parent
983ca6ea27
commit
3f8503f1b4
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -37,7 +37,9 @@ import org.springframework.security.access.prepost.PreFilter;
|
||||||
* @author Mike Wiesner
|
* @author Mike Wiesner
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.1
|
* @since 3.1
|
||||||
|
* @deprecated Use aspects in {@link org.springframework.security.authorization.method.aspectj} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public aspect AnnotationSecurityAspect implements InitializingBean {
|
public aspect AnnotationSecurityAspect implements InitializingBean {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2013 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -43,7 +43,9 @@ import org.springframework.security.config.annotation.authentication.configurati
|
||||||
*
|
*
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 3.2
|
* @since 3.2
|
||||||
|
* @deprecated Use {@link EnableMethodSecurity} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
@Retention(RetentionPolicy.RUNTIME)
|
@Retention(RetentionPolicy.RUNTIME)
|
||||||
@Target(ElementType.TYPE)
|
@Target(ElementType.TYPE)
|
||||||
@Documented
|
@Documented
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2013 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -36,7 +36,9 @@ import org.springframework.core.type.AnnotationMetadata;
|
||||||
*
|
*
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 3.2
|
* @since 3.2
|
||||||
|
* @deprecated Use {@link EnableMethodSecurity} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinitionRegistrar {
|
class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinitionRegistrar {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -86,7 +86,11 @@ import org.springframework.util.Assert;
|
||||||
* @author Eddú Meléndez
|
* @author Eddú Meléndez
|
||||||
* @since 3.2
|
* @since 3.2
|
||||||
* @see EnableGlobalMethodSecurity
|
* @see EnableGlobalMethodSecurity
|
||||||
|
* @deprecated Use {@link PrePostMethodSecurityConfiguration},
|
||||||
|
* {@link SecuredMethodSecurityConfiguration}, or
|
||||||
|
* {@link Jsr250MethodSecurityConfiguration} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
@Configuration(proxyBeanMethods = false)
|
@Configuration(proxyBeanMethods = false)
|
||||||
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||||
public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInitializingSingleton, BeanFactoryAware {
|
public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInitializingSingleton, BeanFactoryAware {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2018 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -34,7 +34,9 @@ import org.springframework.util.ClassUtils;
|
||||||
*
|
*
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 3.2
|
* @since 3.2
|
||||||
|
* @deprecated Use {@link MethodSecuritySelector} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
final class GlobalMethodSecuritySelector implements ImportSelector {
|
final class GlobalMethodSecuritySelector implements ImportSelector {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -24,6 +24,7 @@ import org.springframework.security.access.annotation.Jsr250MethodSecurityMetada
|
||||||
|
|
||||||
@Configuration(proxyBeanMethods = false)
|
@Configuration(proxyBeanMethods = false)
|
||||||
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||||
|
@Deprecated
|
||||||
class Jsr250MetadataSourceConfiguration {
|
class Jsr250MetadataSourceConfiguration {
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2018 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -32,7 +32,9 @@ import org.springframework.util.MultiValueMap;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 4.0.2
|
* @since 4.0.2
|
||||||
* @see GlobalMethodSecuritySelector
|
* @see GlobalMethodSecuritySelector
|
||||||
|
* @deprecated Use {@link MethodSecuritySelector} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefinitionRegistrar {
|
class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefinitionRegistrar {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1281,8 +1281,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||||
* </pre>
|
* </pre>
|
||||||
* @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
|
* @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
|
* @deprecated Use {@link #authorizeHttpRequests()} instead
|
||||||
* @see #requestMatcher(RequestMatcher)
|
* @see #requestMatcher(RequestMatcher)
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
|
public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
|
||||||
throws Exception {
|
throws Exception {
|
||||||
ApplicationContext context = getContext();
|
ApplicationContext context = getContext();
|
||||||
|
@ -1395,8 +1397,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
|
||||||
* for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
|
* for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
|
||||||
* @return the {@link HttpSecurity} for further customizations
|
* @return the {@link HttpSecurity} for further customizations
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
|
* @deprecated Use {@link #authorizeHttpRequests} instead
|
||||||
* @see #requestMatcher(RequestMatcher)
|
* @see #requestMatcher(RequestMatcher)
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public HttpSecurity authorizeRequests(
|
public HttpSecurity authorizeRequests(
|
||||||
Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer)
|
Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer)
|
||||||
throws Exception {
|
throws Exception {
|
||||||
|
|
|
@ -60,7 +60,9 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
|
||||||
* @since 3.2
|
* @since 3.2
|
||||||
* @see ExpressionUrlAuthorizationConfigurer
|
* @see ExpressionUrlAuthorizationConfigurer
|
||||||
* @see UrlAuthorizationConfigurer
|
* @see UrlAuthorizationConfigurer
|
||||||
|
* @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C, H>, H extends HttpSecurityBuilder<H>>
|
public abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C, H>, H extends HttpSecurityBuilder<H>>
|
||||||
extends AbstractHttpConfigurer<C, H> {
|
extends AbstractHttpConfigurer<C, H> {
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -79,7 +79,9 @@ import org.springframework.util.StringUtils;
|
||||||
* @author Yanming Zhou
|
* @author Yanming Zhou
|
||||||
* @since 3.2
|
* @since 3.2
|
||||||
* @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()
|
* @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()
|
||||||
|
* @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
|
public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
|
||||||
extends AbstractInterceptUrlConfigurer<ExpressionUrlAuthorizationConfigurer<H>, H> {
|
extends AbstractInterceptUrlConfigurer<ExpressionUrlAuthorizationConfigurer<H>, H> {
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2018 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -85,7 +85,9 @@ import org.springframework.util.Assert;
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 3.2
|
* @since 3.2
|
||||||
* @see ExpressionUrlAuthorizationConfigurer
|
* @see ExpressionUrlAuthorizationConfigurer
|
||||||
|
* @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
|
public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
|
||||||
extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>, H> {
|
extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>, H> {
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -46,7 +46,9 @@ import org.springframework.util.xml.DomUtils;
|
||||||
* for use with a FilterSecurityInterceptor.
