector { final class GlobalMethodSecuritySelector implements ImportSelector {
@Override @Override

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2019 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -24,6 +24,7 @@ import org.springframework.security.access.annotation.Jsr250MethodSecurityMetada
@Configuration(proxyBeanMethods = false) @Configuration(proxyBeanMethods = false)
@Role(BeanDefinition.ROLE_INFRASTRUCTURE) @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
@Deprecated
class Jsr250MetadataSourceConfiguration { class Jsr250MetadataSourceConfiguration {
@Bean @Bean

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -32,7 +32,9 @@ import org.springframework.util.MultiValueMap;
* @author Rob Winch * @author Rob Winch
* @since 4.0.2 * @since 4.0.2
* @see GlobalMethodSecuritySelector * @see GlobalMethodSecuritySelector
* @deprecated Use {@link MethodSecuritySelector} instead
*/ */
@Deprecated
class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefinitionRegistrar { class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefinitionRegistrar {
/** /**

View File

@ -1281,8 +1281,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre> * </pre>
* @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
* @throws Exception * @throws Exception
* @deprecated Use {@link #authorizeHttpRequests()} instead
* @see #requestMatcher(RequestMatcher) * @see #requestMatcher(RequestMatcher)
*/ */
@Deprecated
public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests() public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
throws Exception { throws Exception {
ApplicationContext context = getContext(); ApplicationContext context = getContext();
@ -1395,8 +1397,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry} * for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
* @return the {@link HttpSecurity} for further customizations * @return the {@link HttpSecurity} for further customizations
* @throws Exception * @throws Exception
* @deprecated Use {@link #authorizeHttpRequests} instead
* @see #requestMatcher(RequestMatcher) * @see #requestMatcher(RequestMatcher)
*/ */
@Deprecated
public HttpSecurity authorizeRequests( public HttpSecurity authorizeRequests(
Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer) Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer)
throws Exception { throws Exception {

View File

@ -60,7 +60,9 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
* @since 3.2 * @since 3.2
* @see ExpressionUrlAuthorizationConfigurer * @see ExpressionUrlAuthorizationConfigurer
* @see UrlAuthorizationConfigurer * @see UrlAuthorizationConfigurer
* @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
*/ */
@Deprecated
public abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C, H>, H extends HttpSecurityBuilder<H>> public abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C, H>, H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<C, H> { extends AbstractHttpConfigurer<C, H> {

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -79,7 +79,9 @@ import org.springframework.util.StringUtils;
* @author Yanming Zhou * @author Yanming Zhou
* @since 3.2 * @since 3.2
* @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests() * @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()
* @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
*/ */
@Deprecated
public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractInterceptUrlConfigurer<ExpressionUrlAuthorizationConfigurer<H>, H> { extends AbstractInterceptUrlConfigurer<ExpressionUrlAuthorizationConfigurer<H>, H> {

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -85,7 +85,9 @@ import org.springframework.util.Assert;
* @author Rob Winch * @author Rob Winch
* @since 3.2 * @since 3.2
* @see ExpressionUrlAuthorizationConfigurer * @see ExpressionUrlAuthorizationConfigurer
* @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
*/ */
@Deprecated
public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>, H> { extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>, H> {

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -46,7 +46,9 @@ import org.springframework.util.xml.DomUtils;
* for use with a FilterSecurityInterceptor. * for use with a FilterSecurityInterceptor.
* *
* @author Luke Taylor * @author Luke Taylor
* @deprecated Use `use-authorization-manager` property instead
*/ */
@Deprecated
public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinitionParser { public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinitionParser {
private static final String ATT_USE_EXPRESSIONS = "use-expressions"; private static final String ATT_USE_EXPRESSIONS = "use-expressions";

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -89,7 +89,9 @@ import org.springframework.util.xml.DomUtils;
* @author Luke Taylor * @author Luke Taylor
* @author Rob Winch * @author Rob Winch
* @since 2.0 * @since 2.0
* @deprecated Use {@link MethodSecurityBeanDefinitionParser} instead
*/ */
@Deprecated
public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser { public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
private final Log logger = LogFactory.getLog(getClass()); private final Log logger = LogFactory.getLog(getClass());

