Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Deprecate .and() and non lambda DSL methods 

Closes gh-12629
This commit is contained in:
Marcus Da Coregio 2023-04-12 10:55:59 -03:00 committed by Marcus Hert Da Coregio
parent 2b05d5dece
commit 82a149207d
12 changed files with 352 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2013 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -53,7 +53,9 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
* Return the {@link SecurityBuilder} when done using the {@link SecurityConfigurer}.
* This is useful for method chaining.
* @return the {@link SecurityBuilder} for further customizations
* @deprecated For removal in 7.0. Use the lambda based configuration instead.
*/
@Deprecated(since = "6.1", forRemoval = true)
public B and() {
return getBuilder();
}

77
config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
View File

@ -285,8 +285,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link HeadersConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead
* @see HeadersConfigurer
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<HttpSecurity> headers() throws Exception {
return getOrApply(new HeadersConfigurer<>());
}
@ -399,7 +401,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* on the classpath a {@link HandlerMappingIntrospector} is used.
* @return the {@link CorsConfigurer} for customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public CorsConfigurer<HttpSecurity> cors() throws Exception {
return getOrApply(new CorsConfigurer<>());
}
@ -486,7 +490,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* could return true.
* @return the {@link SessionManagementConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #sessionManagement(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public SessionManagementConfigurer<HttpSecurity> sessionManagement() throws Exception {
return getOrApply(new SessionManagementConfigurer<>());
}
@ -608,8 +614,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link PortMapperConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #portMapper(Customizer)} instead
* @see #requiresChannel()
*/
@Deprecated(since = "6.1", forRemoval = true)
public PortMapperConfigurer<HttpSecurity> portMapper() throws Exception {
return getOrApply(new PortMapperConfigurer<>());
}
@ -739,7 +747,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* Servlet Container's documentation.
* @return the {@link JeeConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #jee(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public JeeConfigurer<HttpSecurity> jee() throws Exception {
return getOrApply(new JeeConfigurer<>());
}
@ -850,7 +860,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link X509Configurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public X509Configurer<HttpSecurity> x509() throws Exception {
return getOrApply(new X509Configurer<>());
}
@ -928,7 +940,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link RememberMeConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #rememberMe(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public RememberMeConfigurer<HttpSecurity> rememberMe() throws Exception {
return getOrApply(new RememberMeConfigurer<>());
}
@ -1072,7 +1086,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
* @throws Exception
* @deprecated Use {@link #authorizeHttpRequests()} instead
* @deprecated For removal in 7.0. Use {@link #authorizeHttpRequests()} instead
*/
@Deprecated
public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
@ -1187,7 +1201,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
* @return the {@link HttpSecurity} for further customizations
* @throws Exception
* @deprecated Use {@link #authorizeHttpRequests} instead
* @deprecated For removal in 7.0. Use {@link #authorizeHttpRequests} instead
*/
@Deprecated
public HttpSecurity authorizeRequests(
@ -1302,7 +1316,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* @return the {@link HttpSecurity} for further customizations
* @throws Exception
* @since 5.6
* @deprecated For removal in 7.0. Use {@link #authorizeHttpRequests(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry authorizeHttpRequests()
throws Exception {
ApplicationContext context = getContext();
@ -1434,7 +1451,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* when using {@link EnableWebSecurity}.
* @return the {@link RequestCacheConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public RequestCacheConfigurer<HttpSecurity> requestCache() throws Exception {
return getOrApply(new RequestCacheConfigurer<>());
}
@ -1485,7 +1504,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* {@link EnableWebSecurity}.
* @return the {@link ExceptionHandlingConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ExceptionHandlingConfigurer<HttpSecurity> exceptionHandling() throws Exception {
return getOrApply(new ExceptionHandlingConfigurer<>());
}
@ -1537,7 +1558,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* automatically applied when using {@link EnableWebSecurity}.
* @return the {@link SecurityContextConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #securityContext(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public SecurityContextConfigurer<HttpSecurity> securityContext() throws Exception {
return getOrApply(new SecurityContextConfigurer<>());
}
@ -1582,7 +1605,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* {@link EnableWebSecurity}.
* @return the {@link ServletApiConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #servletApi(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServletApiConfigurer<HttpSecurity> servletApi() throws Exception {
return getOrApply(new ServletApiConfigurer<>());
}
@ -1638,7 +1663,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link CsrfConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public CsrfConfigurer<HttpSecurity> csrf() throws Exception {
ApplicationContext context = getContext();
return getOrApply(new CsrfConfigurer<>(context));