|
* for use with a FilterSecurityInterceptor.
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
|
* @deprecated Use `use-authorization-manager` property instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinitionParser {
|
public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinitionParser {
|
||||||
|
|
||||||
private static final String ATT_USE_EXPRESSIONS = "use-expressions";
|
private static final String ATT_USE_EXPRESSIONS = "use-expressions";
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2018 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -89,7 +89,9 @@ import org.springframework.util.xml.DomUtils;
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 2.0
|
* @since 2.0
|
||||||
|
* @deprecated Use {@link MethodSecurityBeanDefinitionParser} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
|
||||||
|
|
||||||
private final Log logger = LogFactory.getLog(getClass());
|
private final Log logger = LogFactory.getLog(getClass());
|
||||||
|
|
|
@ -125,7 +125,11 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
|
||||||
/**
|
/**
|
||||||
* This is the real class which does the work. We need access to the ParserContext in
|
* This is the real class which does the work. We need access to the ParserContext in
|
||||||
* order to do bean registration.
|
* order to do bean registration.
|
||||||
|
*
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link InternalAuthorizationManagerInterceptMethodsBeanDefinitionDecorator}
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
static class InternalInterceptMethodsBeanDefinitionDecorator
|
static class InternalInterceptMethodsBeanDefinitionDecorator
|
||||||
extends AbstractInterceptorDrivenBeanDefinitionDecorator {
|
extends AbstractInterceptorDrivenBeanDefinitionDecorator {
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -36,7 +36,10 @@ import org.springframework.util.xml.DomUtils;
|
||||||
/**
|
/**
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.1
|
* @since 3.1
|
||||||
|
* @deprecated Use {@code <intercept-methods>}, {@code <method-security>}, or
|
||||||
|
* {@code @EnableMethodSecurity}
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBeanDefinitionParser {
|
||||||
|
|
||||||
static final String ATT_METHOD = "method";
|
static final String ATT_METHOD = "method";
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -63,7 +63,9 @@ import org.springframework.util.StringUtils;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @since 2.0
|
* @since 2.0
|
||||||
|
* @deprecated Use {@code use-authorization-manager} flag instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
final class ProtectPointcutPostProcessor implements BeanPostProcessor {
|
final class ProtectPointcutPostProcessor implements BeanPostProcessor {
|
||||||
|
|
||||||
private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class);
|
private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class);
|
||||||
|
|
|
@ -19,13 +19,16 @@ package org.springframework.security.access;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
import org.springframework.security.authentication.InsufficientAuthenticationException;
|
import org.springframework.security.authentication.InsufficientAuthenticationException;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Makes a final access control (authorization) decision.
|
* Makes a final access control (authorization) decision.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Use {@link AuthorizationManager} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public interface AccessDecisionManager {
|
public interface AccessDecisionManager {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -18,6 +18,7 @@ package org.springframework.security.access;
|
||||||
|
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -28,7 +29,9 @@ import org.springframework.security.core.Authentication;
|
||||||
* {@link org.springframework.security.access.AccessDecisionManager}.
|
* {@link org.springframework.security.access.AccessDecisionManager}.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Use {@link AuthorizationManager} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public interface AccessDecisionVoter<S> {
|
public interface AccessDecisionVoter<S> {
|
||||||
|
|
||||||
int ACCESS_GRANTED = 1;
|
int ACCESS_GRANTED = 1;
|
||||||
|
|
|
@ -19,6 +19,7 @@ package org.springframework.security.access;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -26,7 +27,11 @@ import org.springframework.security.core.Authentication;
|
||||||
* {@link AfterInvocationProviderManager} decision.
|
* {@link AfterInvocationProviderManager} decision.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
|
||||||
|
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
|
||||||
|
* @deprecated Use delegation with {@link AuthorizationManager}
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public interface AfterInvocationProvider {
|
public interface AfterInvocationProvider {
|
||||||
|
|
||||||
Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
|
Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -28,7 +28,11 @@ import org.springframework.security.access.ConfigAttribute;
|
||||||
* Used by {@code SecuredAnnotationSecurityMetadataSource}.
|
* Used by {@code SecuredAnnotationSecurityMetadataSource}.