View File

@ -125,7 +125,11 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
/** /**
* This is the real class which does the work. We need access to the ParserContext in * This is the real class which does the work. We need access to the ParserContext in
* order to do bean registration. * order to do bean registration.
*
* @deprecated Use
* {@link InternalAuthorizationManagerInterceptMethodsBeanDefinitionDecorator}
*/ */
@Deprecated
static class InternalInterceptMethodsBeanDefinitionDecorator static class InternalInterceptMethodsBeanDefinitionDecorator
extends AbstractInterceptorDrivenBeanDefinitionDecorator { extends AbstractInterceptorDrivenBeanDefinitionDecorator {

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -36,7 +36,10 @@ import org.springframework.util.xml.DomUtils;
/** /**
* @author Luke Taylor * @author Luke Taylor
* @since 3.1 * @since 3.1
* @deprecated Use {@code <intercept-methods>}, {@code <method-security>}, or
* {@code @EnableMethodSecurity}
*/ */
@Deprecated
public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBeanDefinitionParser { public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBeanDefinitionParser {
static final String ATT_METHOD = "method"; static final String ATT_METHOD = "method";

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -63,7 +63,9 @@ import org.springframework.util.StringUtils;
* *
* @author Ben Alex * @author Ben Alex
* @since 2.0 * @since 2.0
* @deprecated Use {@code use-authorization-manager} flag instead
*/ */
@Deprecated
final class ProtectPointcutPostProcessor implements BeanPostProcessor { final class ProtectPointcutPostProcessor implements BeanPostProcessor {
private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class); private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class);

View File

@ -19,13 +19,16 @@ package org.springframework.security.access;
import java.util.Collection; import java.util.Collection;
import org.springframework.security.authentication.InsufficientAuthenticationException; import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
/** /**
* Makes a final access control (authorization) decision. * Makes a final access control (authorization) decision.
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Use {@link AuthorizationManager} instead
*/ */
@Deprecated
public interface AccessDecisionManager { public interface AccessDecisionManager {
/** /**

View File

@ -18,6 +18,7 @@ package org.springframework.security.access;
import java.util.Collection; import java.util.Collection;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
/** /**
@ -28,7 +29,9 @@ import org.springframework.security.core.Authentication;
* {@link org.springframework.security.access.AccessDecisionManager}. * {@link org.springframework.security.access.AccessDecisionManager}.
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Use {@link AuthorizationManager} instead
*/ */
@Deprecated
public interface AccessDecisionVoter<S> { public interface AccessDecisionVoter<S> {
int ACCESS_GRANTED = 1; int ACCESS_GRANTED = 1;

View File

@ -19,6 +19,7 @@ package org.springframework.security.access;
import java.util.Collection; import java.util.Collection;
import org.springframework.security.access.intercept.AfterInvocationProviderManager; import org.springframework.security.access.intercept.AfterInvocationProviderManager;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
/** /**
@ -26,7 +27,11 @@ import org.springframework.security.core.Authentication;
* {@link AfterInvocationProviderManager} decision. * {@link AfterInvocationProviderManager} decision.
* *
* @author Ben Alex * @author Ben Alex
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
* @deprecated Use delegation with {@link AuthorizationManager}
*/ */
@Deprecated
public interface AfterInvocationProvider { public interface AfterInvocationProvider {
Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes, Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -28,7 +28,11 @@ import org.springframework.security.access.ConfigAttribute;
* Used by {@code SecuredAnnotationSecurityMetadataSource}. * Used by {@code SecuredAnnotationSecurityMetadataSource}.
* *
* @author Luke Taylor * @author Luke Taylor
* @deprecated Used only by now-deprecated classes. Consider
* {@link org.springframework.security.authorization.method.SecuredAuthorizationManager}
* for `@Secured` methods.
*/ */
@Deprecated
public interface AnnotationMetadataExtractor<A extends Annotation> { public interface AnnotationMetadataExtractor<A extends Annotation> {
Collection<? extends ConfigAttribute> extractAttributes(A securityAnnotation); Collection<? extends ConfigAttribute> extractAttributes(A securityAnnotation);

View File

@ -35,7 +35,11 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
* *
* @author Ben Alex * @author Ben Alex
* @since 2.0 * @since 2.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.Jsr250AuthorizationManager}
* instead
*/ */
@Deprecated
public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource { public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
private String defaultRolePrefix = "ROLE_"; private String defaultRolePrefix = "ROLE_";