@ -1713,7 +1740,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link LogoutConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public LogoutConfigurer<HttpSecurity> logout() throws Exception {
return getOrApply(new LogoutConfigurer<>());
}
@ -1852,7 +1881,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link AnonymousConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public AnonymousConfigurer<HttpSecurity> anonymous() throws Exception {
return getOrApply(new AnonymousConfigurer<>());
}
@ -2015,8 +2046,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link FormLoginConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead
* @see FormLoginConfigurer#loginPage(String)
*/
@Deprecated(since = "6.1", forRemoval = true)
public FormLoginConfigurer<HttpSecurity> formLogin() throws Exception {
return getOrApply(new FormLoginConfigurer<>());
}
@ -2191,7 +2224,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* @return the {@link Saml2LoginConfigurer} for further customizations
* @throws Exception
* @since 5.2
* @deprecated For removal in 7.0. Use {@link #saml2Login(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public Saml2LoginConfigurer<HttpSecurity> saml2Login() throws Exception {
return getOrApply(new Saml2LoginConfigurer<>());
}
@ -2421,7 +2456,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* @return the {@link Saml2LoginConfigurer} for further customizations
* @throws Exception
* @since 5.6
* @deprecated For removal in 7.0. Use {@link #saml2Logout(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public Saml2LogoutConfigurer<HttpSecurity> saml2Logout() throws Exception {
return getOrApply(new Saml2LogoutConfigurer<>(getContext()));
}
@ -2517,7 +2554,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* @return the {@link Saml2MetadataConfigurer} for further customizations
* @throws Exception
* @since 6.1
* @deprecated For removal in 7.0. Use {@link #saml2Metadata(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public Saml2MetadataConfigurer<HttpSecurity> saml2Metadata() throws Exception {
return getOrApply(new Saml2MetadataConfigurer<>(getContext()));
}
@ -2608,6 +2647,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* @return the {@link OAuth2LoginConfigurer} for further customizations
* @throws Exception
* @since 5.0
* @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead
* @see <a target="_blank" href=
* "https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code
* Grant</a>
@ -2617,6 +2657,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* @see org.springframework.security.oauth2.client.registration.ClientRegistration
* @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2LoginConfigurer<HttpSecurity> oauth2Login() throws Exception {
return getOrApply(new OAuth2LoginConfigurer<>());
}
@ -2729,10 +2770,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* @return the {@link OAuth2ClientConfigurer} for further customizations
* @throws Exception
* @since 5.1
* @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead
* @see <a target="_blank" href=
* "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
* Framework</a>
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ClientConfigurer<HttpSecurity> oauth2Client() throws Exception {
OAuth2ClientConfigurer<HttpSecurity> configurer = getOrApply(new OAuth2ClientConfigurer<>());
this.postProcess(configurer);
@ -2783,10 +2826,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* @return the {@link OAuth2ResourceServerConfigurer} for further customizations
* @throws Exception
* @since 5.1
* @deprecated For removal in 7.0. Use {@link #oauth2ResourceServer(Customizer)}
* instead
* @see <a target="_blank" href=
* "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
* Framework</a>
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ResourceServerConfigurer<HttpSecurity> oauth2ResourceServer() throws Exception {
OAuth2ResourceServerConfigurer<HttpSecurity> configurer = getOrApply(
new OAuth2ResourceServerConfigurer<>(getContext()));
@ -2884,7 +2930,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link ChannelSecurityConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #requiresChannel(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ChannelSecurityConfigurer<HttpSecurity>.ChannelRequestMatcherRegistry requiresChannel() throws Exception {
ApplicationContext context = getContext();
return getOrApply(new ChannelSecurityConfigurer<>(context)).getRegistry();
@ -2979,7 +3027,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* </pre>
* @return the {@link HttpBasicConfigurer} for further customizations
* @throws Exception
* @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HttpBasicConfigurer<HttpSecurity> httpBasic() throws Exception {
return getOrApply(new HttpBasicConfigurer<>());
}
@ -3308,7 +3358,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
* }
* </pre>
* @return the {@link RequestMatcherConfigurer} for further customizations
* @deprecated For removal in 7.0. Use {@link #securityMatchers(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public RequestMatcherConfigurer securityMatchers() {
return this.requestMatcherConfigurer;
}
@ -3566,7 +3618,28 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
/**
* Return the {@link HttpSecurity} for further customizations
* @return the {@link HttpSecurity} for further customizations
* @deprecated Use the lambda based configuration instead. For example: <pre>
* &#064;Configuration
* &#064;EnableWebSecurity
* public class SecurityConfig {
*
* &#064;Bean
* public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
* http
* .securityMatchers((matchers) -&gt; matchers
* .requestMatchers(&quot;/api/**&quot;)
* )
* .authorizeHttpRequests((authorize) -&gt; authorize
* .anyRequest().hasRole(&quot;USER&quot;)
* )
* .httpBasic(Customizer.withDefaults());
* return http.build();
* }
*
* }
* </pre>
*/
@Deprecated(since = "6.1", forRemoval = true)
public HttpSecurity and() {
return HttpSecurity.this;
}