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
|
* @deprecated Used only by now-deprecated classes. Consider
|
||||||
|
* {@link org.springframework.security.authorization.method.SecuredAuthorizationManager}
|
||||||
|
* for `@Secured` methods.
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public interface AnnotationMetadataExtractor<A extends Annotation> {
|
public interface AnnotationMetadataExtractor<A extends Annotation> {
|
||||||
|
|
||||||
Collection<? extends ConfigAttribute> extractAttributes(A securityAnnotation);
|
Collection<? extends ConfigAttribute> extractAttributes(A securityAnnotation);
|
||||||
|
|
|
@ -35,7 +35,11 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @since 2.0
|
* @since 2.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.Jsr250AuthorizationManager}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
|
public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
|
||||||
|
|
||||||
private String defaultRolePrefix = "ROLE_";
|
private String defaultRolePrefix = "ROLE_";
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -20,13 +20,16 @@ import javax.annotation.security.DenyAll;
|
||||||
import javax.annotation.security.PermitAll;
|
import javax.annotation.security.PermitAll;
|
||||||
|
|
||||||
import org.springframework.security.access.SecurityConfig;
|
import org.springframework.security.access.SecurityConfig;
|
||||||
|
import org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Security config applicable as a JSR 250 annotation attribute.
|
* Security config applicable as a JSR 250 annotation attribute.
|
||||||
*
|
*
|
||||||
* @author Ryan Heaton
|
* @author Ryan Heaton
|
||||||
* @since 2.0
|
* @since 2.0
|
||||||
|
* @deprecated Use {@link AuthorizationManagerBeforeMethodInterceptor#jsr250()} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class Jsr250SecurityConfig extends SecurityConfig {
|
public class Jsr250SecurityConfig extends SecurityConfig {
|
||||||
|
|
||||||
public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName());
|
public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName());
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -28,7 +28,11 @@ import org.springframework.security.core.GrantedAuthority;
|
||||||
*
|
*
|
||||||
* @author Ryan Heaton
|
* @author Ryan Heaton
|
||||||
* @since 2.0
|
* @since 2.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.Jsr250AuthorizationManager}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class Jsr250Voter implements AccessDecisionVoter<Object> {
|
public class Jsr250Voter implements AccessDecisionVoter<Object> {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -38,7 +38,10 @@ import org.springframework.util.Assert;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor#secured}
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
@SuppressWarnings({ "unchecked" })
|
@SuppressWarnings({ "unchecked" })
|
||||||
public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
|
public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,11 @@ import org.springframework.context.ApplicationEvent;
|
||||||
* Abstract superclass for all security interception related events.
|
* Abstract superclass for all security interception related events.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Authorization events have moved. Consider
|
||||||
|
* {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent} and
|
||||||
|
* {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent}
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public abstract class AbstractAuthorizationEvent extends ApplicationEvent {
|
public abstract class AbstractAuthorizationEvent extends ApplicationEvent {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -27,7 +27,11 @@ import org.springframework.util.Assert;
|
||||||
* could not be obtained from the <code>SecurityContextHolder</code>.
|
* could not be obtained from the <code>SecurityContextHolder</code>.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Authentication is now separated from authorization. Consider
|
||||||
|
* {@link org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent}
|
||||||
|
* instead.
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizationEvent {
|
public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizationEvent {
|
||||||
|
|
||||||
private final AuthenticationCredentialsNotFoundException credentialsNotFoundException;
|
private final AuthenticationCredentialsNotFoundException credentialsNotFoundException;
|
||||||
|
|
|
@ -34,7 +34,11 @@ import org.springframework.util.Assert;
|
||||||
* AfterInvocationManager}.
|
* AfterInvocationManager}.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
|
public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
|
||||||
|
|
||||||
private final AccessDeniedException accessDeniedException;
|
private final AccessDeniedException accessDeniedException;
|
||||||
|
|
|
@ -29,7 +29,11 @@ import org.springframework.util.Assert;
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class AuthorizedEvent extends AbstractAuthorizationEvent {
|
public class AuthorizedEvent extends AbstractAuthorizationEvent {
|
||||||
|
|
||||||
private final Authentication authentication;
|
private final Authentication authentication;
|
||||||
|
|
|
@ -30,7 +30,10 @@ import org.springframework.core.log.LogMessage;
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Logging is now embedded in Spring Security components. If you need further
|
||||||
|
* logging, please consider using your own {@link ApplicationListener}
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class LoggerListener implements ApplicationListener<AbstractAuthorizationEvent> {
|
public class LoggerListener implements ApplicationListener<AbstractAuthorizationEvent> {
|
||||||
|
|
||||||
private static final Log logger = LogFactory.getLog(LoggerListener.class);
|
private static final Log logger = LogFactory.getLog(LoggerListener.class);
|
||||||
|
|
|
@ -16,6 +16,8 @@
|
||||||
|
|
||||||
package org.springframework.security.access.event;
|
package org.springframework.security.access.event;
|
||||||
|
|
||||||
|
import org.springframework.security.authorization.event.AuthorizationGrantedEvent;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Event that is generated whenever a public secure object is invoked.
