From b1d013e8f0ffebce8c3a736e93ec34575487a10c Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Mon, 26 Mar 2018 20:01:40 -0500 Subject: [PATCH] Fix JDK 9 Issue: gh-5160 --- build.gradle | 8 ++++++++ .../CasAuthenticationTokenMixinTests.java | 4 +++- config/spring-security-config.gradle | 1 + .../security/core/userdetails/User.java | 1 + .../jackson2/SecurityJackson2Modules.java | 18 +++++++++++++++--- .../jackson2/SecurityContextMixinTests.java | 16 ++++++++++------ .../security/crypto/codec/Base64.java | 1 + data/spring-security-data.gradle | 2 ++ gradle/dependency-management.gradle | 13 ++++++++----- ...ecurity-samples-javaconfig-hellomvc.gradle | 1 + ...ecurity-samples-javaconfig-inmemory.gradle | 1 + ...ng-security-samples-javaconfig-ldap.gradle | 1 + ...-security-samples-javaconfig-openid.gradle | 1 + ...pring-security-samples-xml-insecure.gradle | 1 + ...ng-security-samples-xml-insecuremvc.gradle | 1 + test/spring-security-test.gradle | 1 + ...ityContextTestExcecutionListenerTests.java | 2 +- ...MockMvcRequestPostProcessorsUserTests.java | 11 ++++++----- web/spring-security-web.gradle | 2 +- .../DefaultWASUsernameAndGroupsExtractor.java | 19 ++++++++++++++----- .../annotation/AuthenticationPrincipal.java | 1 + .../web/session/ConcurrentSessionFilter.java | 2 ++ 22 files changed, 81 insertions(+), 27 deletions(-) diff --git a/build.gradle b/build.gradle index 0aebd2deaf..53de5b415a 100644 --- a/build.gradle +++ b/build.gradle @@ -30,3 +30,11 @@ gradle.taskGraph.whenReady { graph -> } } } + + +subprojects { + plugins.withType(JavaPlugin) { + project.sourceCompatibility='1.8' + } +} + diff --git a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java index bd66b6cf67..7501126ff7 100644 --- a/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java +++ b/cas/src/test/java/org/springframework/security/cas/jackson2/CasAuthenticationTokenMixinTests.java @@ -137,7 +137,9 @@ public class CasAuthenticationTokenMixinTests { assertThat(token.getUserDetails()).isNotNull().isInstanceOf(User.class); assertThat(token.getAssertion()).isNotNull().isInstanceOf(AssertionImpl.class); assertThat(token.getKeyHash()).isEqualTo(KEY.hashCode()); - assertThat(token.getUserDetails().getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); + assertThat(token.getUserDetails().getAuthorities()) + .extracting(GrantedAuthority::getAuthority) + .containsOnly("ROLE_USER"); assertThat(token.getAssertion().getAuthenticationDate()).isEqualTo(START_DATE); assertThat(token.getAssertion().getValidFromDate()).isEqualTo(START_DATE); assertThat(token.getAssertion().getValidUntilDate()).isEqualTo(END_DATE); diff --git a/config/spring-security-config.gradle b/config/spring-security-config.gradle index b6c6661299..23fa96f840 100644 --- a/config/spring-security-config.gradle +++ b/config/spring-security-config.gradle @@ -36,6 +36,7 @@ dependencies { testCompile spockDependencies testCompile 'ch.qos.logback:logback-classic' testCompile 'javax.annotation:jsr250-api:1.0' + testCompile 'javax.xml.bind:jaxb-api' testCompile 'ldapsdk:ldapsdk:4.1' testCompile('net.sourceforge.htmlunit:htmlunit') { exclude group: 'commons-logging', module: 'commons-logging' diff --git a/core/src/main/java/org/springframework/security/core/userdetails/User.java b/core/src/main/java/org/springframework/security/core/userdetails/User.java index b974d2d3ab..4ab2bfe1be 100644 --- a/core/src/main/java/org/springframework/security/core/userdetails/User.java +++ b/core/src/main/java/org/springframework/security/core/userdetails/User.java @@ -327,6 +327,7 @@ public class User implements UserDetails, CredentialsContainer { * acceptable for demos and getting started. For production purposes, ensure the * password is encoded externally. See the method Javadoc for additional details. */ + @Deprecated public static UserBuilder withDefaultPasswordEncoder() { logger.warn("User.withDefaultPasswordEncoder() is considered unsafe for production and is only intended for sample applications."); PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); diff --git a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java index 13eafbbf81..69298bdbe7 100644 --- a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java +++ b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java @@ -18,16 +18,28 @@ package org.springframework.security.jackson2; import com.fasterxml.jackson.annotation.JacksonAnnotation; import com.fasterxml.jackson.annotation.JsonTypeInfo; -import com.fasterxml.jackson.databind.