From 537e10cf9c7feaf8c00d5523052823f3c469410d Mon Sep 17 00:00:00 2001
From: Marcus Da Coregio
Date: Fri, 2 Jun 2023 15:05:17 -0300
Subject: [PATCH] Improve javadoc adding how to stick with defaults and link to
documentation
Closes gh-13273
---
.../annotation/web/builders/HttpSecurity.java | 132 ++++++++++--
.../web/configurers/HeadersConfigurer.java | 73 +++++--
.../oauth2/client/OAuth2LoginConfigurer.java | 18 +-
.../OAuth2ResourceServerConfigurer.java | 16 +-
.../saml2/Saml2LogoutConfigurer.java | 24 ++-
.../config/web/server/ServerHttpSecurity.java | 198 +++++++++++++++---
6 files changed, 382 insertions(+), 79 deletions(-)
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index e93ed268d4..a72f90c6af 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -285,7 +285,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link HeadersConfigurer} for further customizations
* @throws Exception
- * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} or
+ * {@code headers(Customizer.withDefaults())} to stick with defaults. See the documentation
+ * for more details.
* @see HeadersConfigurer
*/
@Deprecated(since = "6.1", forRemoval = true)
@@ -401,7 +404,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public CorsConfigurer cors() throws Exception {
@@ -490,7 +496,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public SessionManagementConfigurer sessionManagement() throws Exception {
@@ -614,7 +624,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link PortMapperConfigurer} for further customizations
* @throws Exception
- * @deprecated For removal in 7.0. Use {@link #portMapper(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #portMapper(Customizer)} or
+ * {@code portMapper(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
* @see #requiresChannel()
*/
@Deprecated(since = "6.1", forRemoval = true)
@@ -747,7 +761,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public JeeConfigurer jee() throws Exception {
@@ -860,7 +877,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link X509Configurer} for further customizations
* @throws Exception
- * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} or
+ * {@code x509(Customizer.withDefaults())} to stick with defaults. See the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public X509Configurer x509() throws Exception {
@@ -940,7 +960,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link RememberMeConfigurer} for further customizations
* @throws Exception
- * @deprecated For removal in 7.0. Use {@link #rememberMe(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #rememberMe(Customizer)} or
+ * {@code rememberMe(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public RememberMeConfigurer rememberMe() throws Exception {
@@ -1451,7 +1475,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public RequestCacheConfigurer requestCache() throws Exception {
@@ -1504,7 +1532,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ExceptionHandlingConfigurer exceptionHandling() throws Exception {
@@ -1558,7 +1590,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public SecurityContextConfigurer securityContext() throws Exception {
@@ -1605,7 +1641,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServletApiConfigurer servletApi() throws Exception {
@@ -1663,7 +1703,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link CsrfConfigurer} for further customizations
* @throws Exception
- * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} or
+ * {@code csrf(Customizer.withDefaults())} to stick with defaults. See the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public CsrfConfigurer csrf() throws Exception {
@@ -1740,7 +1783,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link LogoutConfigurer} for further customizations
* @throws Exception
- * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} or
+ * {@code logout(Customizer.withDefaults())} to stick with defaults. See the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public LogoutConfigurer logout() throws Exception {
@@ -1881,7 +1927,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link AnonymousConfigurer} for further customizations
* @throws Exception
- * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} or
+ * {@code anonymous(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public AnonymousConfigurer anonymous() throws Exception {
@@ -2046,7 +2096,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link FormLoginConfigurer} for further customizations
* @throws Exception
- * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} or
+ * {@code formLogin(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
* @see FormLoginConfigurer#loginPage(String)
*/
@Deprecated(since = "6.1", forRemoval = true)
@@ -2224,7 +2278,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public Saml2LoginConfigurer saml2Login() throws Exception {
@@ -2456,7 +2514,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public Saml2LogoutConfigurer saml2Logout() throws Exception {
@@ -2554,7 +2616,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public Saml2MetadataConfigurer saml2Metadata() throws Exception {
@@ -2647,7 +2713,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
* @see Section 4.1 Authorization Code
* Grant
@@ -2770,7 +2840,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation
+ * for more details.