|
* Event that is generated whenever a public secure object is invoked.
|
||||||
* <p>
|
* <p>
|
||||||
|
@ -28,7 +30,10 @@ package org.springframework.security.access.event;
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Only used by now-deprecated classes. Consider
|
||||||
|
* {@link AuthorizationGrantedEvent#getSource()} to deduce public invocations.
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class PublicInvocationEvent extends AbstractAuthorizationEvent {
|
public class PublicInvocationEvent extends AbstractAuthorizationEvent {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -32,7 +32,10 @@ import org.springframework.util.Assert;
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
|
||||||
|
* interceptors instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAttribute {
|
abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAttribute {
|
||||||
|
|
||||||
private final Expression filterExpression;
|
private final Expression filterExpression;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -30,7 +30,10 @@ import org.springframework.security.access.prepost.PrePostInvocationAttributeFac
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
|
||||||
|
* interceptors instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocationAttributeFactory {
|
public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocationAttributeFactory {
|
||||||
|
|
||||||
private final Object parserLock = new Object();
|
private final Object parserLock = new Object();
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -32,7 +32,11 @@ import org.springframework.security.core.Authentication;
|
||||||
/**
|
/**
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthorizationAdvice {
|
public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthorizationAdvice {
|
||||||
|
|
||||||
protected final Log logger = LogFactory.getLog(getClass());
|
protected final Log logger = LogFactory.getLog(getClass());
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2019 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -33,7 +33,11 @@ import org.springframework.util.Assert;
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthorizationAdvice {
|
public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthorizationAdvice {
|
||||||
|
|
||||||
private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
|
private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -23,7 +23,11 @@ import org.springframework.security.access.prepost.PostInvocationAttribute;
|
||||||
/**
|
/**
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
|
class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
|
||||||
implements PostInvocationAttribute {
|
implements PostInvocationAttribute {
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -23,7 +23,11 @@ import org.springframework.security.access.prepost.PreInvocationAttribute;
|
||||||
/**
|
/**
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
|
class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
|
||||||
implements PreInvocationAttribute {
|
implements PreInvocationAttribute {
|
||||||
|
|
||||||
|
|
|
@ -104,7 +104,17 @@ import org.springframework.util.CollectionUtils;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.web.access.intercept.AuthorizationFilter} instead
|
||||||
|
* for filter security,
|
||||||
|
* {@link org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor}
|
||||||
|
* for messaging security, or
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
|
||||||
|
* and
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
|
||||||
|
* for method security.
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public abstract class AbstractSecurityInterceptor
|
public abstract class AbstractSecurityInterceptor
|
||||||
implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {
|
implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {
|
||||||
|
|
||||||
|
|
|
@ -20,6 +20,7 @@ import java.util.Collection;
|
||||||
|
|
||||||
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -41,7 +42,11 @@ import org.springframework.security.core.Authentication;
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
|
||||||
|
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
|
||||||
|
* @deprecated Use delegation with {@link AuthorizationManager}
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public interface AfterInvocationManager {
|
public interface AfterInvocationManager {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -28,6 +28,7 @@ import org.springframework.core.log.LogMessage;
|
||||||
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
import org.springframework.security.access.AfterInvocationProvider;
|
import org.springframework.security.access.AfterInvocationProvider;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.CollectionUtils;
|
import org.springframework.util.CollectionUtils;
|
||||||
|
@ -47,7 +48,11 @@ import org.springframework.util.CollectionUtils;
|
||||||
* given provider is configured to respond to).
|
* given provider is configured to respond to).