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -20,13 +20,16 @@ import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll; import javax.annotation.security.PermitAll;
import org.springframework.security.access.SecurityConfig; import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor;
/** /**
* Security config applicable as a JSR 250 annotation attribute. * Security config applicable as a JSR 250 annotation attribute.
* *
* @author Ryan Heaton * @author Ryan Heaton
* @since 2.0 * @since 2.0
* @deprecated Use {@link AuthorizationManagerBeforeMethodInterceptor#jsr250()} instead
*/ */
@Deprecated
public class Jsr250SecurityConfig extends SecurityConfig { public class Jsr250SecurityConfig extends SecurityConfig {
public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName()); public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName());

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -28,7 +28,11 @@ import org.springframework.security.core.GrantedAuthority;
* *
* @author Ryan Heaton * @author Ryan Heaton
* @since 2.0 * @since 2.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.Jsr250AuthorizationManager}
* instead
*/ */
@Deprecated
public class Jsr250Voter implements AccessDecisionVoter<Object> { public class Jsr250Voter implements AccessDecisionVoter<Object> {
/** /**

View File

@ -38,7 +38,10 @@ import org.springframework.util.Assert;
* *
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor * @author Luke Taylor
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor#secured}
*/ */
@Deprecated
@SuppressWarnings({ "unchecked" }) @SuppressWarnings({ "unchecked" })
public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource { public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {

View File

@ -22,7 +22,11 @@ import org.springframework.context.ApplicationEvent;
* Abstract superclass for all security interception related events. * Abstract superclass for all security interception related events.
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Authorization events have moved. Consider
* {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent} and
* {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent}
*/ */
@Deprecated
public abstract class AbstractAuthorizationEvent extends ApplicationEvent { public abstract class AbstractAuthorizationEvent extends ApplicationEvent {
/** /**

View File

@ -27,7 +27,11 @@ import org.springframework.util.Assert;
* could not be obtained from the <code>SecurityContextHolder</code>. * could not be obtained from the <code>SecurityContextHolder</code>.
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Authentication is now separated from authorization. Consider
* {@link org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent}
* instead.
*/ */
@Deprecated
public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizationEvent { public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizationEvent {
private final AuthenticationCredentialsNotFoundException credentialsNotFoundException; private final AuthenticationCredentialsNotFoundException credentialsNotFoundException;

View File

@ -34,7 +34,11 @@ import org.springframework.util.Assert;
* AfterInvocationManager}. * AfterInvocationManager}.
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Use
* {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent}
* instead
*/ */
@Deprecated
public class AuthorizationFailureEvent extends AbstractAuthorizationEvent { public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
private final AccessDeniedException accessDeniedException; private final AccessDeniedException accessDeniedException;

View File

@ -29,7 +29,11 @@ import org.springframework.util.Assert;
* </p> * </p>
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Use
* {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent}
* instead
*/ */
@Deprecated
public class AuthorizedEvent extends AbstractAuthorizationEvent { public class AuthorizedEvent extends AbstractAuthorizationEvent {
private final Authentication authentication; private final Authentication authentication;

View File

@ -30,7 +30,10 @@ import org.springframework.core.log.LogMessage;
* </p> * </p>
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Logging is now embedded in Spring Security components. If you need further
* logging, please consider using your own {@link ApplicationListener}
*/ */
@Deprecated
public class LoggerListener implements ApplicationListener<AbstractAuthorizationEvent> { public class LoggerListener implements ApplicationListener<AbstractAuthorizationEvent> {
private static final Log logger = LogFactory.getLog(LoggerListener.class); private static final Log logger = LogFactory.getLog(LoggerListener.class);

View File

@ -16,6 +16,8 @@
package org.springframework.security.access.event; package org.springframework.security.access.event;
import org.springframework.security.authorization.event.AuthorizationGrantedEvent;
/** /**
* Event that is generated whenever a public secure object is invoked. * Event that is generated whenever a public secure object is invoked.
* <p> * <p>
@ -28,7 +30,10 @@ package org.springframework.security.access.event;
* </p> * </p>
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Only used by now-deprecated classes. Consider
* {@link AuthorizationGrantedEvent#getSource()} to deduce public invocations.
*/ */
@Deprecated
public class PublicInvocationEvent extends AbstractAuthorizationEvent { public class PublicInvocationEvent extends AbstractAuthorizationEvent {
/** /**