* @see OAuth 2.0 Authorization
* Framework
@@ -2930,7 +3004,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link ChannelSecurityConfigurer} for further customizations
* @throws Exception
- * @deprecated For removal in 7.0. Use {@link #requiresChannel(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #requiresChannel(Customizer)} or
+ * {@code requiresChannel(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ChannelSecurityConfigurer.ChannelRequestMatcherRegistry requiresChannel() throws Exception {
@@ -3027,7 +3105,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link HttpBasicConfigurer} for further customizations
* @throws Exception
- * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} or
+ * {@code httpBasic(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public HttpBasicConfigurer httpBasic() throws Exception {
@@ -3358,7 +3440,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder
* @return the {@link RequestMatcherConfigurer} for further customizations
- * @deprecated For removal in 7.0. Use {@link #securityMatchers(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #securityMatchers(Customizer)} or
+ * {@code securityMatchers(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public RequestMatcherConfigurer securityMatchers() {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index 87e9752a1c..b506427d25 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -24,6 +24,7 @@ import java.util.Map;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -135,7 +136,11 @@ public class HeadersConfigurer>
* X-Content-Type-Options: nosniff
*
* @return the {@link ContentTypeOptionsConfig} for additional customizations
- * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)} or
+ * {@code contentTypeOptions(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ContentTypeOptionsConfig contentTypeOptions() {
@@ -168,7 +173,11 @@ public class HeadersConfigurer>
* >X-XSS-Protection header
*
* @return the {@link XXssConfig} for additional customizations
- * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} or
+ * {@code xssProtection(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public XXssConfig xssProtection() {
@@ -201,7 +210,11 @@ public class HeadersConfigurer>
* Expires: 0
*
* @return the {@link CacheControlConfig} for additional customizations
- * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} or
+ * {@code cacheControl(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public CacheControlConfig cacheControl() {
@@ -254,7 +267,11 @@ public class HeadersConfigurer>
/**
* Allows customizing the {@link XFrameOptionsHeaderWriter}.
* @return the {@link FrameOptionsConfig} for additional customizations
- * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} or
+ * {@code frameOptions(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public FrameOptionsConfig frameOptions() {
@@ -460,7 +477,11 @@ public class HeadersConfigurer>
*
* @return the {@link ReferrerPolicyConfig} for additional configuration
* @since 4.2
- * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} or
+ * {@code referrerPolicy(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
* @see ReferrerPolicyHeaderWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
@@ -485,7 +506,11 @@ public class HeadersConfigurer>
* @return the {@link ReferrerPolicyConfig} for additional configuration
* @throws IllegalArgumentException if policy is null or empty
* @since 4.2
- * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} or
+ * {@code referrerPolicy(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
* @see ReferrerPolicyHeaderWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
@@ -530,7 +555,11 @@ public class HeadersConfigurer>
* @return the {@link FeaturePolicyConfig} for additional configuration
* @throws IllegalArgumentException if policyDirectives is {@code null} or empty
* @since 5.1
- * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} instead.
+ * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} or
+ * {@code permissionsPolicy(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
* @see ObjectPostProcessorConfiguration FeaturePolicyHeaderWriter
*/
@Deprecated
@@ -555,7 +584,11 @@ public class HeadersConfigurer>
*
* @return the {@link PermissionsPolicyConfig} for additional configuration
* @since 5.5
- * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} or
+ * {@code permissionsPolicy(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
* @see PermissionsPolicyHeaderWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
@@ -813,7 +846,11 @@ public class HeadersConfigurer>
* Allows completing configuration of X-XSS-Protection and continuing
* configuration of headers.
* @return the {@link HeadersConfigurer} for additional configuration
- * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} or
+ * {@code xssProtection(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer and() {
@@ -854,7 +891,11 @@ public class HeadersConfigurer>
* Allows completing configuration of Cache Control and continuing configuration
* of headers.
* @return the {@link HeadersConfigurer} for additional configuration
- * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} or
+ * {@code cacheControl(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer and() {
@@ -1026,7 +1067,11 @@ public class HeadersConfigurer>
/**
* Allows continuing customizing the headers configuration.
* @return the {@link HeadersConfigurer} for additional configuration
- * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} or
+ * {@code frameOptions(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer and() {
@@ -1280,7 +1325,11 @@ public class HeadersConfigurer>
}
/**
- * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} or
+ * {@code referrerPolicy(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer and() {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index 4d02a170ac..b7a2ccc61f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -230,7 +230,11 @@ public final class OAuth2LoginConfigurer>
* Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's
* Token Endpoint.