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
|
||||||
|
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
|
||||||
|
* @deprecated Use delegation with {@link AuthorizationManager}
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class AfterInvocationProviderManager implements AfterInvocationManager, InitializingBean {
|
public class AfterInvocationProviderManager implements AfterInvocationManager, InitializingBean {
|
||||||
|
|
||||||
protected static final Log logger = LogFactory.getLog(AfterInvocationProviderManager.class);
|
protected static final Log logger = LogFactory.getLog(AfterInvocationProviderManager.class);
|
||||||
|
|
|
@ -19,6 +19,7 @@ package org.springframework.security.access.intercept;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
|
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.security.core.context.SecurityContext;
|
import org.springframework.security.core.context.SecurityContext;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -29,7 +30,11 @@ import org.springframework.security.core.context.SecurityContext;
|
||||||
* can tidy up correctly.
|
* can tidy up correctly.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
|
||||||
|
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
|
||||||
|
* @deprecated Use delegation with {@link AuthorizationManager}
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class InterceptorStatusToken {
|
public class InterceptorStatusToken {
|
||||||
|
|
||||||
private SecurityContext securityContext;
|
private SecurityContext securityContext;
|
||||||
|
|
|
@ -43,7 +43,10 @@ import org.springframework.util.Assert;
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
|
public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
|
||||||
|
|
||||||
protected static final Log logger = LogFactory.getLog(MethodInvocationPrivilegeEvaluator.class);
|
protected static final Log logger = LogFactory.getLog(MethodInvocationPrivilegeEvaluator.class);
|
||||||
|
|
|
@ -39,7 +39,12 @@ import org.springframework.util.Assert;
|
||||||
* <P>
|
* <P>
|
||||||
* If the key does not match, a <code>BadCredentialsException</code> is thrown.
|
* If the key does not match, a <code>BadCredentialsException</code> is thrown.
|
||||||
* </p>
|
* </p>
|
||||||
|
*
|
||||||
|
* @deprecated Authentication is now separated from authorization in Spring Security. This
|
||||||
|
* class is only used by now-deprecated components. There is not yet an equivalent
|
||||||
|
* replacement in Spring Security.
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
|
public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
|
||||||
|
|
||||||
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
|
||||||
|
|
|
@ -57,7 +57,11 @@ import org.springframework.security.core.Authentication;
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Authentication is now separated from authorization in Spring Security. This
|
||||||
|
* class is only used by now-deprecated components. There is not yet an equivalent
|
||||||
|
* replacement in Spring Security.
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public interface RunAsManager {
|
public interface RunAsManager {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -52,7 +52,11 @@ import org.springframework.util.Assert;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author colin sampaleanu
|
* @author colin sampaleanu
|
||||||
|
* @deprecated Authentication is now separated from authorization in Spring Security. This
|
||||||
|
* class is only used by now-deprecated components. There is not yet an equivalent
|
||||||
|
* replacement in Spring Security.
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class RunAsManagerImpl implements RunAsManager, InitializingBean {
|
public class RunAsManagerImpl implements RunAsManager, InitializingBean {
|
||||||
|
|
||||||
private String key;
|
private String key;
|
||||||
|
|
|
@ -28,7 +28,11 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
|
||||||
* that supports {@link RunAsManagerImpl}.
|
* that supports {@link RunAsManagerImpl}.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Authentication is now separated from authorization in Spring Security. This
|
||||||
|
* class is only used by now-deprecated components. There is not yet an equivalent
|
||||||
|
* replacement in Spring Security.
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class RunAsUserToken extends AbstractAuthenticationToken {
|
public class RunAsUserToken extends AbstractAuthenticationToken {
|
||||||
|
|
||||||
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
|
private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
|
||||||
|
|
|
@ -36,7 +36,13 @@ import org.springframework.security.access.method.MethodSecurityMetadataSource;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
|
* @deprecated Please use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
|
||||||
|
* and
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor {
|
public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor {
|
||||||
|
|
||||||
private MethodSecurityMetadataSource securityMetadataSource;
|
private MethodSecurityMetadataSource securityMetadataSource;
|
||||||
|
|
|
@ -51,7 +51,9 @@ import org.springframework.util.CollectionUtils;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
|
* @deprecated Use {@link EnableMethodSecurity} or publish interceptors directly
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware {
|
public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware {
|
||||||
|
|
||||||
private transient MethodSecurityMetadataSource attributeSource;
|
private transient MethodSecurityMetadataSource attributeSource;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -22,6 +22,7 @@ import java.util.Collections;
|
||||||
|
|
||||||
import org.springframework.aop.support.AopUtils;
|
import org.springframework.aop.support.AopUtils;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Abstract implementation of {@link MethodSecurityMetadataSource} that supports both
|
* Abstract implementation of {@link MethodSecurityMetadataSource} that supports both
|
||||||
|