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -32,7 +32,10 @@ import org.springframework.util.Assert;
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
* interceptors instead
*/ */
@Deprecated
abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAttribute { abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAttribute {
private final Expression filterExpression; private final Expression filterExpression;

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -30,7 +30,10 @@ import org.springframework.security.access.prepost.PrePostInvocationAttributeFac
* @author Luke Taylor * @author Luke Taylor
* @author Rob Winch * @author Rob Winch
* @since 3.0 * @since 3.0
* @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
* interceptors instead
*/ */
@Deprecated
public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocationAttributeFactory { public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocationAttributeFactory {
private final Object parserLock = new Object(); private final Object parserLock = new Object();

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -32,7 +32,11 @@ import org.springframework.security.core.Authentication;
/** /**
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* instead
*/ */
@Deprecated
public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthorizationAdvice { public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthorizationAdvice {
protected final Log logger = LogFactory.getLog(getClass()); protected final Log logger = LogFactory.getLog(getClass());

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2019 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -33,7 +33,11 @@ import org.springframework.util.Assert;
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* instead
*/ */
@Deprecated
public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthorizationAdvice { public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthorizationAdvice {
private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler(); private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -23,7 +23,11 @@ import org.springframework.security.access.prepost.PostInvocationAttribute;
/** /**
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* instead
*/ */
@Deprecated
class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
implements PostInvocationAttribute { implements PostInvocationAttribute {

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -23,7 +23,11 @@ import org.springframework.security.access.prepost.PreInvocationAttribute;
/** /**
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
* instead
*/ */
@Deprecated
class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
implements PreInvocationAttribute { implements PreInvocationAttribute {

View File

@ -104,7 +104,17 @@ import org.springframework.util.CollectionUtils;
* *
* @author Ben Alex * @author Ben Alex
* @author Rob Winch * @author Rob Winch
* @deprecated Use
* {@link org.springframework.security.web.access.intercept.AuthorizationFilter} instead
* for filter security,
* {@link org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor}
* for messaging security, or
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
* and
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* for method security.
*/ */
@Deprecated
public abstract class AbstractSecurityInterceptor public abstract class AbstractSecurityInterceptor
implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware { implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {

View File

@ -20,6 +20,7 @@ import java.util.Collection;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
/** /**
@ -41,7 +42,11 @@ import org.springframework.security.core.Authentication;
* </p> * </p>
* *
* @author Ben Alex * @author Ben Alex
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
* @deprecated Use delegation with {@link AuthorizationManager}
*/ */
@Deprecated
public interface AfterInvocationManager { public interface AfterInvocationManager {
/** /**

View File

@ -28,6 +28,7 @@ import org.springframework.core.log.LogMessage;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.AfterInvocationProvider; import org.springframework.security.access.AfterInvocationProvider;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils; import org.springframework.util.CollectionUtils;
@ -47,7 +48,11 @@ import org.springframework.util.CollectionUtils;
* given provider is configured to respond to). * given provider is configured to respond to).
* *
* @author Ben Alex * @author Ben Alex
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
* @deprecated Use delegation with {@link AuthorizationManager}
*/ */
@Deprecated
public class AfterInvocationProviderManager implements AfterInvocationManager, InitializingBean { public class AfterInvocationProviderManager implements AfterInvocationManager, InitializingBean {
protected static final Log logger = LogFactory.getLog(AfterInvocationProviderManager.class); protected static final Log logger = LogFactory.getLog(AfterInvocationProviderManager.class);

View File

@ -19,6 +19,7 @@ package org.springframework.security.access.intercept;
import java.util.Collection; import java.util.Collection;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContext;
/** /**
@ -29,7 +30,11 @@ import org.springframework.security.core.context.SecurityContext;
* can tidy up correctly. * can tidy up correctly.
* *
* @author Ben Alex * @author Ben Alex
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
* @deprecated Use delegation with {@link AuthorizationManager}
*/ */
@Deprecated
public class InterceptorStatusToken { public class InterceptorStatusToken {
private SecurityContext securityContext; private SecurityContext securityContext;