*; +import com.fasterxml.jackson.databind.DatabindContext; +import com.fasterxml.jackson.databind.DeserializationConfig; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.Module; +import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.cfg.MapperConfig; -import com.fasterxml.jackson.databind.jsontype.*; +import com.fasterxml.jackson.databind.jsontype.NamedType; +import com.fasterxml.jackson.databind.jsontype.TypeIdResolver; +import com.fasterxml.jackson.databind.jsontype.TypeResolverBuilder; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.core.annotation.AnnotationUtils; import org.springframework.util.ClassUtils; import java.io.IOException; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.List; +import java.util.Set; /** * This utility class will find all the SecurityModules in classpath. diff --git a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java index c5426b9b24..aa56ccf30c 100644 --- a/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java +++ b/core/src/test/java/org/springframework/security/jackson2/SecurityContextMixinTests.java @@ -16,7 +16,12 @@ package org.springframework.security.jackson2; -import com.fasterxml.jackson.core.JsonProcessingException; +import static org.assertj.core.api.Assertions.assertThat; + +import java.io.IOException; +import java.util.Collection; +import java.util.Collections; + import org.json.JSONException; import org.junit.Test; import org.skyscreamer.jsonassert.JSONAssert; @@ -25,10 +30,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextImpl; -import java.io.IOException; -import java.util.Collections; - -import static org.assertj.core.api.Assertions.assertThat; +import com.fasterxml.jackson.core.JsonProcessingException; /** * @author Jitendra Singh @@ -59,6 +61,8 @@ public class SecurityContextMixinTests extends AbstractMixinTests { assertThat(context.getAuthentication().getPrincipal()).isEqualTo("admin"); assertThat(context.getAuthentication().getCredentials()).isEqualTo("1234"); assertThat(context.getAuthentication().isAuthenticated()).isTrue(); - assertThat(context.getAuthentication().getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER")); + Collection authorities = context.getAuthentication().getAuthorities(); + assertThat(authorities).hasSize(1); + assertThat(authorities).contains(new SimpleGrantedAuthority("ROLE_USER")); } } diff --git a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java index 04a54ec2bb..aaa01830e5 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java +++ b/crypto/src/main/java/org/springframework/security/crypto/codec/Base64.java @@ -26,6 +26,7 @@ package org.springframework.security.crypto.codec; * @since 3.0 * @deprecated Use java.util.Base64 */ +@Deprecated public final class Base64 { /** No options specified. Value is zero. */ diff --git a/data/spring-security-data.gradle b/data/spring-security-data.gradle index aa3a22116d..8830889f2e 100644 --- a/data/spring-security-data.gradle +++ b/data/spring-security-data.gradle @@ -2,6 +2,8 @@ apply plugin: 'io.spring.convention.spring-module' dependencies { compile project(':spring-security-core') + compile 'javax.xml.bind:jaxb-api' compile 'org.springframework.data:spring-data-commons' compile 'org.springframework:spring-core' + } diff --git a/gradle/dependency-management.gradle b/gradle/dependency-management.gradle index e14d22731d..bad742c8c8 100644 --- a/gradle/dependency-management.gradle +++ b/gradle/dependency-management.gradle @@ -58,6 +58,8 @@ dependencyManagement { dependency 'com.nimbusds:oauth2-oidc-sdk:5.56' dependency 'com.squareup.okhttp3:okhttp:3.9.0' dependency 'com.squareup.okio:okio:1.13.0' + dependency 'com.sun.xml.bind:jaxb-core:2.3.0' + dependency 'com.sun.xml.bind:jaxb-impl:2.3.0' dependency 'com.unboundid:unboundid-ldapsdk:4.0.4' dependency 'com.vaadin.external.google:android-json:0.0.20131108.vaadin1' dependency 'commons-cli:commons-cli:1.4' @@ -76,6 +78,7 @@ dependencyManagement { dependency 