@ -43,7 +44,11 @@ import org.springframework.security.access.ConfigAttribute;
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author Luke taylor
|
* @author Luke taylor
|
||||||
* @since 2.0
|
* @since 2.0
|
||||||
|
* @deprecated Use the {@code use-authorization-manager} attribute for
|
||||||
|
* {@code <method-security>} and {@code <intercept-methods>} instead or use
|
||||||
|
* annotation-based or {@link AuthorizationManager}-based authorization
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
|
public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -24,6 +24,7 @@ import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
import org.springframework.aop.framework.AopProxyUtils;
|
import org.springframework.aop.framework.AopProxyUtils;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Abstract implementation of <tt>MethodSecurityMetadataSource</tt> which resolves the
|
* Abstract implementation of <tt>MethodSecurityMetadataSource</tt> which resolves the
|
||||||
|
@ -31,7 +32,11 @@ import org.springframework.security.access.ConfigAttribute;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
|
* @deprecated Use the {@code use-authorization-manager} attribute for
|
||||||
|
* {@code <method-security>} and {@code <intercept-methods>} instead or use
|
||||||
|
* annotation-based or {@link AuthorizationManager}-based authorization
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public abstract class AbstractMethodSecurityMetadataSource implements MethodSecurityMetadataSource {
|
public abstract class AbstractMethodSecurityMetadataSource implements MethodSecurityMetadataSource {
|
||||||
|
|
||||||
protected final Log logger = LogFactory.getLog(getClass());
|
protected final Log logger = LogFactory.getLog(getClass());
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -27,6 +27,7 @@ import java.util.Set;
|
||||||
|
|
||||||
import org.springframework.core.log.LogMessage;
|
import org.springframework.core.log.LogMessage;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.ObjectUtils;
|
import org.springframework.util.ObjectUtils;
|
||||||
|
|
||||||
|
@ -37,7 +38,11 @@ import org.springframework.util.ObjectUtils;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
|
* @deprecated Use the {@code use-authorization-manager} attribute for
|
||||||
|
* {@code <method-security>} and {@code <intercept-methods>} instead or use
|
||||||
|
* annotation-based or {@link AuthorizationManager}-based authorization
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public final class DelegatingMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
|
public final class DelegatingMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
|
||||||
|
|
||||||
private static final List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
|
private static final List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
|
||||||
|
|
|
@ -28,6 +28,7 @@ import java.util.Set;
|
||||||
import org.springframework.beans.factory.BeanClassLoaderAware;
|
import org.springframework.beans.factory.BeanClassLoaderAware;
|
||||||
import org.springframework.core.log.LogMessage;
|
import org.springframework.core.log.LogMessage;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
import org.springframework.util.ClassUtils;
|
import org.springframework.util.ClassUtils;
|
||||||
|
|
||||||
|
@ -42,7 +43,11 @@ import org.springframework.util.ClassUtils;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @since 2.0
|
* @since 2.0
|
||||||
|
* @deprecated Use the {@code use-authorization-manager} attribute for
|
||||||
|
* {@code <method-security>} and {@code <intercept-methods>} instead or use
|
||||||
|
* annotation-based or {@link AuthorizationManager}-based authorization
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource
|
public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource
|
||||||
implements BeanClassLoaderAware {
|
implements BeanClassLoaderAware {
|
||||||
|
|
||||||
|
|
|
@ -21,12 +21,18 @@ import java.util.Collection;
|
||||||
|
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
import org.springframework.security.access.SecurityMetadataSource;
|
import org.springframework.security.access.SecurityMetadataSource;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Interface for <code>SecurityMetadataSource</code> implementations that are designed to
|
* Interface for <code>SecurityMetadataSource</code> implementations that are designed to
|
||||||
* perform lookups keyed on <code>Method</code>s.
|
* perform lookups keyed on <code>Method</code>s.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @see org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
|
||||||
|
* @see org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
|
||||||
|
* @deprecated Use the {@code use-authorization-manager} attribute for
|
||||||
|
* {@code <method-security>} and {@code <intercept-methods>} instead or use
|
||||||
|
* annotation-based or {@link AuthorizationManager}-based authorization
|
||||||
*/
|
*/
|
||||||
public interface MethodSecurityMetadataSource extends SecurityMetadataSource {
|
public interface MethodSecurityMetadataSource extends SecurityMetadataSource {
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -36,7 +36,11 @@ import org.springframework.security.core.Authentication;
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @author Alexander Furer
|
* @author Alexander Furer
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class PostInvocationAdviceProvider implements AfterInvocationProvider {
|
public class PostInvocationAdviceProvider implements AfterInvocationProvider {
|
||||||
|
|
||||||
protected final Log logger = LogFactory.getLog(getClass());
|
protected final Log logger = LogFactory.getLog(getClass());
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -26,7 +26,11 @@ import org.springframework.security.access.ConfigAttribute;
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public interface PostInvocationAttribute extends ConfigAttribute {
|
public interface PostInvocationAttribute extends ConfigAttribute {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -27,7 +27,11 @@ import org.springframework.security.core.Authentication;