View File

@ -43,7 +43,10 @@ import org.springframework.util.Assert;
* </p> * </p>
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
* instead
*/ */
@Deprecated
public class MethodInvocationPrivilegeEvaluator implements InitializingBean { public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
protected static final Log logger = LogFactory.getLog(MethodInvocationPrivilegeEvaluator.class); protected static final Log logger = LogFactory.getLog(MethodInvocationPrivilegeEvaluator.class);

View File

@ -39,7 +39,12 @@ import org.springframework.util.Assert;
* <P> * <P>
* If the key does not match, a <code>BadCredentialsException</code> is thrown. * If the key does not match, a <code>BadCredentialsException</code> is thrown.
* </p> * </p>
*
* @deprecated Authentication is now separated from authorization in Spring Security. This
* class is only used by now-deprecated components. There is not yet an equivalent
* replacement in Spring Security.
*/ */
@Deprecated
public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware { public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();

View File

@ -57,7 +57,11 @@ import org.springframework.security.core.Authentication;
* </p> * </p>
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Authentication is now separated from authorization in Spring Security. This
* class is only used by now-deprecated components. There is not yet an equivalent
* replacement in Spring Security.
*/ */
@Deprecated
public interface RunAsManager { public interface RunAsManager {
/** /**

View File

@ -52,7 +52,11 @@ import org.springframework.util.Assert;
* *
* @author Ben Alex * @author Ben Alex
* @author colin sampaleanu * @author colin sampaleanu
* @deprecated Authentication is now separated from authorization in Spring Security. This
* class is only used by now-deprecated components. There is not yet an equivalent
* replacement in Spring Security.
*/ */
@Deprecated
public class RunAsManagerImpl implements RunAsManager, InitializingBean { public class RunAsManagerImpl implements RunAsManager, InitializingBean {
private String key; private String key;

View File

@ -28,7 +28,11 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
* that supports {@link RunAsManagerImpl}. * that supports {@link RunAsManagerImpl}.
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Authentication is now separated from authorization in Spring Security. This
* class is only used by now-deprecated components. There is not yet an equivalent
* replacement in Spring Security.
*/ */
@Deprecated
public class RunAsUserToken extends AbstractAuthenticationToken { public class RunAsUserToken extends AbstractAuthenticationToken {
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

View File

@ -36,7 +36,13 @@ import org.springframework.security.access.method.MethodSecurityMetadataSource;
* *
* @author Ben Alex * @author Ben Alex
* @author Rob Winch * @author Rob Winch
* @deprecated Please use
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
* and
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* instead
*/ */
@Deprecated
public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor { public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor {
private MethodSecurityMetadataSource securityMetadataSource; private MethodSecurityMetadataSource securityMetadataSource;

View File

@ -51,7 +51,9 @@ import org.springframework.util.CollectionUtils;
* *
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor * @author Luke Taylor
* @deprecated Use {@link EnableMethodSecurity} or publish interceptors directly
*/ */
@Deprecated
public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware { public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware {
private transient MethodSecurityMetadataSource attributeSource; private transient MethodSecurityMetadataSource attributeSource;

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -22,6 +22,7 @@ import java.util.Collections;
import org.springframework.aop.support.AopUtils; import org.springframework.aop.support.AopUtils;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
/** /**
* Abstract implementation of {@link MethodSecurityMetadataSource} that supports both * Abstract implementation of {@link MethodSecurityMetadataSource} that supports both
@ -43,7 +44,11 @@ import org.springframework.security.access.ConfigAttribute;
* @author Ben Alex * @author Ben Alex
* @author Luke taylor * @author Luke taylor
* @since 2.0 * @since 2.0
* @deprecated Use the {@code use-authorization-manager} attribute for
* {@code <method-security>} and {@code <intercept-methods>} instead or use
* annotation-based or {@link AuthorizationManager}-based authorization
*/ */
@Deprecated
public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource { public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
@Override @Override