2
config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
View File

@ -222,7 +222,9 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
* Return the {@link HttpSecurityBuilder} when done using the
* {@link AuthorizeHttpRequestsConfigurer}. This is useful for method chaining.
* @return the {@link HttpSecurityBuilder} for further customizations
* @deprecated For removal in 7.0. Use the lambda based configuration instead.
*/
@Deprecated(since = "6.1", forRemoval = true)
public H and() {
return AuthorizeHttpRequestsConfigurer.this.and();
}

6
config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -24,6 +24,7 @@ import java.util.List;
import org.springframework.context.ApplicationContext;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityBuilder;
import org.springframework.security.config.annotation.SecurityConfigurer;
@ -194,7 +195,10 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
* Return the {@link SecurityBuilder} when done using the
* {@link SecurityConfigurer}. This is useful for method chaining.
* @return the type of {@link HttpSecurityBuilder} that is being configured
* @deprecated For removal in 7.0. Use
* {@link HttpSecurity#requiresChannel(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public H and() {
return ChannelSecurityConfigurer.this.and();
}

2
config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.

64
config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -135,7 +135,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* X-Content-Type-Options: nosniff
* </pre>
* @return the {@link ContentTypeOptionsConfig} for additional customizations
* @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ContentTypeOptionsConfig contentTypeOptions() {
return this.contentTypeOptions.enable();
}
@ -166,7 +168,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* >X-XSS-Protection header</a>
* </p>
* @return the {@link XXssConfig} for additional customizations
* @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public XXssConfig xssProtection() {
return this.xssProtection.enable();
}
@ -197,7 +201,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* <li>Expires: 0</li>
* </ul>
* @return the {@link CacheControlConfig} for additional customizations
* @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public CacheControlConfig cacheControl() {
return this.cacheControl.enable();
}
@ -224,7 +230,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
* (HSTS)</a>.
* @return the {@link HstsConfig} for additional customizations
* @deprecated For removal in 7.0. Use
* {@link #httpStrictTransportSecurity(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HstsConfig httpStrictTransportSecurity() {
return this.hsts.enable();
}
@ -245,7 +254,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
/**
* Allows customizing the {@link XFrameOptionsHeaderWriter}.
* @return the {@link FrameOptionsConfig} for additional customizations
* @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public FrameOptionsConfig frameOptions() {
return this.frameOptions.enable();
}
@ -315,8 +326,11 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* @return the {@link ContentSecurityPolicyConfig} for additional configuration
* @throws IllegalArgumentException if policyDirectives is null or empty
* @since 4.1
* @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)}
* instead
* @see ContentSecurityPolicyHeaderWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
public ContentSecurityPolicyConfig contentSecurityPolicy(String policyDirectives) {
this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
return this.contentSecurityPolicy;
@ -446,8 +460,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* </pre>
* @return the {@link ReferrerPolicyConfig} for additional configuration
* @since 4.2
* @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead
* @see ReferrerPolicyHeaderWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
public ReferrerPolicyConfig referrerPolicy() {
this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
return this.referrerPolicy;
@ -469,8 +485,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* @return the {@link ReferrerPolicyConfig} for additional configuration
* @throws IllegalArgumentException if policy is null or empty
* @since 4.2
* @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead
* @see ReferrerPolicyHeaderWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
public ReferrerPolicyConfig referrerPolicy(ReferrerPolicy policy) {
this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter(policy);
return this.referrerPolicy;
@ -512,7 +530,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* @return the {@link FeaturePolicyConfig} for additional configuration
* @throws IllegalArgumentException if policyDirectives is {@code null} or empty
* @since 5.1
* @deprecated Use {@link #permissionsPolicy(Customizer)} instead.
* @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} instead.
* @seeObjectPostProcessorConfiguration FeaturePolicyHeaderWriter
*/
@Deprecated
@ -537,8 +555,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* </ul>
* @return the {@link PermissionsPolicyConfig} for additional configuration
* @since 5.5
* @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} instead
* @see PermissionsPolicyHeaderWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
public PermissionsPolicyConfig permissionsPolicy() {
this.permissionsPolicy.writer = new PermissionsPolicyHeaderWriter();
return this.permissionsPolicy;