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public interface PostInvocationAuthorizationAdvice extends AopInfrastructureBean {
|
public interface PostInvocationAuthorizationAdvice extends AopInfrastructureBean {
|
||||||
|
|
||||||
Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute pia, Object returnedObject)
|
Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute pia, Object returnedObject)
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -26,7 +26,11 @@ import org.springframework.security.access.ConfigAttribute;
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public interface PreInvocationAttribute extends ConfigAttribute {
|
public interface PreInvocationAttribute extends ConfigAttribute {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -26,7 +26,11 @@ import org.springframework.security.core.Authentication;
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public interface PreInvocationAuthorizationAdvice extends AopInfrastructureBean {
|
public interface PreInvocationAuthorizationAdvice extends AopInfrastructureBean {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -38,7 +38,11 @@ import org.springframework.security.core.Authentication;
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVoter<MethodInvocation> {
|
public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVoter<MethodInvocation> {
|
||||||
|
|
||||||
protected final Log logger = LogFactory.getLog(getClass());
|
protected final Log logger = LogFactory.getLog(getClass());
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -48,7 +48,13 @@ import org.springframework.util.ClassUtils;
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
* @see PreInvocationAuthorizationAdviceVoter
|
* @see PreInvocationAuthorizationAdviceVoter
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager}
|
||||||
|
* and
|
||||||
|
* {@link org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
|
public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
|
||||||
|
|
||||||
private final PrePostInvocationAttributeFactory attributeFactory;
|
private final PrePostInvocationAttributeFactory attributeFactory;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -17,10 +17,14 @@
|
||||||
package org.springframework.security.access.prepost;
|
package org.springframework.security.access.prepost;
|
||||||
|
|
||||||
import org.springframework.aop.framework.AopInfrastructureBean;
|
import org.springframework.aop.framework.AopInfrastructureBean;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
|
||||||
|
* @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
|
||||||
|
* @deprecated Use delegation with {@link AuthorizationManager}
|
||||||
*/
|
*/
|
||||||
public interface PrePostInvocationAttributeFactory extends AopInfrastructureBean {
|
public interface PrePostInvocationAttributeFactory extends AopInfrastructureBean {
|
||||||
|
|
||||||
|
|
|
@ -29,6 +29,7 @@ import org.springframework.security.access.AccessDecisionManager;
|
||||||
import org.springframework.security.access.AccessDecisionVoter;
|
import org.springframework.security.access.AccessDecisionVoter;
|
||||||
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.security.core.SpringSecurityMessageSource;
|
import org.springframework.security.core.SpringSecurityMessageSource;
|
||||||
import org.springframework.util.Assert;
|
import org.springframework.util.Assert;
|
||||||
|
|
||||||
|
@ -39,7 +40,10 @@ import org.springframework.util.Assert;
|
||||||
* Handles configuration of a bean context defined list of {@link AccessDecisionVoter}s
|
* Handles configuration of a bean context defined list of {@link AccessDecisionVoter}s
|
||||||
* and the access control behaviour if all voters abstain from voting (defaults to deny
|
* and the access control behaviour if all voters abstain from voting (defaults to deny
|
||||||
* access).
|
* access).
|
||||||
|
*
|
||||||
|
* @deprecated Use {@link AuthorizationManager} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public abstract class AbstractAccessDecisionManager
|
public abstract class AbstractAccessDecisionManager
|
||||||
implements AccessDecisionManager, InitializingBean, MessageSourceAware {
|
implements AccessDecisionManager, InitializingBean, MessageSourceAware {
|
||||||
|
|
||||||
|
|
|
@ -27,7 +27,10 @@ import org.springframework.util.Assert;
|
||||||
* particular ACL system.
|
* particular ACL system.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Now used by only-deprecated classes. Generally speaking, in-memory ACL is
|
||||||
|
* no longer advised, so no replacement is planned at this point.
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvocation> {
|
public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvocation> {
|
||||||
|
|
||||||
private Class<?> processDomainObjectClass;
|
private Class<?> processDomainObjectClass;
|
||||||
|
|
|
@ -22,13 +22,17 @@ import java.util.List;
|
||||||
import org.springframework.security.access.AccessDecisionVoter;
|
import org.springframework.security.access.AccessDecisionVoter;
|
||||||
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Simple concrete implementation of
|
* Simple concrete implementation of
|
||||||
* {@link org.springframework.security.access.AccessDecisionManager} that grants access if
|
* {@link org.springframework.security.access.AccessDecisionManager} that grants access if
|
||||||
* any <code>AccessDecisionVoter</code> returns an affirmative response.
|
* any <code>AccessDecisionVoter</code> returns an affirmative response.
|
||||||
|
*
|
||||||
|
* @deprecated Use {@link AuthorizationManager} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class AffirmativeBased extends AbstractAccessDecisionManager {
|
public class AffirmativeBased extends AbstractAccessDecisionManager {
|
||||||
|
|
||||||
public AffirmativeBased(List<AccessDecisionVoter<?>> decisionVoters) {
|
public AffirmativeBased(List<AccessDecisionVoter<?>> decisionVoters) {
|
||||||
|
|
|
@ -45,7 +45,11 @@ import org.springframework.util.Assert;
|
||||||
* All comparisons and prefixes are case sensitive.
|
* All comparisons and prefixes are case sensitive.