View File

@ -24,6 +24,7 @@ import org.apache.commons.logging.LogFactory;
import org.springframework.aop.framework.AopProxyUtils; import org.springframework.aop.framework.AopProxyUtils;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
/** /**
* Abstract implementation of <tt>MethodSecurityMetadataSource</tt> which resolves the * Abstract implementation of <tt>MethodSecurityMetadataSource</tt> which resolves the
@ -31,7 +32,11 @@ import org.springframework.security.access.ConfigAttribute;
* *
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor * @author Luke Taylor
* @deprecated Use the {@code use-authorization-manager} attribute for
* {@code <method-security>} and {@code <intercept-methods>} instead or use
* annotation-based or {@link AuthorizationManager}-based authorization
*/ */
@Deprecated
public abstract class AbstractMethodSecurityMetadataSource implements MethodSecurityMetadataSource { public abstract class AbstractMethodSecurityMetadataSource implements MethodSecurityMetadataSource {
protected final Log logger = LogFactory.getLog(getClass()); protected final Log logger = LogFactory.getLog(getClass());

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -27,6 +27,7 @@ import java.util.Set;
import org.springframework.core.log.LogMessage; import org.springframework.core.log.LogMessage;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils; import org.springframework.util.ObjectUtils;
@ -37,7 +38,11 @@ import org.springframework.util.ObjectUtils;
* *
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor * @author Luke Taylor
* @deprecated Use the {@code use-authorization-manager} attribute for
* {@code <method-security>} and {@code <intercept-methods>} instead or use
* annotation-based or {@link AuthorizationManager}-based authorization
*/ */
@Deprecated
public final class DelegatingMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource { public final class DelegatingMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
private static final List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList(); private static final List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();

View File

@ -28,6 +28,7 @@ import java.util.Set;
import org.springframework.beans.factory.BeanClassLoaderAware; import org.springframework.beans.factory.BeanClassLoaderAware;
import org.springframework.core.log.LogMessage; import org.springframework.core.log.LogMessage;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.ClassUtils; import org.springframework.util.ClassUtils;
@ -42,7 +43,11 @@ import org.springframework.util.ClassUtils;
* *
* @author Ben Alex * @author Ben Alex
* @since 2.0 * @since 2.0
* @deprecated Use the {@code use-authorization-manager} attribute for
* {@code <method-security>} and {@code <intercept-methods>} instead or use
* annotation-based or {@link AuthorizationManager}-based authorization
*/ */
@Deprecated
public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource
implements BeanClassLoaderAware { implements BeanClassLoaderAware {

View File

@ -21,12 +21,18 @@ import java.util.Collection;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityMetadataSource; import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.authorization.AuthorizationManager;
/** /**
* Interface for <code>SecurityMetadataSource</code> implementations that are designed to * Interface for <code>SecurityMetadataSource</code> implementations that are designed to
* perform lookups keyed on <code>Method</code>s. * perform lookups keyed on <code>Method</code>s.
* *
* @author Ben Alex * @author Ben Alex
* @see org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
* @see org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
* @deprecated Use the {@code use-authorization-manager} attribute for
* {@code <method-security>} and {@code <intercept-methods>} instead or use
* annotation-based or {@link AuthorizationManager}-based authorization
*/ */
public interface MethodSecurityMetadataSource extends SecurityMetadataSource { public interface MethodSecurityMetadataSource extends SecurityMetadataSource {

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -36,7 +36,11 @@ import org.springframework.security.core.Authentication;
* @author Luke Taylor * @author Luke Taylor
* @author Alexander Furer * @author Alexander Furer
* @since 3.0 * @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* instead
*/ */
@Deprecated
public class PostInvocationAdviceProvider implements AfterInvocationProvider { public class PostInvocationAdviceProvider implements AfterInvocationProvider {
protected final Log logger = LogFactory.getLog(getClass()); protected final Log logger = LogFactory.getLog(getClass());

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -26,7 +26,11 @@ import org.springframework.security.access.ConfigAttribute;
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* instead
*/ */
@Deprecated
public interface PostInvocationAttribute extends ConfigAttribute { public interface PostInvocationAttribute extends ConfigAttribute {
} }

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -27,7 +27,11 @@ import org.springframework.security.core.Authentication;
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
* instead
*/ */
@Deprecated
public interface PostInvocationAuthorizationAdvice extends AopInfrastructureBean { public interface PostInvocationAuthorizationAdvice extends AopInfrastructureBean {
Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute pia, Object returnedObject) Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute pia, Object returnedObject)

