Deprecate AccessDecisionManager et al

Closes gh-11302
2022-05-31 10:13:11 -06:00 · 2022-05-31 10:13:11 -06:00 · 3f8503f1b4
parent 983ca6ea27
commit 3f8503f1b4
71 changed files with 297 additions and 34 deletions
--- a/aspects/src/main/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspect.aj
+++ b/aspects/src/main/java/org/springframework/security/access/intercept/aspectj/aspect/AnnotationSecurityAspect.aj
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -37,7 +37,9 @@ import org.springframework.security.access.prepost.PreFilter;
 * @author Mike Wiesner
 * @author Luke Taylor
 * @since 3.1
 * @deprecated Use aspects in {@link org.springframework.security.authorization.method.aspectj} instead
 */
@Deprecated
 public aspect AnnotationSecurityAspect implements InitializingBean {
 		/**
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -43,7 +43,9 @@ import org.springframework.security.config.annotation.authentication.configurati
 *
 * @author Rob Winch
 * @since 3.2
 * @deprecated Use {@link EnableMethodSecurity} instead
 */
@Deprecated
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.TYPE)
@Documented
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityAspectJAutoProxyRegistrar.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -36,7 +36,9 @@ import org.springframework.core.type.AnnotationMetadata;
 *
 * @author Rob Winch
 * @since 3.2
 * @deprecated Use {@link EnableMethodSecurity} instead
 */
@Deprecated
 class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinitionRegistrar {
 	/**
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java
@ -86,7 +86,11 @@ import org.springframework.util.Assert;
 * @author Eddú Meléndez
 * @since 3.2
 * @see EnableGlobalMethodSecurity
 * @deprecated Use {@link PrePostMethodSecurityConfiguration},
 * {@link SecuredMethodSecurityConfiguration}, or
 * {@link Jsr250MethodSecurityConfiguration} instead
 */
@Deprecated
@Configuration(proxyBeanMethods = false)
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
 public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInitializingSingleton, BeanFactoryAware {
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecuritySelector.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -34,7 +34,9 @@ import org.springframework.util.ClassUtils;
 *
 * @author Rob Winch
 * @since 3.2
 * @deprecated Use {@link MethodSecuritySelector} instead
 */
@Deprecated
 final class GlobalMethodSecuritySelector implements ImportSelector {
 	@Override
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/Jsr250MetadataSourceConfiguration.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -24,6 +24,7 @@ import org.springframework.security.access.annotation.Jsr250MethodSecurityMetada
@Configuration(proxyBeanMethods = false)
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
@Deprecated
 class Jsr250MetadataSourceConfiguration {
 	@Bean
--- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/MethodSecurityMetadataSourceAdvisorRegistrar.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -32,7 +32,9 @@ import org.springframework.util.MultiValueMap;
 * @author Rob Winch
 * @since 4.0.2
 * @see GlobalMethodSecuritySelector
 * @deprecated Use {@link MethodSecuritySelector} instead
 */
@Deprecated
 class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefinitionRegistrar {
 	/**
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@ -1281,8 +1281,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * </pre>
 	 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
 	 * @throws Exception
 	 * @deprecated Use {@link #authorizeHttpRequests()} instead
 	 * @see #requestMatcher(RequestMatcher)
 	 */
 	@Deprecated
 	public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
 			throws Exception {
 		ApplicationContext context = getContext();
@ -1395,8 +1397,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 * @deprecated Use {@link #authorizeHttpRequests} instead
 	 * @see #requestMatcher(RequestMatcher)
 	 */
 	@Deprecated
 	public HttpSecurity authorizeRequests(
 			Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer)
 			throws Exception {
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractInterceptUrlConfigurer.java
@ -60,7 +60,9 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
 * @since 3.2
 * @see ExpressionUrlAuthorizationConfigurer
 * @see UrlAuthorizationConfigurer
 * @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
 */
@Deprecated
 public abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C, H>, H extends HttpSecurityBuilder<H>>
 		extends AbstractHttpConfigurer<C, H> {
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -79,7 +79,9 @@ import org.springframework.util.StringUtils;
 * @author Yanming Zhou
 * @since 3.2
 * @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()
 * @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
 */
@Deprecated
 public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractInterceptUrlConfigurer<ExpressionUrlAuthorizationConfigurer<H>, H> {
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -85,7 +85,9 @@ import org.springframework.util.Assert;
 * @author Rob Winch
 * @since 3.2
 * @see ExpressionUrlAuthorizationConfigurer
 * @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
 */
@Deprecated
 public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>, H> {
--- a/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/FilterInvocationSecurityMetadataSourceParser.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -46,7 +46,9 @@ import org.springframework.util.xml.DomUtils;
 * for use with a FilterSecurityInterceptor.