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.AuthorityAuthorizationManager}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
|
public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
|
||||||
|
|
||||||
public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
|
public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
|
||||||
|
|
|
@ -22,6 +22,7 @@ import java.util.List;
|
||||||
import org.springframework.security.access.AccessDecisionVoter;
|
import org.springframework.security.access.AccessDecisionVoter;
|
||||||
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -32,7 +33,10 @@ import org.springframework.security.core.Authentication;
|
||||||
* "Consensus" here means majority-rule (ignoring abstains) rather than unanimous
|
* "Consensus" here means majority-rule (ignoring abstains) rather than unanimous
|
||||||
* agreement (ignoring abstains). If you require unanimity, please see
|
* agreement (ignoring abstains). If you require unanimity, please see
|
||||||
* {@link UnanimousBased}.
|
* {@link UnanimousBased}.
|
||||||
|
*
|
||||||
|
* @deprecated Use {@link AuthorizationManager} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class ConsensusBased extends AbstractAccessDecisionManager {
|
public class ConsensusBased extends AbstractAccessDecisionManager {
|
||||||
|
|
||||||
private boolean allowIfEqualGrantedDeniedDecisions = true;
|
private boolean allowIfEqualGrantedDeniedDecisions = true;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -29,7 +29,11 @@ import org.springframework.util.Assert;
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 2.0.4
|
* @since 2.0.4
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.AuthorityAuthorizationManager#setRoleHierarchy}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class RoleHierarchyVoter extends RoleVoter {
|
public class RoleHierarchyVoter extends RoleVoter {
|
||||||
|
|
||||||
private RoleHierarchy roleHierarchy = null;
|
private RoleHierarchy roleHierarchy = null;
|
||||||
|
|
|
@ -48,7 +48,11 @@ import org.springframework.security.core.GrantedAuthority;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author colin sampaleanu
|
* @author colin sampaleanu
|
||||||
|
* @deprecated Use
|
||||||
|
* {@link org.springframework.security.authorization.AuthorityAuthorizationManager}
|
||||||
|
* instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class RoleVoter implements AccessDecisionVoter<Object> {
|
public class RoleVoter implements AccessDecisionVoter<Object> {
|
||||||
|
|
||||||
private String rolePrefix = "ROLE_";
|
private String rolePrefix = "ROLE_";
|
||||||
|
|
|
@ -23,13 +23,17 @@ import java.util.List;
|
||||||
import org.springframework.security.access.AccessDecisionVoter;
|
import org.springframework.security.access.AccessDecisionVoter;
|
||||||
import org.springframework.security.access.AccessDeniedException;
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
import org.springframework.security.access.ConfigAttribute;
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authorization.AuthorizationManager;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Simple concrete implementation of
|
* Simple concrete implementation of
|
||||||
* {@link org.springframework.security.access.AccessDecisionManager} that requires all
|
* {@link org.springframework.security.access.AccessDecisionManager} that requires all
|
||||||
* voters to abstain or grant access.
|
* voters to abstain or grant access.
|
||||||
|
*
|
||||||
|
* @deprecated Use {@link AuthorizationManager} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class UnanimousBased extends AbstractAccessDecisionManager {
|
public class UnanimousBased extends AbstractAccessDecisionManager {
|
||||||
|
|
||||||
public UnanimousBased(List<AccessDecisionVoter<?>> decisionVoters) {
|
public UnanimousBased(List<AccessDecisionVoter<?>> decisionVoters) {
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2021 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -38,7 +38,9 @@ import org.springframework.web.context.ServletContextAware;
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use {@link AuthorizationManagerWebInvocationPrivilegeEvaluator} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator, ServletContextAware {
|
public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator, ServletContextAware {
|
||||||
|
|
||||||
protected static final Log logger = LogFactory.getLog(DefaultWebInvocationPrivilegeEvaluator.class);
|
protected static final Log logger = LogFactory.getLog(DefaultWebInvocationPrivilegeEvaluator.class);
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Copyright 2002-2016 the original author or authors.
|
* Copyright 2002-2022 the original author or authors.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -35,7 +35,9 @@ import org.springframework.util.Assert;
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
* @since 3.0
|
* @since 3.0
|
||||||
|
* @deprecated Use {@link WebExpressionAuthorizationManager} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation> {
|
public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation> {
|
||||||
|
|
||||||
private final Log logger = LogFactory.getLog(getClass());
|
private final Log logger = LogFactory.getLog(getClass());
|
||||||
|
|
|
@ -41,7 +41,9 @@ import org.springframework.security.web.FilterInvocation;
|
||||||
*
|
*
|
||||||
* @author Ben Alex
|
* @author Ben Alex
|
||||||
* @author Rob Winch
|
* @author Rob Winch
|
||||||
|
* @deprecated Use {@link AuthorizationFilter} instead
|
||||||
*/
|
*/
|
||||||
|
@Deprecated
|
||||||
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
|
public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
|
||||||
|
|
||||||
private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";
|
private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";
|
||||||
|
|
Loading…
Reference in New Issue