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -26,7 +26,11 @@ import org.springframework.security.access.ConfigAttribute;
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
* instead
*/ */
@Deprecated
public interface PreInvocationAttribute extends ConfigAttribute { public interface PreInvocationAttribute extends ConfigAttribute {
} }

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -26,7 +26,11 @@ import org.springframework.security.core.Authentication;
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
* instead
*/ */
@Deprecated
public interface PreInvocationAuthorizationAdvice extends AopInfrastructureBean { public interface PreInvocationAuthorizationAdvice extends AopInfrastructureBean {
/** /**

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -38,7 +38,11 @@ import org.springframework.security.core.Authentication;
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
* instead
*/ */
@Deprecated
public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVoter<MethodInvocation> { public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVoter<MethodInvocation> {
protected final Log logger = LogFactory.getLog(getClass()); protected final Log logger = LogFactory.getLog(getClass());

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -48,7 +48,13 @@ import org.springframework.util.ClassUtils;
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @see PreInvocationAuthorizationAdviceVoter * @see PreInvocationAuthorizationAdviceVoter
* @deprecated Use
* {@link org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager}
* and
* {@link org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager}
* instead
*/ */
@Deprecated
public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecurityMetadataSource { public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
private final PrePostInvocationAttributeFactory attributeFactory; private final PrePostInvocationAttributeFactory attributeFactory;

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -17,10 +17,14 @@
package org.springframework.security.access.prepost; package org.springframework.security.access.prepost;
import org.springframework.aop.framework.AopInfrastructureBean; import org.springframework.aop.framework.AopInfrastructureBean;
import org.springframework.security.authorization.AuthorizationManager;
/** /**
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
* @deprecated Use delegation with {@link AuthorizationManager}
*/ */
public interface PrePostInvocationAttributeFactory extends AopInfrastructureBean { public interface PrePostInvocationAttributeFactory extends AopInfrastructureBean {

View File

@ -29,6 +29,7 @@ import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.SpringSecurityMessageSource; import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.util.Assert; import org.springframework.util.Assert;
@ -39,7 +40,10 @@ import org.springframework.util.Assert;
* Handles configuration of a bean context defined list of {@link AccessDecisionVoter}s * Handles configuration of a bean context defined list of {@link AccessDecisionVoter}s
* and the access control behaviour if all voters abstain from voting (defaults to deny * and the access control behaviour if all voters abstain from voting (defaults to deny
* access). * access).
*
* @deprecated Use {@link AuthorizationManager} instead
*/ */
@Deprecated
public abstract class AbstractAccessDecisionManager public abstract class AbstractAccessDecisionManager
implements AccessDecisionManager, InitializingBean, MessageSourceAware { implements AccessDecisionManager, InitializingBean, MessageSourceAware {

View File

@ -27,7 +27,10 @@ import org.springframework.util.Assert;
* particular ACL system. * particular ACL system.
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Now used by only-deprecated classes. Generally speaking, in-memory ACL is
* no longer advised, so no replacement is planned at this point.
*/ */
@Deprecated
public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvocation> { public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvocation> {
private Class<?> processDomainObjectClass; private Class<?> processDomainObjectClass;

View File

@ -22,13 +22,17 @@ import java.util.List;
import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
/** /**
* Simple concrete implementation of * Simple concrete implementation of
* {@link org.springframework.security.access.AccessDecisionManager} that grants access if * {@link org.springframework.security.access.AccessDecisionManager} that grants access if
* any <code>AccessDecisionVoter</code> returns an affirmative response. * any <code>AccessDecisionVoter</code> returns an affirmative response.
*
* @deprecated Use {@link AuthorizationManager} instead
*/ */
@Deprecated
public class AffirmativeBased extends AbstractAccessDecisionManager { public class AffirmativeBased extends AbstractAccessDecisionManager {
public AffirmativeBased(List<AccessDecisionVoter<?>> decisionVoters) { public AffirmativeBased(List<AccessDecisionVoter<?>> decisionVoters) {

View File

@ -45,7 +45,11 @@ import org.springframework.util.Assert;
* All comparisons and prefixes are case sensitive. * All comparisons and prefixes are case sensitive.
* *
* @author Ben Alex * @author Ben Alex
* @deprecated Use
* {@link org.springframework.security.authorization.AuthorityAuthorizationManager}
* instead
*/ */
@Deprecated
public class AuthenticatedVoter implements AccessDecisionVoter<Object> { public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY"; public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";