* @return the {@link TokenEndpointConfig}
- * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} or
+ * {@code tokenEndpoint(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public TokenEndpointConfig tokenEndpoint() {
@@ -277,7 +281,11 @@ public final class OAuth2LoginConfigurer>
* Returns the {@link UserInfoEndpointConfig} for configuring the Authorization
* Server's UserInfo Endpoint.
* @return the {@link UserInfoEndpointConfig}
- * @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)} or
+ * {@code userInfoEndpoint(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public UserInfoEndpointConfig userInfoEndpoint() {
@@ -637,7 +645,11 @@ public final class OAuth2LoginConfigurer>
/**
* Returns the {@link OAuth2LoginConfigurer} for further configuration.
* @return the {@link OAuth2LoginConfigurer}
- * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} or
+ * {@code tokenEndpoint(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2LoginConfigurer and() {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index fead2bc24c..2b77479954 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -199,7 +199,10 @@ public final class OAuth2ResourceServerConfigurerdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public JwtConfigurer jwt() {
@@ -224,7 +227,11 @@ public final class OAuth2ResourceServerConfigurerdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public OpaqueTokenConfigurer opaqueToken() {
@@ -403,7 +410,10 @@ public final class OAuth2ResourceServerConfigurerdocumentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ResourceServerConfigurer and() {
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
index 5430afc217..f39ab2c0fc 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
@@ -168,7 +168,11 @@ public final class Saml2LogoutConfigurer>
/**
* Get configurer for SAML 2.0 Logout Request components
* @return the {@link LogoutRequestConfigurer} for further customizations
- * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} or
+ * {@code logoutRequest(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public LogoutRequestConfigurer logoutRequest() {
@@ -190,7 +194,11 @@ public final class Saml2LogoutConfigurer>
/**
* Get configurer for SAML 2.0 Logout Response components
* @return the {@link LogoutResponseConfigurer} for further customizations
- * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} or
+ * {@code logoutResponse(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public LogoutResponseConfigurer logoutResponse() {
@@ -376,7 +384,11 @@ public final class Saml2LogoutConfigurer>
}
/**
- * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} or
+ * {@code logoutRequest(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public Saml2LogoutConfigurer and() {
@@ -448,7 +460,11 @@ public final class Saml2LogoutConfigurer>
}
/**
- * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} or
+ * {@code logoutResponse(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public Saml2LogoutConfigurer and() {
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index 92e456ec94..2117965516 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -421,7 +421,11 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link HttpsRedirectSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #redirectToHttps(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #redirectToHttps(Customizer)} or
+ * {@code redirectToHttps(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public HttpsRedirectSpec redirectToHttps() {
@@ -504,7 +508,10 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link CsrfSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} or
+ * {@code csrf(Customizer.withDefaults())} to stick with defaults. See the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public CsrfSpec csrf() {
@@ -570,7 +577,10 @@ public class ServerHttpSecurity {
* used instead. If neither has been configured, the Cors configuration will do
* nothing.
* @return the {@link CorsSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} or
+ * {@code cors(Customizer.withDefaults())} to stick with defaults. See the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public CorsSpec cors() {
@@ -614,7 +624,11 @@ public class ServerHttpSecurity {
*
* @return the {@link AnonymousSpec} to customize
* @since 5.2.0
- * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} or
+ * {@code anonymous(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public AnonymousSpec anonymous() {
@@ -670,7 +684,11 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link HttpBasicSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} or
+ * {@code httpBasic(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public HttpBasicSpec httpBasic() {
@@ -724,7 +742,11 @@ public class ServerHttpSecurity {
*
* @return the {@link PasswordManagementSpec} to customize
* @since 5.6
- * @deprecated For removal in 7.0. Use {@link #passwordManagement(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #passwordManagement(Customizer)} or
+ * {@code passwordManagement(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public PasswordManagementSpec passwordManagement() {
@@ -783,7 +805,11 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link FormLoginSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} or
+ * {@code formLogin(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public FormLoginSpec formLogin() {
@@ -846,7 +872,10 @@ public class ServerHttpSecurity {
* {@link ReactivePreAuthenticatedAuthenticationManager} will be used.