@ -575,8 +595,11 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* </p>
* @return the {@link CrossOriginOpenerPolicyConfig} for additional confniguration
* @since 5.7
* @deprecated For removal in 7.0. Use {@link #crossOriginOpenerPolicy(Customizer)}
* instead
* @see CrossOriginOpenerPolicyHeaderWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
public CrossOriginOpenerPolicyConfig crossOriginOpenerPolicy() {
this.crossOriginOpenerPolicy.writer = new CrossOriginOpenerPolicyHeaderWriter();
return this.crossOriginOpenerPolicy;
@ -616,8 +639,11 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* </p>
* @return the {@link CrossOriginEmbedderPolicyConfig} for additional customizations
* @since 5.7
* @deprecated For removal in 7.0. Use {@link #crossOriginEmbedderPolicy(Customizer)}
* instead
* @see CrossOriginEmbedderPolicyHeaderWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
public CrossOriginEmbedderPolicyConfig crossOriginEmbedderPolicy() {
this.crossOriginEmbedderPolicy.writer = new CrossOriginEmbedderPolicyHeaderWriter();
return this.crossOriginEmbedderPolicy;
@ -657,8 +683,11 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* </p>
* @return the {@link HeadersConfigurer} for additional customizations
* @since 5.7
* @deprecated For removal in 7.0. Use {@link #crossOriginResourcePolicy(Customizer)}
* instead
* @see CrossOriginResourcePolicyHeaderWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
public CrossOriginResourcePolicyConfig crossOriginResourcePolicy() {
this.crossOriginResourcePolicy.writer = new CrossOriginResourcePolicyHeaderWriter();
return this.crossOriginResourcePolicy;
@ -708,7 +737,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
/**
* Allows customizing the {@link HeadersConfigurer}
* @return the {@link HeadersConfigurer} for additional customization
* @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}
@ -781,7 +813,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* Allows completing configuration of X-XSS-Protection and continuing
* configuration of headers.
* @return the {@link HeadersConfigurer} for additional configuration
* @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}
@ -820,7 +854,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* Allows completing configuration of Cache Control and continuing configuration
* of headers.
* @return the {@link HeadersConfigurer} for additional configuration
* @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}
@ -926,7 +962,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* Allows completing configuration of Strict Transport Security and continuing
* configuration of headers.
* @return the {@link HeadersConfigurer} for additional configuration
* @deprecated For removal in 7.0. Use
* {@link #httpStrictTransportSecurity(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}
@ -987,7 +1026,9 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
/**
* Allows continuing customizing the headers configuration.
* @return the {@link HeadersConfigurer} for additional configuration
* @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}
@ -1210,7 +1251,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* Allows completing configuration of Content Security Policy and continuing
* configuration of headers.
* @return the {@link HeadersConfigurer} for additional configuration
* @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}
@ -1235,6 +1279,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
return this;
}
/**
* @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}
@ -1281,7 +1329,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* Allows completing configuration of Permissions Policy and continuing
* configuration of headers.
* @return the {@link HeadersConfigurer} for additional configuration
* @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}
@ -1311,7 +1362,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* Allows completing configuration of Cross Origin Opener Policy and continuing
* configuration of headers.
* @return the {@link HeadersConfigurer} for additional configuration
* @deprecated For removal in 7.0. Use
* {@link #crossOriginOpenerPolicy(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}
@ -1342,7 +1396,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* Allows completing configuration of Cross-Origin-Embedder-Policy and continuing
* configuration of headers.
* @return the {@link HeadersConfigurer} for additional configuration
* @deprecated For removal in 7.0. Use
* {@link #crossOriginEmbedderPolicy(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}
@ -1373,7 +1430,10 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
* Allows completing configuration of Cross-Origin-Resource-Policy and continuing
* configuration of headers.
* @return the {@link HeadersConfigurer} for additional configuration
* @deprecated For removal in 7.0. Use
* {@link #crossOriginResourcePolicy(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeadersConfigurer<H> and() {
return HeadersConfigurer.this;
}

5
config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -769,7 +769,10 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
/**
* Used to chain back to the {@link SessionManagementConfigurer}
* @return the {@link SessionManagementConfigurer} for further customizations
* @deprecated For removal in 7.0. Use {@link #sessionConcurrency(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public SessionManagementConfigurer<H> and() {
return SessionManagementConfigurer.this;
}

8
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -136,7 +136,10 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
* Returns the {@link AuthorizationCodeGrantConfigurer} for configuring the OAuth 2.0
* Authorization Code Grant.
* @return the {@link AuthorizationCodeGrantConfigurer}
* @deprecated For removal in 7.0. Use {@link #authorizationCodeGrant(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public AuthorizationCodeGrantConfigurer authorizationCodeGrant() {
return this.authorizationCodeGrantConfigurer;
}
@ -233,7 +236,10 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
/**
* Returns the {@link OAuth2ClientConfigurer} for further configuration.
* @return the {@link OAuth2ClientConfigurer}
* @deprecated For removal in 7.0. Use {@link #authorizationCodeGrant(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ClientConfigurer<B> and() {
return OAuth2ClientConfigurer.this;
}

23
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -206,7 +206,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
* Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization
* Server's Authorization Endpoint.
* @return the {@link AuthorizationEndpointConfig}
* @deprecated For removal in 7.0. Use {@link #authorizationEndpoint(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public AuthorizationEndpointConfig authorizationEndpoint() {
return this.authorizationEndpointConfig;
}
@ -227,7 +230,9 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
* Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's
* Token Endpoint.
* @return the {@link TokenEndpointConfig}
* @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public TokenEndpointConfig tokenEndpoint() {
return this.tokenEndpointConfig;
}
@ -248,7 +253,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
* Returns the {@link RedirectionEndpointConfig} for configuring the Client's
* Redirection Endpoint.
* @return the {@link RedirectionEndpointConfig}
* @deprecated For removal in 7.0. Use {@link #redirectionEndpoint(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public RedirectionEndpointConfig redirectionEndpoint() {
return this.redirectionEndpointConfig;
}
@ -269,7 +277,9 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
* Returns the {@link UserInfoEndpointConfig} for configuring the Authorization
* Server's UserInfo Endpoint.
* @return the {@link UserInfoEndpointConfig}
* @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public UserInfoEndpointConfig userInfoEndpoint() {
return this.userInfoEndpointConfig;
}
@ -590,7 +600,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
/**
* Returns the {@link OAuth2LoginConfigurer} for further configuration.
* @return the {@link OAuth2LoginConfigurer}
* @deprecated For removal in 7.0. Use {@link #authorizationEndpoint(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2LoginConfigurer<B> and() {
return OAuth2LoginConfigurer.this;
}
@ -624,7 +637,9 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
/**
* Returns the {@link OAuth2LoginConfigurer} for further configuration.
* @return the {@link OAuth2LoginConfigurer}
* @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2LoginConfigurer<B> and() {
return OAuth2LoginConfigurer.this;
}
@ -656,7 +671,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
/**
* Returns the {@link OAuth2LoginConfigurer} for further configuration.
* @return the {@link OAuth2LoginConfigurer}
* @deprecated For removal in 7.0. Use {@link #redirectionEndpoint(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2LoginConfigurer<B> and() {
return OAuth2LoginConfigurer.this;
}
@ -718,7 +736,10 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
/**
* Returns the {@link OAuth2LoginConfigurer} for further configuration.
* @return the {@link OAuth2LoginConfigurer}
* @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2LoginConfigurer<B> and() {
return OAuth2LoginConfigurer.this;
}

14
config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -198,6 +198,10 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
return this;
}
/**
* @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public JwtConfigurer jwt() {
if (this.jwtConfigurer == null) {
this.jwtConfigurer = new JwtConfigurer(this.context);
@ -219,6 +223,10 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
return this;
}
/**
* @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OpaqueTokenConfigurer opaqueToken() {
if (this.opaqueTokenConfigurer == null) {
this.opaqueTokenConfigurer = new OpaqueTokenConfigurer(this.context);
@ -394,6 +402,10 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
return this;
}
/**
* @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ResourceServerConfigurer<H> and() {
return OAuth2ResourceServerConfigurer.this;
}

14
config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
View File

@ -168,7 +168,9 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
/**
* Get configurer for SAML 2.0 Logout Request components
* @return the {@link LogoutRequestConfigurer} for further customizations
* @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public LogoutRequestConfigurer logoutRequest() {
return this.logoutRequestConfigurer;
}
@ -188,13 +190,15 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
/**
* Get configurer for SAML 2.0 Logout Response components
* @return the {@link LogoutResponseConfigurer} for further customizations
* @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public LogoutResponseConfigurer logoutResponse() {
return this.logoutResponseConfigurer;
}
/**
* Configures SAML 2.0 Logout Request components
* Configures SAML 2.0 Logout Response components
* @param logoutResponseConfigurerCustomizer the {@link Customizer} to provide more
* options for the {@link LogoutResponseConfigurer}
* @return the {@link Saml2LogoutConfigurer} for further customizations
@ -371,6 +375,10 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
return this;
}
/**
* @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public Saml2LogoutConfigurer<H> and() {
return Saml2LogoutConfigurer.this;
}
@ -439,6 +447,10 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
return this;
}
/**
* @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public Saml2LogoutConfigurer<H> and() {
return Saml2LogoutConfigurer.this;
}

147
config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2022 the original author or authors.
* Copyright 2002-2023 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -421,7 +421,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link HttpsRedirectSpec} to customize
* @deprecated For removal in 7.0. Use {@link #redirectToHttps(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HttpsRedirectSpec redirectToHttps() {
this.httpsRedirectSpec = new HttpsRedirectSpec();
return this.httpsRedirectSpec;
@ -502,7 +504,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link CsrfSpec} to customize
* @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public CsrfSpec csrf() {
if (this.csrf == null) {
this.csrf = new CsrfSpec();
@ -566,7 +570,9 @@ public class ServerHttpSecurity {
* used instead. If neither has been configured, the Cors configuration will do
* nothing.
* @return the {@link CorsSpec} to customize
* @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public CorsSpec cors() {
if (this.cors == null) {
this.cors = new CorsSpec();
@ -608,7 +614,9 @@ public class ServerHttpSecurity {
* </pre>
* @return the {@link AnonymousSpec} to customize
* @since 5.2.0
* @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public AnonymousSpec anonymous() {
if (this.anonymous == null) {
this.anonymous = new AnonymousSpec();
@ -662,7 +670,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link HttpBasicSpec} to customize
* @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HttpBasicSpec httpBasic() {
if (this.httpBasic == null) {
this.httpBasic = new HttpBasicSpec();
@ -714,7 +724,9 @@ public class ServerHttpSecurity {
* </pre>
* @return the {@link PasswordManagementSpec} to customize
* @since 5.6
* @deprecated For removal in 7.0. Use {@link #passwordManagement(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public PasswordManagementSpec passwordManagement() {
if (this.passwordManagement == null) {
this.passwordManagement = new PasswordManagementSpec();
@ -771,7 +783,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link FormLoginSpec} to customize
* @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public FormLoginSpec formLogin() {
if (this.formLogin == null) {
this.formLogin = new FormLoginSpec();
@ -832,7 +846,9 @@ public class ServerHttpSecurity {
* {@link ReactivePreAuthenticatedAuthenticationManager} will be used.
* @return the {@link X509Spec} to customize
* @since 5.2
* @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public X509Spec x509() {
if (this.x509 == null) {
this.x509 = new X509Spec();
@ -889,7 +905,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link OAuth2LoginSpec} to customize
* @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2LoginSpec oauth2Login() {
if (this.oauth2Login == null) {
this.oauth2Login = new OAuth2LoginSpec();
@ -941,7 +959,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link OAuth2ClientSpec} to customize
* @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ClientSpec oauth2Client() {
if (this.client == null) {
this.client = new OAuth2ClientSpec();
@ -992,7 +1012,10 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link OAuth2ResourceServerSpec} to customize
* @deprecated For removal in 7.0. Use {@link #oauth2ResourceServer(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ResourceServerSpec oauth2ResourceServer() {
if (this.resourceServer == null) {
this.resourceServer = new OAuth2ResourceServerSpec();
@ -1064,7 +1087,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link HeaderSpec} to customize
* @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec headers() {
if (this.headers == null) {
this.headers = new HeaderSpec();
@ -1138,7 +1163,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link ExceptionHandlingSpec} to customize
* @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ExceptionHandlingSpec exceptionHandling() {
if (this.exceptionHandling == null) {
this.exceptionHandling = new ExceptionHandlingSpec();
@ -1204,7 +1231,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link AuthorizeExchangeSpec} to customize
* @deprecated For removal in 7.0. Use {@link #authorizeExchange(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public AuthorizeExchangeSpec authorizeExchange() {
if (this.authorizeExchange == null) {
this.authorizeExchange = new AuthorizeExchangeSpec();
@ -1273,7 +1302,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link LogoutSpec} to customize
* @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public LogoutSpec logout() {
if (this.logout == null) {
this.logout = new LogoutSpec();
@ -1330,7 +1361,9 @@ public class ServerHttpSecurity {
* }
* </pre>
* @return the {@link RequestCacheSpec} to customize
* @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public RequestCacheSpec requestCache() {
return this.requestCache;
}
@ -1603,7 +1636,10 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #authorizeExchange(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -1801,7 +1837,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated use {@link #redirectToHttps(Customizer)}