View File

@ -22,6 +22,7 @@ import java.util.List;
import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
/** /**
@ -32,7 +33,10 @@ import org.springframework.security.core.Authentication;
* "Consensus" here means majority-rule (ignoring abstains) rather than unanimous * "Consensus" here means majority-rule (ignoring abstains) rather than unanimous
* agreement (ignoring abstains). If you require unanimity, please see * agreement (ignoring abstains). If you require unanimity, please see
* {@link UnanimousBased}. * {@link UnanimousBased}.
*
* @deprecated Use {@link AuthorizationManager} instead
*/ */
@Deprecated
public class ConsensusBased extends AbstractAccessDecisionManager { public class ConsensusBased extends AbstractAccessDecisionManager {
private boolean allowIfEqualGrantedDeniedDecisions = true; private boolean allowIfEqualGrantedDeniedDecisions = true;

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -29,7 +29,11 @@ import org.springframework.util.Assert;
* *
* @author Luke Taylor * @author Luke Taylor
* @since 2.0.4 * @since 2.0.4
* @deprecated Use
* {@link org.springframework.security.authorization.AuthorityAuthorizationManager#setRoleHierarchy}
* instead
*/ */
@Deprecated
public class RoleHierarchyVoter extends RoleVoter { public class RoleHierarchyVoter extends RoleVoter {
private RoleHierarchy roleHierarchy = null; private RoleHierarchy roleHierarchy = null;

View File

@ -48,7 +48,11 @@ import org.springframework.security.core.GrantedAuthority;
* *
* @author Ben Alex * @author Ben Alex
* @author colin sampaleanu * @author colin sampaleanu
* @deprecated Use
* {@link org.springframework.security.authorization.AuthorityAuthorizationManager}
* instead
*/ */
@Deprecated
public class RoleVoter implements AccessDecisionVoter<Object> { public class RoleVoter implements AccessDecisionVoter<Object> {
private String rolePrefix = "ROLE_"; private String rolePrefix = "ROLE_";

View File

@ -23,13 +23,17 @@ import java.util.List;
import org.springframework.security.access.AccessDecisionVoter; import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
/** /**
* Simple concrete implementation of * Simple concrete implementation of
* {@link org.springframework.security.access.AccessDecisionManager} that requires all * {@link org.springframework.security.access.AccessDecisionManager} that requires all
* voters to abstain or grant access. * voters to abstain or grant access.
*
* @deprecated Use {@link AuthorizationManager} instead
*/ */
@Deprecated
public class UnanimousBased extends AbstractAccessDecisionManager { public class UnanimousBased extends AbstractAccessDecisionManager {
public UnanimousBased(List<AccessDecisionVoter<?>> decisionVoters) { public UnanimousBased(List<AccessDecisionVoter<?>> decisionVoters) {

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2021 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -38,7 +38,9 @@ import org.springframework.web.context.ServletContextAware;
* @author Ben Alex * @author Ben Alex
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use {@link AuthorizationManagerWebInvocationPrivilegeEvaluator} instead
*/ */
@Deprecated
public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator, ServletContextAware { public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator, ServletContextAware {
protected static final Log logger = LogFactory.getLog(DefaultWebInvocationPrivilegeEvaluator.class); protected static final Log logger = LogFactory.getLog(DefaultWebInvocationPrivilegeEvaluator.class);

View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2016 the original author or authors. * Copyright 2002-2022 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -35,7 +35,9 @@ import org.springframework.util.Assert;
* *
* @author Luke Taylor * @author Luke Taylor
* @since 3.0 * @since 3.0
* @deprecated Use {@link WebExpressionAuthorizationManager} instead
*/ */
@Deprecated
public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation> { public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation> {
private final Log logger = LogFactory.getLog(getClass()); private final Log logger = LogFactory.getLog(getClass());

View File

@ -41,7 +41,9 @@ import org.springframework.security.web.FilterInvocation;
* *
* @author Ben Alex * @author Ben Alex
* @author Rob Winch * @author Rob Winch
* @deprecated Use {@link AuthorizationFilter} instead
*/ */
@Deprecated
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter { public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied"; private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";