* @return the {@link X509Spec} to customize
* @since 5.2
- * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} or
+ * {@code x509(Customizer.withDefaults())} to stick with defaults. See the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public X509Spec x509() {
@@ -905,7 +934,11 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link OAuth2LoginSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} or
+ * {@code oauth2Login(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2LoginSpec oauth2Login() {
@@ -959,7 +992,11 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link OAuth2ClientSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} or
+ * {@code oauth2Client(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ClientSpec oauth2Client() {
@@ -1087,7 +1124,10 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link HeaderSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} or
+ * {@code headers(Customizer.withDefaults())} to stick with defaults. See the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec headers() {
@@ -1163,7 +1203,11 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link ExceptionHandlingSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)} or
+ * {@code exceptionHandling(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ExceptionHandlingSpec exceptionHandling() {
@@ -1231,7 +1275,11 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link AuthorizeExchangeSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #authorizeExchange(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #authorizeExchange(Customizer)} or
+ * {@code authorizeExchange(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public AuthorizeExchangeSpec authorizeExchange() {
@@ -1302,7 +1350,10 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link LogoutSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} or
+ * {@code logout(Customizer.withDefaults())} to stick with defaults. See the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public LogoutSpec logout() {
@@ -1361,7 +1412,11 @@ public class ServerHttpSecurity {
* }
*
* @return the {@link RequestCacheSpec} to customize
- * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} or
+ * {@code requestCache(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public RequestCacheSpec requestCache() {
@@ -1917,7 +1972,11 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} or
+ * {@code csrf(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
@@ -2030,7 +2089,11 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} or
+ * {@code requestCache(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
@@ -2128,7 +2191,11 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} or
+ * {@code httpBasic(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
@@ -2364,7 +2431,11 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} or
+ * {@code formLogin(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
@@ -2490,7 +2561,11 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} or
+ * {@code headers(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
@@ -2509,7 +2584,11 @@ public class ServerHttpSecurity {
/**
* Configures cache control headers
* @return the {@link CacheSpec} to configure
- * @deprecated For removal in 7.0. Use {@link #cache(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #cache(Customizer)} or
+ * {@code cache(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public CacheSpec cache() {
@@ -2552,7 +2631,11 @@ public class ServerHttpSecurity {
/**
* Configures frame options response headers
* @return the {@link FrameOptionsSpec} to configure
- * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} or
+ * {@code frameOptions(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public FrameOptionsSpec frameOptions() {
@@ -2586,7 +2669,11 @@ public class ServerHttpSecurity {
/**
* Configures the Strict Transport Security response headers
* @return the {@link HstsSpec} to configure
- * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} or
+ * {@code hsts(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public HstsSpec hsts() {
@@ -2613,7 +2700,11 @@ public class ServerHttpSecurity {
/**
* Configures x-xss-protection response header.
* @return the {@link XssProtectionSpec} to configure
- * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} or
+ * {@code xssProtection(Customizer.withDefaults())} to stick with defaults. See
+ * the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public XssProtectionSpec xssProtection() {
@@ -2947,7 +3038,11 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}
* @return the {@link HeaderSpec} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} or
+ * {@code hsts(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec and() {
@@ -3324,7 +3419,11 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} or
+ * {@code logout(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
@@ -3437,7 +3536,11 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} or
+ * {@code cors(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
@@ -3496,7 +3599,11 @@ public class ServerHttpSecurity {
}
/**
- * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} or
+ * {@code x509(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
@@ -3751,7 +3858,11 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} or
+ * {@code oauth2Login(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
@@ -4088,7 +4199,11 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} or
+ * {@code oauth2Client(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
@@ -4238,7 +4353,10 @@ public class ServerHttpSecurity {
/**
* Enables JWT Resource Server support.
* @return the {@link JwtSpec} for additional configuration
- * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} or
+ * {@code jwt(Customizer.withDefaults())} to stick with defaults. See the documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public JwtSpec jwt() {
@@ -4265,7 +4383,11 @@ public class ServerHttpSecurity {
/**
* Enables Opaque Token Resource Server support.
* @return the {@link OpaqueTokenSpec} for additional configuration
- * @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} or
+ * {@code opaqueToken(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public OpaqueTokenSpec opaqueToken() {
@@ -4438,7 +4560,11 @@ public class ServerHttpSecurity {
}
/**
- * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} or
+ * {@code jwt(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ResourceServerSpec and() {
@@ -4680,7 +4806,11 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
- * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead
+ * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} or
+ * {@code anonymous(Customizer.withDefaults())} to stick with defaults. See the
+ * documentation
+ * for more details.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {