Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deprecate ChannelDecisionManager

Browse Source 
Closes gh-16681
This commit is contained in:
Josh Cummings 2025-02-28 12:35:21 -07:00
parent 72070cd191
commit ab52fd858a
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
6 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
View File

@ -23,12 +23,16 @@ import jakarta.servlet.ServletException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.util.matcher.RequestMatcher;
/**
* Decides whether a web channel provides sufficient security.
*
* @author Ben Alex
* @deprecated no replacement is planned, though consider using a custom
* {@link RequestMatcher} for any sophisticated decision-making
*/
@Deprecated
public interface ChannelDecisionManager {
/**

4
web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
View File

@ -26,6 +26,7 @@ import jakarta.servlet.ServletException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
/**
@ -44,7 +45,10 @@ import org.springframework.util.Assert;
* channel processors will be skipped (see SEC-494, SEC-335).
*
* @author Ben Alex
* @deprecated no replacement is planned, though consider using a custom
* {@link RequestMatcher} for any sophisticated decision-making
*/
@Deprecated
public class ChannelDecisionManagerImpl implements ChannelDecisionManager, InitializingBean {
public static final String ANY_CHANNEL = "ANY_CHANNEL";

2
web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
View File

@ -83,7 +83,9 @@ import org.springframework.web.filter.GenericFilterBean;
* over HTTPS.
*
* @author Ben Alex
* @deprecated see {@link org.springframework.security.web.transport.HttpsRedirectFilter}
*/
@Deprecated
public class ChannelProcessingFilter extends GenericFilterBean {
private ChannelDecisionManager channelDecisionManager;

4
web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
View File

@ -23,6 +23,7 @@ import jakarta.servlet.ServletException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.util.matcher.RequestMatcher;
/**
* Decides whether a web channel meets a specific security condition.
@ -34,7 +35,10 @@ import org.springframework.security.web.FilterInvocation;
* themselves. The callers of the implementation do not take any action.
*
* @author Ben Alex
* @deprecated no replacement is planned, though consider using a custom
* {@link RequestMatcher} for any sophisticated decision-making
*/
@Deprecated
public interface ChannelProcessor {
/**

4
web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
View File

@ -24,6 +24,7 @@ import jakarta.servlet.ServletException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
/**
@ -39,7 +40,10 @@ import org.springframework.util.Assert;
* The default <code>insecureKeyword</code> is <code>REQUIRES_INSECURE_CHANNEL</code>.
*
* @author Ben Alex
* @deprecated no replacement is planned, though consider using a custom
* {@link RequestMatcher} for any sophisticated decision-making
*/
@Deprecated
public class InsecureChannelProcessor implements InitializingBean, ChannelProcessor {
private ChannelEntryPoint entryPoint = new RetryWithHttpEntryPoint();

4
web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
View File

@ -24,6 +24,7 @@ import jakarta.servlet.ServletException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
/**
@ -39,7 +40,10 @@ import org.springframework.util.Assert;
* The default <code>secureKeyword</code> is <code>REQUIRES_SECURE_CHANNEL</code>.
*
* @author Ben Alex
* @deprecated no replacement is planned, though consider using a custom
* {@link RequestMatcher} for any sophisticated decision-making
*/
@Deprecated
public class SecureChannelProcessor implements InitializingBean, ChannelProcessor {
private ChannelEntryPoint entryPoint = new RetryWithHttpsEntryPoint();