 *
 * @author Luke Taylor
 * @deprecated Use `use-authorization-manager` property instead
 */
@Deprecated
 public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinitionParser {
 	private static final String ATT_USE_EXPRESSIONS = "use-expressions";
--- a/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/GlobalMethodSecurityBeanDefinitionParser.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -89,7 +89,9 @@ import org.springframework.util.xml.DomUtils;
 * @author Luke Taylor
 * @author Rob Winch
 * @since 2.0
 * @deprecated Use {@link MethodSecurityBeanDefinitionParser} instead
 */
@Deprecated
 public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {
 	private final Log logger = LogFactory.getLog(getClass());
--- a/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
+++ b/config/src/main/java/org/springframework/security/config/method/InterceptMethodsBeanDefinitionDecorator.java
@ -125,7 +125,11 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
 	/**
 	 * This is the real class which does the work. We need access to the ParserContext in
 	 * order to do bean registration.
 	 *
 	 * @deprecated Use
 	 * {@link InternalAuthorizationManagerInterceptMethodsBeanDefinitionDecorator}
 	 */
 	@Deprecated
 	static class InternalInterceptMethodsBeanDefinitionDecorator
 			extends AbstractInterceptorDrivenBeanDefinitionDecorator {
--- a/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
+++ b/config/src/main/java/org/springframework/security/config/method/MethodSecurityMetadataSourceBeanDefinitionParser.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -36,7 +36,10 @@ import org.springframework.util.xml.DomUtils;
 /**
 * @author Luke Taylor
 * @since 3.1
 * @deprecated Use {@code <intercept-methods>}, {@code <method-security>}, or
 * {@code @EnableMethodSecurity}
 */
@Deprecated
 public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBeanDefinitionParser {
 	static final String ATT_METHOD = "method";
--- a/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
+++ b/config/src/main/java/org/springframework/security/config/method/ProtectPointcutPostProcessor.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -63,7 +63,9 @@ import org.springframework.util.StringUtils;
 *
 * @author Ben Alex
 * @since 2.0
 * @deprecated Use {@code use-authorization-manager} flag instead
 */
@Deprecated
 final class ProtectPointcutPostProcessor implements BeanPostProcessor {
 	private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class);
--- a/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/access/AccessDecisionManager.java
@ -19,13 +19,16 @@ package org.springframework.security.access;
 import java.util.Collection;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.core.Authentication;
 /**
 * Makes a final access control (authorization) decision.
 *
 * @author Ben Alex
 * @deprecated Use {@link AuthorizationManager} instead
 */
@Deprecated
 public interface AccessDecisionManager {
 	/**
--- a/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
+++ b/core/src/main/java/org/springframework/security/access/AccessDecisionVoter.java
@ -18,6 +18,7 @@ package org.springframework.security.access;
 import java.util.Collection;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.core.Authentication;
 /**
@ -28,7 +29,9 @@ import org.springframework.security.core.Authentication;
 * {@link org.springframework.security.access.AccessDecisionManager}.
 *
 * @author Ben Alex
 * @deprecated Use {@link AuthorizationManager} instead
 */
@Deprecated
 public interface AccessDecisionVoter<S> {
 	int ACCESS_GRANTED = 1;
--- a/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
+++ b/core/src/main/java/org/springframework/security/access/AfterInvocationProvider.java
@ -19,6 +19,7 @@ package org.springframework.security.access;
 import java.util.Collection;
 import org.springframework.security.access.intercept.AfterInvocationProviderManager;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.core.Authentication;
 /**
@ -26,7 +27,11 @@ import org.springframework.security.core.Authentication;
 * {@link AfterInvocationProviderManager} decision.