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -1879,7 +1917,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -1945,7 +1985,10 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -1987,7 +2030,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -2083,7 +2128,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -2156,7 +2203,10 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}.
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #passwordManagement(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -2314,7 +2364,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -2438,7 +2490,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -2455,7 +2509,9 @@ public class ServerHttpSecurity {
/**
* Configures cache control headers
* @return the {@link CacheSpec} to configure
* @deprecated For removal in 7.0. Use {@link #cache(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public CacheSpec cache() {
return new CacheSpec();
}
@ -2474,7 +2530,10 @@ public class ServerHttpSecurity {
/**
* Configures content type response headers
* @return the {@link ContentTypeOptionsSpec} to configure
* @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ContentTypeOptionsSpec contentTypeOptions() {
return new ContentTypeOptionsSpec();
}
@ -2493,7 +2552,9 @@ public class ServerHttpSecurity {
/**
* Configures frame options response headers
* @return the {@link FrameOptionsSpec} to configure
* @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public FrameOptionsSpec frameOptions() {
return new FrameOptionsSpec();
}
@ -2525,7 +2586,9 @@ public class ServerHttpSecurity {
/**
* Configures the Strict Transport Security response headers
* @return the {@link HstsSpec} to configure
* @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HstsSpec hsts() {
return new HstsSpec();
}
@ -2550,7 +2613,9 @@ public class ServerHttpSecurity {
/**
* Configures x-xss-protection response header.
* @return the {@link XssProtectionSpec} to configure
* @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public XssProtectionSpec xssProtection() {
return new XssProtectionSpec();
}
@ -2570,7 +2635,10 @@ public class ServerHttpSecurity {
* Configures {@code Content-Security-Policy} response header.
* @param policyDirectives the policy directive(s)
* @return the {@link ContentSecurityPolicySpec} to configure
* @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)}
* instead.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ContentSecurityPolicySpec contentSecurityPolicy(String policyDirectives) {
return new ContentSecurityPolicySpec(policyDirectives);
}
@ -2590,7 +2658,8 @@ public class ServerHttpSecurity {
* Configures {@code Feature-Policy} response header.
* @param policyDirectives the policy
* @return the {@link FeaturePolicySpec} to configure
* @deprecated Use {@link #permissionsPolicy(Customizer)} instead.
* @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)}
* instead.
*/
@Deprecated
public FeaturePolicySpec featurePolicy(String policyDirectives) {
@ -2600,7 +2669,10 @@ public class ServerHttpSecurity {
/**
* Configures {@code Permissions-Policy} response header.
* @return the {@link PermissionsPolicySpec} to configure
* @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)}
* instead.
*/
@Deprecated(since = "6.1", forRemoval = true)
public PermissionsPolicySpec permissionsPolicy() {
return new PermissionsPolicySpec();
}
@ -2620,7 +2692,10 @@ public class ServerHttpSecurity {
* Configures {@code Referrer-Policy} response header.
* @param referrerPolicy the policy to use
* @return the {@link ReferrerPolicySpec} to configure
* @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)}
* instead.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ReferrerPolicySpec referrerPolicy(ReferrerPolicy referrerPolicy) {
return new ReferrerPolicySpec(referrerPolicy);
}
@ -2628,7 +2703,10 @@ public class ServerHttpSecurity {
/**
* Configures {@code Referrer-Policy} response header.
* @return the {@link ReferrerPolicySpec} to configure
* @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)}
* instead.
*/
@Deprecated(since = "6.1", forRemoval = true)
public ReferrerPolicySpec referrerPolicy() {
return new ReferrerPolicySpec();
}
@ -2650,8 +2728,11 @@ public class ServerHttpSecurity {
* Cross-Origin-Opener-Policy</a> header.
* @return the {@link CrossOriginOpenerPolicySpec} to configure
* @since 5.7
* @deprecated For removal in 7.0. Use
* {@link #crossOriginOpenerPolicy(Customizer)} instead.
* @see CrossOriginOpenerPolicyServerHttpHeadersWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
public CrossOriginOpenerPolicySpec crossOriginOpenerPolicy() {
return new CrossOriginOpenerPolicySpec();
}
@ -2676,8 +2757,11 @@ public class ServerHttpSecurity {
* Cross-Origin-Embedder-Policy</a> header.
* @return the {@link CrossOriginEmbedderPolicySpec} to configure
* @since 5.7
* @deprecated For removal in 7.0. Use
* {@link #crossOriginEmbedderPolicy(Customizer)} instead.
* @see CrossOriginEmbedderPolicyServerHttpHeadersWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
public CrossOriginEmbedderPolicySpec crossOriginEmbedderPolicy() {
return new CrossOriginEmbedderPolicySpec();
}
@ -2702,8 +2786,11 @@ public class ServerHttpSecurity {
* Cross-Origin-Resource-Policy</a> header.
* @return the {@link CrossOriginResourcePolicySpec} to configure
* @since 5.7
* @deprecated For removal in 7.0. Use
* {@link #crossOriginResourcePolicy(Customizer)} instead.
* @see CrossOriginResourcePolicyServerHttpHeadersWriter
*/
@Deprecated(since = "6.1", forRemoval = true)
public CrossOriginResourcePolicySpec crossOriginResourcePolicy() {
return new CrossOriginResourcePolicySpec();
}
@ -2789,7 +2876,10 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}
* @return the {@link HeaderSpec} to continue configuring
* @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
private HeaderSpec and() {
return HeaderSpec.this;
}
@ -2857,7 +2947,9 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}
* @return the {@link HeaderSpec} to continue configuring
* @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec and() {
return HeaderSpec.this;
}
@ -2946,7 +3038,10 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}.
* @return the {@link HeaderSpec} to continue configuring
* @deprecated For removal in 7.0. Use
* {@link #contentSecurityPolicy(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec and() {
return HeaderSpec.this;
}
@ -2973,7 +3068,10 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}.
* @return the {@link HeaderSpec} to continue configuring
* @deprecated For removal in 7.0. Use {@link #featurePolicy(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec and() {
return HeaderSpec.this;
}
@ -3005,7 +3103,10 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}.
* @return the {@link HeaderSpec} to continue configuring
* @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec and() {
return HeaderSpec.this;
}
@ -3042,7 +3143,10 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}.
* @return the {@link HeaderSpec} to continue configuring
* @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec and() {
return HeaderSpec.this;
}
@ -3073,7 +3177,10 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}.
* @return the {@link HeaderSpec} to continue configuring
* @deprecated For removal in 7.0. Use
* {@link #crossOriginOpenerPolicy(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec and() {
return HeaderSpec.this;
}
@ -3104,7 +3211,10 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}.
* @return the {@link HeaderSpec} to continue configuring
* @deprecated For removal in 7.0. Use
* {@link #crossOriginEmbedderPolicy(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec and() {
return HeaderSpec.this;
}
@ -3135,7 +3245,10 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}.
* @return the {@link HeaderSpec} to continue configuring
* @deprecated For removal in 7.0. Use
* {@link #crossOriginResourcePolicy(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public HeaderSpec and() {
return HeaderSpec.this;
}
@ -3211,7 +3324,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -3322,7 +3437,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -3378,6 +3495,10 @@ public class ServerHttpSecurity {
return this;
}
/**
* @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -3630,7 +3751,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -3965,7 +4088,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -4113,7 +4238,9 @@ public class ServerHttpSecurity {
/**
* Enables JWT Resource Server support.
* @return the {@link JwtSpec} for additional configuration
* @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public JwtSpec jwt() {
if (this.jwt == null) {
this.jwt = new JwtSpec();
@ -4138,7 +4265,9 @@ public class ServerHttpSecurity {
/**
* Enables Opaque Token Resource Server support.
* @return the {@link OpaqueTokenSpec} for additional configuration
* @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OpaqueTokenSpec opaqueToken() {
if (this.opaqueToken == null) {
this.opaqueToken = new OpaqueTokenSpec();
@ -4230,6 +4359,11 @@ public class ServerHttpSecurity {
return new ServerAuthenticationEntryPointFailureHandler(this.entryPoint);
}
/**
* @deprecated For removal in 7.0. Use {@link #oauth2ResourceServer(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}
@ -4303,6 +4437,10 @@ public class ServerHttpSecurity {
return this;
}
/**
* @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ResourceServerSpec and() {
return OAuth2ResourceServerSpec.this;
}
@ -4413,7 +4551,10 @@ public class ServerHttpSecurity {
* Allows method chaining to continue configuring the
* {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)}
* instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public OAuth2ResourceServerSpec and() {
return OAuth2ResourceServerSpec.this;
}
@ -4539,7 +4680,9 @@ public class ServerHttpSecurity {
/**
* Allows method chaining to continue configuring the {@link ServerHttpSecurity}
* @return the {@link ServerHttpSecurity} to continue configuring
* @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead
*/
@Deprecated(since = "6.1", forRemoval = true)
public ServerHttpSecurity and() {
return ServerHttpSecurity.this;
}