From 537e10cf9c7feaf8c00d5523052823f3c469410d Mon Sep 17 00:00:00 2001 From: Marcus Da Coregio Date: Fri, 2 Jun 2023 15:05:17 -0300 Subject: [PATCH] Improve javadoc adding how to stick with defaults and link to documentation Closes gh-13273 --- .../annotation/web/builders/HttpSecurity.java | 132 ++++++++++-- .../web/configurers/HeadersConfigurer.java | 73 +++++-- .../oauth2/client/OAuth2LoginConfigurer.java | 18 +- .../OAuth2ResourceServerConfigurer.java | 16 +- .../saml2/Saml2LogoutConfigurer.java | 24 ++- .../config/web/server/ServerHttpSecurity.java | 198 +++++++++++++++--- 6 files changed, 382 insertions(+), 79 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index e93ed268d4..a72f90c6af 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -285,7 +285,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link HeadersConfigurer} for further customizations * @throws Exception - * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} or + * {@code headers(Customizer.withDefaults())} to stick with defaults. See the documentation + * for more details. * @see HeadersConfigurer */ @Deprecated(since = "6.1", forRemoval = true) @@ -401,7 +404,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public CorsConfigurer cors() throws Exception { @@ -490,7 +496,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public SessionManagementConfigurer sessionManagement() throws Exception { @@ -614,7 +624,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link PortMapperConfigurer} for further customizations * @throws Exception - * @deprecated For removal in 7.0. Use {@link #portMapper(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #portMapper(Customizer)} or + * {@code portMapper(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. * @see #requiresChannel() */ @Deprecated(since = "6.1", forRemoval = true) @@ -747,7 +761,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public JeeConfigurer jee() throws Exception { @@ -860,7 +877,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link X509Configurer} for further customizations * @throws Exception - * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} or + * {@code x509(Customizer.withDefaults())} to stick with defaults. See the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public X509Configurer x509() throws Exception { @@ -940,7 +960,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link RememberMeConfigurer} for further customizations * @throws Exception - * @deprecated For removal in 7.0. Use {@link #rememberMe(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #rememberMe(Customizer)} or + * {@code rememberMe(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public RememberMeConfigurer rememberMe() throws Exception { @@ -1451,7 +1475,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public RequestCacheConfigurer requestCache() throws Exception { @@ -1504,7 +1532,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ExceptionHandlingConfigurer exceptionHandling() throws Exception { @@ -1558,7 +1590,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public SecurityContextConfigurer securityContext() throws Exception { @@ -1605,7 +1641,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServletApiConfigurer servletApi() throws Exception { @@ -1663,7 +1703,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link CsrfConfigurer} for further customizations * @throws Exception - * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} or + * {@code csrf(Customizer.withDefaults())} to stick with defaults. See the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public CsrfConfigurer csrf() throws Exception { @@ -1740,7 +1783,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link LogoutConfigurer} for further customizations * @throws Exception - * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} or + * {@code logout(Customizer.withDefaults())} to stick with defaults. See the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public LogoutConfigurer logout() throws Exception { @@ -1881,7 +1927,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link AnonymousConfigurer} for further customizations * @throws Exception - * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} or + * {@code anonymous(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public AnonymousConfigurer anonymous() throws Exception { @@ -2046,7 +2096,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link FormLoginConfigurer} for further customizations * @throws Exception - * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} or + * {@code formLogin(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. * @see FormLoginConfigurer#loginPage(String) */ @Deprecated(since = "6.1", forRemoval = true) @@ -2224,7 +2278,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public Saml2LoginConfigurer saml2Login() throws Exception { @@ -2456,7 +2514,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public Saml2LogoutConfigurer saml2Logout() throws Exception { @@ -2554,7 +2616,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public Saml2MetadataConfigurer saml2Metadata() throws Exception { @@ -2647,7 +2713,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. * @see Section 4.1 Authorization Code * Grant @@ -2770,7 +2840,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderdocumentation + * for more details. * @see OAuth 2.0 Authorization * Framework @@ -2930,7 +3004,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link ChannelSecurityConfigurer} for further customizations * @throws Exception - * @deprecated For removal in 7.0. Use {@link #requiresChannel(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #requiresChannel(Customizer)} or + * {@code requiresChannel(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ChannelSecurityConfigurer.ChannelRequestMatcherRegistry requiresChannel() throws Exception { @@ -3027,7 +3105,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link HttpBasicConfigurer} for further customizations * @throws Exception - * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} or + * {@code httpBasic(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public HttpBasicConfigurer httpBasic() throws Exception { @@ -3358,7 +3440,11 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link RequestMatcherConfigurer} for further customizations - * @deprecated For removal in 7.0. Use {@link #securityMatchers(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #securityMatchers(Customizer)} or + * {@code securityMatchers(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public RequestMatcherConfigurer securityMatchers() { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java index 87e9752a1c..b506427d25 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java @@ -24,6 +24,7 @@ import java.util.Map; import jakarta.servlet.http.HttpServletRequest; import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.configuration.ObjectPostProcessorConfiguration; import org.springframework.security.config.annotation.web.HttpSecurityBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -135,7 +136,11 @@ public class HeadersConfigurer> * X-Content-Type-Options: nosniff * * @return the {@link ContentTypeOptionsConfig} for additional customizations - * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)} or + * {@code contentTypeOptions(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ContentTypeOptionsConfig contentTypeOptions() { @@ -168,7 +173,11 @@ public class HeadersConfigurer> * >X-XSS-Protection header *

* @return the {@link XXssConfig} for additional customizations - * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} or + * {@code xssProtection(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public XXssConfig xssProtection() { @@ -201,7 +210,11 @@ public class HeadersConfigurer> *
  • Expires: 0
  • * * @return the {@link CacheControlConfig} for additional customizations - * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} or + * {@code cacheControl(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public CacheControlConfig cacheControl() { @@ -254,7 +267,11 @@ public class HeadersConfigurer> /** * Allows customizing the {@link XFrameOptionsHeaderWriter}. * @return the {@link FrameOptionsConfig} for additional customizations - * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} or + * {@code frameOptions(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public FrameOptionsConfig frameOptions() { @@ -460,7 +477,11 @@ public class HeadersConfigurer> * * @return the {@link ReferrerPolicyConfig} for additional configuration * @since 4.2 - * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} or + * {@code referrerPolicy(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. * @see ReferrerPolicyHeaderWriter */ @Deprecated(since = "6.1", forRemoval = true) @@ -485,7 +506,11 @@ public class HeadersConfigurer> * @return the {@link ReferrerPolicyConfig} for additional configuration * @throws IllegalArgumentException if policy is null or empty * @since 4.2 - * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} or + * {@code referrerPolicy(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. * @see ReferrerPolicyHeaderWriter */ @Deprecated(since = "6.1", forRemoval = true) @@ -530,7 +555,11 @@ public class HeadersConfigurer> * @return the {@link FeaturePolicyConfig} for additional configuration * @throws IllegalArgumentException if policyDirectives is {@code null} or empty * @since 5.1 - * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} instead. + * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} or + * {@code permissionsPolicy(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. * @see ObjectPostProcessorConfiguration FeaturePolicyHeaderWriter */ @Deprecated @@ -555,7 +584,11 @@ public class HeadersConfigurer> * * @return the {@link PermissionsPolicyConfig} for additional configuration * @since 5.5 - * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} or + * {@code permissionsPolicy(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. * @see PermissionsPolicyHeaderWriter */ @Deprecated(since = "6.1", forRemoval = true) @@ -813,7 +846,11 @@ public class HeadersConfigurer> * Allows completing configuration of X-XSS-Protection and continuing * configuration of headers. * @return the {@link HeadersConfigurer} for additional configuration - * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} or + * {@code xssProtection(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { @@ -854,7 +891,11 @@ public class HeadersConfigurer> * Allows completing configuration of Cache Control and continuing configuration * of headers. * @return the {@link HeadersConfigurer} for additional configuration - * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} or + * {@code cacheControl(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { @@ -1026,7 +1067,11 @@ public class HeadersConfigurer> /** * Allows continuing customizing the headers configuration. * @return the {@link HeadersConfigurer} for additional configuration - * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} or + * {@code frameOptions(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { @@ -1280,7 +1325,11 @@ public class HeadersConfigurer> } /** - * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} or + * {@code referrerPolicy(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index 4d02a170ac..b7a2ccc61f 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -230,7 +230,11 @@ public final class OAuth2LoginConfigurer> * Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's * Token Endpoint. * @return the {@link TokenEndpointConfig} - * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} or + * {@code tokenEndpoint(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public TokenEndpointConfig tokenEndpoint() { @@ -277,7 +281,11 @@ public final class OAuth2LoginConfigurer> * Returns the {@link UserInfoEndpointConfig} for configuring the Authorization * Server's UserInfo Endpoint. * @return the {@link UserInfoEndpointConfig} - * @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)} or + * {@code userInfoEndpoint(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public UserInfoEndpointConfig userInfoEndpoint() { @@ -637,7 +645,11 @@ public final class OAuth2LoginConfigurer> /** * Returns the {@link OAuth2LoginConfigurer} for further configuration. * @return the {@link OAuth2LoginConfigurer} - * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} or + * {@code tokenEndpoint(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public OAuth2LoginConfigurer and() { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java index fead2bc24c..2b77479954 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java @@ -199,7 +199,10 @@ public final class OAuth2ResourceServerConfigurerdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public JwtConfigurer jwt() { @@ -224,7 +227,11 @@ public final class OAuth2ResourceServerConfigurerdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public OpaqueTokenConfigurer opaqueToken() { @@ -403,7 +410,10 @@ public final class OAuth2ResourceServerConfigurerdocumentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public OAuth2ResourceServerConfigurer and() { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java index 5430afc217..f39ab2c0fc 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java @@ -168,7 +168,11 @@ public final class Saml2LogoutConfigurer> /** * Get configurer for SAML 2.0 Logout Request components * @return the {@link LogoutRequestConfigurer} for further customizations - * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} or + * {@code logoutRequest(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public LogoutRequestConfigurer logoutRequest() { @@ -190,7 +194,11 @@ public final class Saml2LogoutConfigurer> /** * Get configurer for SAML 2.0 Logout Response components * @return the {@link LogoutResponseConfigurer} for further customizations - * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} or + * {@code logoutResponse(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public LogoutResponseConfigurer logoutResponse() { @@ -376,7 +384,11 @@ public final class Saml2LogoutConfigurer> } /** - * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} or + * {@code logoutRequest(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public Saml2LogoutConfigurer and() { @@ -448,7 +460,11 @@ public final class Saml2LogoutConfigurer> } /** - * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} or + * {@code logoutResponse(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public Saml2LogoutConfigurer and() { diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java index 92e456ec94..2117965516 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java @@ -421,7 +421,11 @@ public class ServerHttpSecurity { * } * * @return the {@link HttpsRedirectSpec} to customize - * @deprecated For removal in 7.0. Use {@link #redirectToHttps(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #redirectToHttps(Customizer)} or + * {@code redirectToHttps(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public HttpsRedirectSpec redirectToHttps() { @@ -504,7 +508,10 @@ public class ServerHttpSecurity { * } * * @return the {@link CsrfSpec} to customize - * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} or + * {@code csrf(Customizer.withDefaults())} to stick with defaults. See the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public CsrfSpec csrf() { @@ -570,7 +577,10 @@ public class ServerHttpSecurity { * used instead. If neither has been configured, the Cors configuration will do * nothing. * @return the {@link CorsSpec} to customize - * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} or + * {@code cors(Customizer.withDefaults())} to stick with defaults. See the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public CorsSpec cors() { @@ -614,7 +624,11 @@ public class ServerHttpSecurity { * * @return the {@link AnonymousSpec} to customize * @since 5.2.0 - * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} or + * {@code anonymous(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public AnonymousSpec anonymous() { @@ -670,7 +684,11 @@ public class ServerHttpSecurity { * } * * @return the {@link HttpBasicSpec} to customize - * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} or + * {@code httpBasic(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public HttpBasicSpec httpBasic() { @@ -724,7 +742,11 @@ public class ServerHttpSecurity { * * @return the {@link PasswordManagementSpec} to customize * @since 5.6 - * @deprecated For removal in 7.0. Use {@link #passwordManagement(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #passwordManagement(Customizer)} or + * {@code passwordManagement(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public PasswordManagementSpec passwordManagement() { @@ -783,7 +805,11 @@ public class ServerHttpSecurity { * } * * @return the {@link FormLoginSpec} to customize - * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} or + * {@code formLogin(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public FormLoginSpec formLogin() { @@ -846,7 +872,10 @@ public class ServerHttpSecurity { * {@link ReactivePreAuthenticatedAuthenticationManager} will be used. * @return the {@link X509Spec} to customize * @since 5.2 - * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} or + * {@code x509(Customizer.withDefaults())} to stick with defaults. See the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public X509Spec x509() { @@ -905,7 +934,11 @@ public class ServerHttpSecurity { * } * * @return the {@link OAuth2LoginSpec} to customize - * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} or + * {@code oauth2Login(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public OAuth2LoginSpec oauth2Login() { @@ -959,7 +992,11 @@ public class ServerHttpSecurity { * } * * @return the {@link OAuth2ClientSpec} to customize - * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} or + * {@code oauth2Client(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public OAuth2ClientSpec oauth2Client() { @@ -1087,7 +1124,10 @@ public class ServerHttpSecurity { * } * * @return the {@link HeaderSpec} to customize - * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} or + * {@code headers(Customizer.withDefaults())} to stick with defaults. See the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec headers() { @@ -1163,7 +1203,11 @@ public class ServerHttpSecurity { * } * * @return the {@link ExceptionHandlingSpec} to customize - * @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)} or + * {@code exceptionHandling(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ExceptionHandlingSpec exceptionHandling() { @@ -1231,7 +1275,11 @@ public class ServerHttpSecurity { * } * * @return the {@link AuthorizeExchangeSpec} to customize - * @deprecated For removal in 7.0. Use {@link #authorizeExchange(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #authorizeExchange(Customizer)} or + * {@code authorizeExchange(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public AuthorizeExchangeSpec authorizeExchange() { @@ -1302,7 +1350,10 @@ public class ServerHttpSecurity { * } * * @return the {@link LogoutSpec} to customize - * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} or + * {@code logout(Customizer.withDefaults())} to stick with defaults. See the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public LogoutSpec logout() { @@ -1361,7 +1412,11 @@ public class ServerHttpSecurity { * } * * @return the {@link RequestCacheSpec} to customize - * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} or + * {@code requestCache(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public RequestCacheSpec requestCache() { @@ -1917,7 +1972,11 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring - * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} or + * {@code csrf(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { @@ -2030,7 +2089,11 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring - * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} or + * {@code requestCache(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { @@ -2128,7 +2191,11 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring - * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} or + * {@code httpBasic(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { @@ -2364,7 +2431,11 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring - * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} or + * {@code formLogin(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { @@ -2490,7 +2561,11 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring - * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} or + * {@code headers(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { @@ -2509,7 +2584,11 @@ public class ServerHttpSecurity { /** * Configures cache control headers * @return the {@link CacheSpec} to configure - * @deprecated For removal in 7.0. Use {@link #cache(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #cache(Customizer)} or + * {@code cache(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public CacheSpec cache() { @@ -2552,7 +2631,11 @@ public class ServerHttpSecurity { /** * Configures frame options response headers * @return the {@link FrameOptionsSpec} to configure - * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} or + * {@code frameOptions(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public FrameOptionsSpec frameOptions() { @@ -2586,7 +2669,11 @@ public class ServerHttpSecurity { /** * Configures the Strict Transport Security response headers * @return the {@link HstsSpec} to configure - * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} or + * {@code hsts(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public HstsSpec hsts() { @@ -2613,7 +2700,11 @@ public class ServerHttpSecurity { /** * Configures x-xss-protection response header. * @return the {@link XssProtectionSpec} to configure - * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} or + * {@code xssProtection(Customizer.withDefaults())} to stick with defaults. See + * the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public XssProtectionSpec xssProtection() { @@ -2947,7 +3038,11 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity} * @return the {@link HeaderSpec} to continue configuring - * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} or + * {@code hsts(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec and() { @@ -3324,7 +3419,11 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring - * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} or + * {@code logout(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { @@ -3437,7 +3536,11 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring - * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} or + * {@code cors(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { @@ -3496,7 +3599,11 @@ public class ServerHttpSecurity { } /** - * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} or + * {@code x509(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { @@ -3751,7 +3858,11 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring - * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} or + * {@code oauth2Login(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { @@ -4088,7 +4199,11 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring - * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} or + * {@code oauth2Client(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { @@ -4238,7 +4353,10 @@ public class ServerHttpSecurity { /** * Enables JWT Resource Server support. * @return the {@link JwtSpec} for additional configuration - * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} or + * {@code jwt(Customizer.withDefaults())} to stick with defaults. See the documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public JwtSpec jwt() { @@ -4265,7 +4383,11 @@ public class ServerHttpSecurity { /** * Enables Opaque Token Resource Server support. * @return the {@link OpaqueTokenSpec} for additional configuration - * @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} or + * {@code opaqueToken(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public OpaqueTokenSpec opaqueToken() { @@ -4438,7 +4560,11 @@ public class ServerHttpSecurity { } /** - * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} or + * {@code jwt(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public OAuth2ResourceServerSpec and() { @@ -4680,7 +4806,11 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring - * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead + * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} or + * {@code anonymous(Customizer.withDefaults())} to stick with defaults. See the + * documentation + * for more details. */ @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() {