 *
 * @author Ben Alex
 * @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
 * @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
 * @deprecated Use delegation with {@link AuthorizationManager}
 */
@Deprecated
 public interface AfterInvocationProvider {
 	Object decide(Authentication authentication, Object object, Collection<ConfigAttribute> attributes,
--- a/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/AnnotationMetadataExtractor.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -28,7 +28,11 @@ import org.springframework.security.access.ConfigAttribute;
 * Used by {@code SecuredAnnotationSecurityMetadataSource}.
 *
 * @author Luke Taylor
 * @deprecated Used only by now-deprecated classes. Consider
 * {@link org.springframework.security.authorization.method.SecuredAuthorizationManager}
 * for `@Secured` methods.
 */
@Deprecated
 public interface AnnotationMetadataExtractor<A extends Annotation> {
 	Collection<? extends ConfigAttribute> extractAttributes(A securityAnnotation);
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250MethodSecurityMetadataSource.java
@ -35,7 +35,11 @@ import org.springframework.security.access.method.AbstractFallbackMethodSecurity
 *
 * @author Ben Alex
 * @since 2.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.Jsr250AuthorizationManager}
 * instead
 */
@Deprecated
 public class Jsr250MethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
 	private String defaultRolePrefix = "ROLE_";
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -20,13 +20,16 @@ import javax.annotation.security.DenyAll;
 import javax.annotation.security.PermitAll;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor;
 /**
 * Security config applicable as a JSR 250 annotation attribute.
 *
 * @author Ryan Heaton
 * @since 2.0
 * @deprecated Use {@link AuthorizationManagerBeforeMethodInterceptor#jsr250()} instead
 */
@Deprecated
 public class Jsr250SecurityConfig extends SecurityConfig {
 	public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName());
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250Voter.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -28,7 +28,11 @@ import org.springframework.security.core.GrantedAuthority;
 *
 * @author Ryan Heaton
 * @since 2.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.Jsr250AuthorizationManager}
 * instead
 */
@Deprecated
 public class Jsr250Voter implements AccessDecisionVoter<Object> {
 	/**
--- a/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/SecuredAnnotationSecurityMetadataSource.java
@ -38,7 +38,10 @@ import org.springframework.util.Assert;
 *
 * @author Ben Alex
 * @author Luke Taylor
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor#secured}
 */
@Deprecated
@SuppressWarnings({ "unchecked" })
 public class SecuredAnnotationSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource {
--- a/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AbstractAuthorizationEvent.java
@ -22,7 +22,11 @@ import org.springframework.context.ApplicationEvent;
 * Abstract superclass for all security interception related events.
 *
 * @author Ben Alex
 * @deprecated Authorization events have moved. Consider
 * {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent} and
 * {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent}
 */
@Deprecated
 public abstract class AbstractAuthorizationEvent extends ApplicationEvent {
 	/**
--- a/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthenticationCredentialsNotFoundEvent.java
@ -27,7 +27,11 @@ import org.springframework.util.Assert;
 * could not be obtained from the <code>SecurityContextHolder</code>.
 *
 * @author Ben Alex
 * @deprecated Authentication is now separated from authorization. Consider
 * {@link org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent}
 * instead.
 */
@Deprecated
 public class AuthenticationCredentialsNotFoundEvent extends AbstractAuthorizationEvent {
 	private final AuthenticationCredentialsNotFoundException credentialsNotFoundException;
--- a/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthorizationFailureEvent.java
@ -34,7 +34,11 @@ import org.springframework.util.Assert;
 * AfterInvocationManager}.
 *
 * @author Ben Alex
 * @deprecated Use
 * {@link org.springframework.security.authorization.event.AuthorizationDeniedEvent}
 * instead
 */
@Deprecated
 public class AuthorizationFailureEvent extends AbstractAuthorizationEvent {
 	private final AccessDeniedException accessDeniedException;
--- a/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/AuthorizedEvent.java
@ -29,7 +29,11 @@ import org.springframework.util.Assert;
 * </p>
 *
 * @author Ben Alex
 * @deprecated Use
 * {@link org.springframework.security.authorization.event.AuthorizationGrantedEvent}
 * instead
 */
@Deprecated
 public class AuthorizedEvent extends AbstractAuthorizationEvent {
 	private final Authentication authentication;
--- a/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
+++ b/core/src/main/java/org/springframework/security/access/event/LoggerListener.java
@ -30,7 +30,10 @@ import org.springframework.core.log.LogMessage;
 * </p>
 *
 * @author Ben Alex
 * @deprecated Logging is now embedded in Spring Security components. If you need further
 * logging, please consider using your own {@link ApplicationListener}
 */
@Deprecated
 public class LoggerListener implements ApplicationListener<AbstractAuthorizationEvent> {
 	private static final Log logger = LogFactory.getLog(LoggerListener.class);
--- a/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
+++ b/core/src/main/java/org/springframework/security/access/event/PublicInvocationEvent.java
@ -16,6 +16,8 @@
 package org.springframework.security.access.event;
 import org.springframework.security.authorization.event.AuthorizationGrantedEvent;
 /**
 * Event that is generated whenever a public secure object is invoked.
 * <p>
@ -28,7 +30,10 @@ package org.springframework.security.access.event;
 * </p>
 *
 * @author Ben Alex
 * @deprecated Only used by now-deprecated classes. Consider
 * {@link AuthorizationGrantedEvent#getSource()} to deduce public invocations.
 */
@Deprecated
 public class PublicInvocationEvent extends AbstractAuthorizationEvent {
 	/**
--- a/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/AbstractExpressionBasedMethodConfigAttribute.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -32,7 +32,10 @@ import org.springframework.util.Assert;
 *
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
 * interceptors instead
 */
@Deprecated
 abstract class AbstractExpressionBasedMethodConfigAttribute implements ConfigAttribute {
 	private final Expression filterExpression;
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedAnnotationAttributeFactory.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -30,7 +30,10 @@ import org.springframework.security.access.prepost.PrePostInvocationAttributeFac
 * @author Luke Taylor
 * @author Rob Winch
 * @since 3.0
 * @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
 * interceptors instead
 */
@Deprecated
 public class ExpressionBasedAnnotationAttributeFactory implements PrePostInvocationAttributeFactory {
 	private final Object parserLock = new Object();
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPostInvocationAdvice.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -32,7 +32,11 @@ import org.springframework.security.core.Authentication;
 /**
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
 * instead
 */
@Deprecated
 public class ExpressionBasedPostInvocationAdvice implements PostInvocationAuthorizationAdvice {
 	protected final Log logger = LogFactory.getLog(getClass());
--- a/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/ExpressionBasedPreInvocationAdvice.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -33,7 +33,11 @@ import org.springframework.util.Assert;
 *
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
 * instead
 */
@Deprecated
 public class ExpressionBasedPreInvocationAdvice implements PreInvocationAuthorizationAdvice {
 	private MethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();
--- a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -23,7 +23,11 @@ import org.springframework.security.access.prepost.PostInvocationAttribute;
 /**
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
 * instead
 */
@Deprecated
 class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
 		implements PostInvocationAttribute {
--- a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -23,7 +23,11 @@ import org.springframework.security.access.prepost.PreInvocationAttribute;
 /**
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
 * instead
 */
@Deprecated
 class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
 		implements PreInvocationAttribute {
--- a/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AbstractSecurityInterceptor.java
@ -104,7 +104,17 @@ import org.springframework.util.CollectionUtils;
 *
 * @author Ben Alex
 * @author Rob Winch
 * @deprecated Use
 * {@link org.springframework.security.web.access.intercept.AuthorizationFilter} instead
 * for filter security,
 * {@link org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor}
 * for messaging security, or
 * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
 * and
 * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
 * for method security.
 */
@Deprecated
 public abstract class AbstractSecurityInterceptor
 		implements InitializingBean, ApplicationEventPublisherAware, MessageSourceAware {
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationManager.java
@ -20,6 +20,7 @@ import java.util.Collection;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.core.Authentication;
 /**
@ -41,7 +42,11 @@ import org.springframework.security.core.Authentication;
 * </p>
 *
 * @author Ben Alex
 * @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
 * @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
 * @deprecated Use delegation with {@link AuthorizationManager}
 */
@Deprecated
 public interface AfterInvocationManager {
 	/**
--- a/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/AfterInvocationProviderManager.java
@ -28,6 +28,7 @@ import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AfterInvocationProvider;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.core.Authentication;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
@ -47,7 +48,11 @@ import org.springframework.util.CollectionUtils;
 * given provider is configured to respond to).
 *
 * @author Ben Alex
 * @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
 * @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
 * @deprecated Use delegation with {@link AuthorizationManager}
 */
@Deprecated
 public class AfterInvocationProviderManager implements AfterInvocationManager, InitializingBean {
 	protected static final Log logger = LogFactory.getLog(AfterInvocationProviderManager.class);
--- a/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/InterceptorStatusToken.java
@ -19,6 +19,7 @@ package org.springframework.security.access.intercept;
 import java.util.Collection;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.core.context.SecurityContext;
 /**
@ -29,7 +30,11 @@ import org.springframework.security.core.context.SecurityContext;
 * can tidy up correctly.
 *
 * @author Ben Alex
 * @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
 * @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
 * @deprecated Use delegation with {@link AuthorizationManager}
 */
@Deprecated
 public class InterceptorStatusToken {
 	private SecurityContext securityContext;
--- a/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/MethodInvocationPrivilegeEvaluator.java
@ -43,7 +43,10 @@ import org.springframework.util.Assert;
 * </p>
 *
 * @author Ben Alex
 * @deprecated Use {@link org.springframework.security.authorization.AuthorizationManager}
 * instead
 */
@Deprecated
 public class MethodInvocationPrivilegeEvaluator implements InitializingBean {
 	protected static final Log logger = LogFactory.getLog(MethodInvocationPrivilegeEvaluator.class);
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsImplAuthenticationProvider.java
@ -39,7 +39,12 @@ import org.springframework.util.Assert;
 * <P>
 * If the key does not match, a <code>BadCredentialsException</code> is thrown.
 * </p>
 *
 * @deprecated Authentication is now separated from authorization in Spring Security. This
 * class is only used by now-deprecated components. There is not yet an equivalent
 * replacement in Spring Security.
 */
@Deprecated
 public class RunAsImplAuthenticationProvider implements InitializingBean, AuthenticationProvider, MessageSourceAware {
 	protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManager.java
@ -57,7 +57,11 @@ import org.springframework.security.core.Authentication;
 * </p>
 *
 * @author Ben Alex
 * @deprecated Authentication is now separated from authorization in Spring Security. This
 * class is only used by now-deprecated components. There is not yet an equivalent
 * replacement in Spring Security.
 */
@Deprecated
 public interface RunAsManager {
 	/**
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsManagerImpl.java
@ -52,7 +52,11 @@ import org.springframework.util.Assert;
 *
 * @author Ben Alex
 * @author colin sampaleanu
 * @deprecated Authentication is now separated from authorization in Spring Security. This
 * class is only used by now-deprecated components. There is not yet an equivalent
 * replacement in Spring Security.
 */
@Deprecated
 public class RunAsManagerImpl implements RunAsManager, InitializingBean {
 	private String key;
--- a/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
@ -28,7 +28,11 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
 * that supports {@link RunAsManagerImpl}.
 *
 * @author Ben Alex
 * @deprecated Authentication is now separated from authorization in Spring Security. This
 * class is only used by now-deprecated components. There is not yet an equivalent
 * replacement in Spring Security.
 */
@Deprecated
 public class RunAsUserToken extends AbstractAuthenticationToken {
 	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityInterceptor.java
@ -36,7 +36,13 @@ import org.springframework.security.access.method.MethodSecurityMetadataSource;
 *
 * @author Ben Alex
 * @author Rob Winch
 * @deprecated Please use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
 * and
 * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
 * instead
 */
@Deprecated
 public class MethodSecurityInterceptor extends AbstractSecurityInterceptor implements MethodInterceptor {
 	private MethodSecurityMetadataSource securityMetadataSource;
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
@ -51,7 +51,9 @@ import org.springframework.util.CollectionUtils;
 *
 * @author Ben Alex
 * @author Luke Taylor
 * @deprecated Use {@link EnableMethodSecurity} or publish interceptors directly
 */
@Deprecated
 public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware {
 	private transient MethodSecurityMetadataSource attributeSource;
--- a/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractFallbackMethodSecurityMetadataSource.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -22,6 +22,7 @@ import java.util.Collections;
 import org.springframework.aop.support.AopUtils;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 /**
 * Abstract implementation of {@link MethodSecurityMetadataSource} that supports both
@ -43,7 +44,11 @@ import org.springframework.security.access.ConfigAttribute;
 * @author Ben Alex
 * @author Luke taylor
 * @since 2.0
 * @deprecated Use the {@code use-authorization-manager} attribute for
 * {@code <method-security>} and {@code <intercept-methods>} instead or use
 * annotation-based or {@link AuthorizationManager}-based authorization
 */
@Deprecated
 public abstract class AbstractFallbackMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 	@Override
--- a/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/AbstractMethodSecurityMetadataSource.java
@ -24,6 +24,7 @@ import org.apache.commons.logging.LogFactory;
 import org.springframework.aop.framework.AopProxyUtils;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 /**
 * Abstract implementation of <tt>MethodSecurityMetadataSource</tt> which resolves the
@ -31,7 +32,11 @@ import org.springframework.security.access.ConfigAttribute;
 *
 * @author Ben Alex
 * @author Luke Taylor
 * @deprecated Use the {@code use-authorization-manager} attribute for
 * {@code <method-security>} and {@code <intercept-methods>} instead or use
 * annotation-based or {@link AuthorizationManager}-based authorization
 */
@Deprecated
 public abstract class AbstractMethodSecurityMetadataSource implements MethodSecurityMetadataSource {
 	protected final Log logger = LogFactory.getLog(getClass());
--- a/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/DelegatingMethodSecurityMetadataSource.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -27,6 +27,7 @@ import java.util.Set;
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.util.Assert;
 import org.springframework.util.ObjectUtils;
@ -37,7 +38,11 @@ import org.springframework.util.ObjectUtils;
 *
 * @author Ben Alex
 * @author Luke Taylor
 * @deprecated Use the {@code use-authorization-manager} attribute for
 * {@code <method-security>} and {@code <intercept-methods>} instead or use
 * annotation-based or {@link AuthorizationManager}-based authorization
 */
@Deprecated
 public final class DelegatingMethodSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 	private static final List<ConfigAttribute> NULL_CONFIG_ATTRIBUTE = Collections.emptyList();
--- a/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/MapBasedMethodSecurityMetadataSource.java
@ -28,6 +28,7 @@ import java.util.Set;
 import org.springframework.beans.factory.BeanClassLoaderAware;
 import org.springframework.core.log.LogMessage;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
@ -42,7 +43,11 @@ import org.springframework.util.ClassUtils;
 *
 * @author Ben Alex
 * @since 2.0
 * @deprecated Use the {@code use-authorization-manager} attribute for
 * {@code <method-security>} and {@code <intercept-methods>} instead or use
 * annotation-based or {@link AuthorizationManager}-based authorization
 */
@Deprecated
 public class MapBasedMethodSecurityMetadataSource extends AbstractFallbackMethodSecurityMetadataSource
 		implements BeanClassLoaderAware {
--- a/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/method/MethodSecurityMetadataSource.java
@ -21,12 +21,18 @@ import java.util.Collection;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityMetadataSource;
 import org.springframework.security.authorization.AuthorizationManager;
 /**
 * Interface for <code>SecurityMetadataSource</code> implementations that are designed to
 * perform lookups keyed on <code>Method</code>s.
 *
 * @author Ben Alex
 * @see org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager
 * @see org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager
 * @deprecated Use the {@code use-authorization-manager} attribute for
 * {@code <method-security>} and {@code <intercept-methods>} instead or use
 * annotation-based or {@link AuthorizationManager}-based authorization
 */
 public interface MethodSecurityMetadataSource extends SecurityMetadataSource {
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAdviceProvider.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -36,7 +36,11 @@ import org.springframework.security.core.Authentication;
 * @author Luke Taylor
 * @author Alexander Furer
 * @since 3.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
 * instead
 */
@Deprecated
 public class PostInvocationAdviceProvider implements AfterInvocationProvider {
 	protected final Log logger = LogFactory.getLog(getClass());
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAttribute.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -26,7 +26,11 @@ import org.springframework.security.access.ConfigAttribute;
 *
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
 * instead
 */
@Deprecated
 public interface PostInvocationAttribute extends ConfigAttribute {
 }
--- a/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PostInvocationAuthorizationAdvice.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -27,7 +27,11 @@ import org.springframework.security.core.Authentication;
 *
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor}
 * instead
 */
@Deprecated
 public interface PostInvocationAuthorizationAdvice extends AopInfrastructureBean {
 	Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute pia, Object returnedObject)
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAttribute.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -26,7 +26,11 @@ import org.springframework.security.access.ConfigAttribute;
 *
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
 * instead
 */
@Deprecated
 public interface PreInvocationAttribute extends ConfigAttribute {
 }
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdvice.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -26,7 +26,11 @@ import org.springframework.security.core.Authentication;
 *
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
 * instead
 */
@Deprecated
 public interface PreInvocationAuthorizationAdvice extends AopInfrastructureBean {
 	/**
--- a/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PreInvocationAuthorizationAdviceVoter.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -38,7 +38,11 @@ import org.springframework.security.core.Authentication;
 *
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor}
 * instead
 */
@Deprecated
 public class PreInvocationAuthorizationAdviceVoter implements AccessDecisionVoter<MethodInvocation> {
 	protected final Log logger = LogFactory.getLog(getClass());
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostAnnotationSecurityMetadataSource.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -48,7 +48,13 @@ import org.springframework.util.ClassUtils;
 * @author Luke Taylor
 * @since 3.0
 * @see PreInvocationAuthorizationAdviceVoter
 * @deprecated Use
 * {@link org.springframework.security.authorization.method.PreAuthorizeAuthorizationManager}
 * and
 * {@link org.springframework.security.authorization.method.PostAuthorizeAuthorizationManager}
 * instead
 */
@Deprecated
 public class PrePostAnnotationSecurityMetadataSource extends AbstractMethodSecurityMetadataSource {
 	private final PrePostInvocationAttributeFactory attributeFactory;
--- a/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
+++ b/core/src/main/java/org/springframework/security/access/prepost/PrePostInvocationAttributeFactory.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -17,10 +17,14 @@
 package org.springframework.security.access.prepost;
 import org.springframework.aop.framework.AopInfrastructureBean;
 import org.springframework.security.authorization.AuthorizationManager;
 /**
 * @author Luke Taylor
 * @since 3.0
 * @see org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor
 * @see org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor
 * @deprecated Use delegation with {@link AuthorizationManager}
 */
 public interface PrePostInvocationAttributeFactory extends AopInfrastructureBean {
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAccessDecisionManager.java
@ -29,6 +29,7 @@ import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.util.Assert;
@ -39,7 +40,10 @@ import org.springframework.util.Assert;
 * Handles configuration of a bean context defined list of {@link AccessDecisionVoter}s
 * and the access control behaviour if all voters abstain from voting (defaults to deny
 * access).
 *
 * @deprecated Use {@link AuthorizationManager} instead
 */
@Deprecated
 public abstract class AbstractAccessDecisionManager
 		implements AccessDecisionManager, InitializingBean, MessageSourceAware {
--- a/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AbstractAclVoter.java
@ -27,7 +27,10 @@ import org.springframework.util.Assert;
 * particular ACL system.
 *
 * @author Ben Alex
 * @deprecated Now used by only-deprecated classes. Generally speaking, in-memory ACL is
 * no longer advised, so no replacement is planned at this point.
 */
@Deprecated
 public abstract class AbstractAclVoter implements AccessDecisionVoter<MethodInvocation> {
 	private Class<?> processDomainObjectClass;
--- a/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AffirmativeBased.java
@ -22,13 +22,17 @@ import java.util.List;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.core.Authentication;
 /**
 * Simple concrete implementation of
 * {@link org.springframework.security.access.AccessDecisionManager} that grants access if
 * any <code>AccessDecisionVoter</code> returns an affirmative response.
 *
 * @deprecated Use {@link AuthorizationManager} instead
 */
@Deprecated
 public class AffirmativeBased extends AbstractAccessDecisionManager {
 	public AffirmativeBased(List<AccessDecisionVoter<?>> decisionVoters) {
--- a/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/AuthenticatedVoter.java
@ -45,7 +45,11 @@ import org.springframework.util.Assert;
 * All comparisons and prefixes are case sensitive.
 *
 * @author Ben Alex
 * @deprecated Use
 * {@link org.springframework.security.authorization.AuthorityAuthorizationManager}
 * instead
 */
@Deprecated
 public class AuthenticatedVoter implements AccessDecisionVoter<Object> {
 	public static final String IS_AUTHENTICATED_FULLY = "IS_AUTHENTICATED_FULLY";
--- a/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/ConsensusBased.java
@ -22,6 +22,7 @@ import java.util.List;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.core.Authentication;
 /**
@ -32,7 +33,10 @@ import org.springframework.security.core.Authentication;
 * "Consensus" here means majority-rule (ignoring abstains) rather than unanimous
 * agreement (ignoring abstains). If you require unanimity, please see
 * {@link UnanimousBased}.
 *
 * @deprecated Use {@link AuthorizationManager} instead
 */
@Deprecated
 public class ConsensusBased extends AbstractAccessDecisionManager {
 	private boolean allowIfEqualGrantedDeniedDecisions = true;
--- a/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleHierarchyVoter.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -29,7 +29,11 @@ import org.springframework.util.Assert;
 *
 * @author Luke Taylor
 * @since 2.0.4
 * @deprecated Use
 * {@link org.springframework.security.authorization.AuthorityAuthorizationManager#setRoleHierarchy}
 * instead
 */
@Deprecated
 public class RoleHierarchyVoter extends RoleVoter {
 	private RoleHierarchy roleHierarchy = null;
--- a/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
+++ b/core/src/main/java/org/springframework/security/access/vote/RoleVoter.java
@ -48,7 +48,11 @@ import org.springframework.security.core.GrantedAuthority;
 *
 * @author Ben Alex
 * @author colin sampaleanu
 * @deprecated Use
 * {@link org.springframework.security.authorization.AuthorityAuthorizationManager}
 * instead
 */
@Deprecated
 public class RoleVoter implements AccessDecisionVoter<Object> {
 	private String rolePrefix = "ROLE_";
--- a/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
+++ b/core/src/main/java/org/springframework/security/access/vote/UnanimousBased.java
@ -23,13 +23,17 @@ import java.util.List;
 import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.core.Authentication;
 /**
 * Simple concrete implementation of
 * {@link org.springframework.security.access.AccessDecisionManager} that requires all
 * voters to abstain or grant access.
 *
 * @deprecated Use {@link AuthorizationManager} instead
 */
@Deprecated
 public class UnanimousBased extends AbstractAccessDecisionManager {
 	public UnanimousBased(List<AccessDecisionVoter<?>> decisionVoters) {
--- a/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
+++ b/web/src/main/java/org/springframework/security/web/access/DefaultWebInvocationPrivilegeEvaluator.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -38,7 +38,9 @@ import org.springframework.web.context.ServletContextAware;
 * @author Ben Alex
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use {@link AuthorizationManagerWebInvocationPrivilegeEvaluator} instead
 */
@Deprecated
 public class DefaultWebInvocationPrivilegeEvaluator implements WebInvocationPrivilegeEvaluator, ServletContextAware {
 	protected static final Log logger = LogFactory.getLog(DefaultWebInvocationPrivilegeEvaluator.class);
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionVoter.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -35,7 +35,9 @@ import org.springframework.util.Assert;
 *
 * @author Luke Taylor
 * @since 3.0
 * @deprecated Use {@link WebExpressionAuthorizationManager} instead
 */
@Deprecated
 public class WebExpressionVoter implements AccessDecisionVoter<FilterInvocation> {
 	private final Log logger = LogFactory.getLog(getClass());
--- a/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/FilterSecurityInterceptor.java
@ -41,7 +41,9 @@ import org.springframework.security.web.FilterInvocation;
 *
 * @author Ben Alex
 * @author Rob Winch
 * @deprecated Use {@link AuthorizationFilter} instead
 */
@Deprecated
 public class FilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
 	private static final String FILTER_APPLIED = "__spring_security_filterSecurityInterceptor_filterApplied";