'javax.servlet.jsp:javax.servlet.jsp-api:2.3.2-b02' dependency 'javax.servlet:javax.servlet-api:4.0.0' dependency 'javax.validation:validation-api:2.0.1.Final' + dependency 'javax.xml.bind:jaxb-api:2.3.0' dependency 'junit:junit:4.12' dependency 'ldapsdk:ldapsdk:4.1' dependency 'net.bytebuddy:byte-buddy-agent:1.7.9' @@ -139,16 +142,16 @@ dependencyManagement { dependency 'org.apache.tomcat.embed:tomcat-embed-logging-log4j:8.0.44' dependency 'org.apache.tomcat.embed:tomcat-embed-websocket:8.5.23' dependency 'org.apache.tomcat:tomcat-annotations-api:8.5.23' - dependency 'org.aspectj:aspectjrt:1.8.13' - dependency 'org.aspectj:aspectjtools:1.8.13' + dependency 'org.aspectj:aspectjrt:1.9.0.RC2' + dependency 'org.aspectj:aspectjtools:1.9.0.RC2' dependency 'org.aspectj:aspectjweaver:1.8.13' dependency 'org.assertj:assertj-core:3.9.0' dependency 'org.attoparser:attoparser:2.0.4.RELEASE' dependency 'org.bouncycastle:bcpkix-jdk15on:1.59' dependency 'org.bouncycastle:bcprov-jdk15on:1.58' - dependency 'org.codehaus.groovy:groovy-all:2.5.0-beta-1' - dependency 'org.codehaus.groovy:groovy-json:2.5.0-beta-1' - dependency 'org.codehaus.groovy:groovy:2.5.0-beta-1' + dependency 'org.codehaus.groovy:groovy-all:2.4.14' + dependency 'org.codehaus.groovy:groovy-json:2.4.14' + dependency 'org.codehaus.groovy:groovy:2.4.14' dependency 'org.eclipse.jdt:ecj:3.12.3' dependency 'org.eclipse.jetty.websocket:websocket-api:9.4.7.v20170914' dependency 'org.eclipse.jetty.websocket:websocket-client:9.4.7.v20170914' diff --git a/samples/javaconfig/hellomvc/spring-security-samples-javaconfig-hellomvc.gradle b/samples/javaconfig/hellomvc/spring-security-samples-javaconfig-hellomvc.gradle index f403ecb4f4..3074d45935 100644 --- a/samples/javaconfig/hellomvc/spring-security-samples-javaconfig-hellomvc.gradle +++ b/samples/javaconfig/hellomvc/spring-security-samples-javaconfig-hellomvc.gradle @@ -7,6 +7,7 @@ dependencies { compile project(':spring-security-web') compile 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api' compile 'javax.validation:validation-api' + compile 'javax.xml.bind:jaxb-api' compile 'org.hibernate:hibernate-validator' compile 'org.springframework:spring-jdbc' compile 'org.springframework:spring-webmvc' diff --git a/samples/javaconfig/inmemory/spring-security-samples-javaconfig-inmemory.gradle b/samples/javaconfig/inmemory/spring-security-samples-javaconfig-inmemory.gradle index f403ecb4f4..3074d45935 100644 --- a/samples/javaconfig/inmemory/spring-security-samples-javaconfig-inmemory.gradle +++ b/samples/javaconfig/inmemory/spring-security-samples-javaconfig-inmemory.gradle @@ -7,6 +7,7 @@ dependencies { compile project(':spring-security-web') compile 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api' compile 'javax.validation:validation-api' + compile 'javax.xml.bind:jaxb-api' compile 'org.hibernate:hibernate-validator' compile 'org.springframework:spring-jdbc' compile 'org.springframework:spring-webmvc' diff --git a/samples/javaconfig/ldap/spring-security-samples-javaconfig-ldap.gradle b/samples/javaconfig/ldap/spring-security-samples-javaconfig-ldap.gradle index 0b229a330f..dd59505f20 100644 --- a/samples/javaconfig/ldap/spring-security-samples-javaconfig-ldap.gradle +++ b/samples/javaconfig/ldap/spring-security-samples-javaconfig-ldap.gradle @@ -24,6 +24,7 @@ dependencies { compile project(':spring-security-web') compile 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api' compile 'javax.validation:validation-api' + compile 'javax.xml.bind:jaxb-api' compile 'org.hibernate:hibernate-validator' compile 'org.springframework:spring-webmvc' compile apachedsDependencies diff --git a/samples/javaconfig/openid/spring-security-samples-javaconfig-openid.gradle b/samples/javaconfig/openid/spring-security-samples-javaconfig-openid.gradle index 899b99c229..a62026e8db 100644 --- a/samples/javaconfig/openid/spring-security-samples-javaconfig-openid.gradle +++ b/samples/javaconfig/openid/spring-security-samples-javaconfig-openid.gradle @@ -8,6 +8,7 @@ dependencies { compile project(':spring-security-web') compile 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api' compile 'javax.validation:validation-api' + compile 'javax.xml.bind:jaxb-api' compile 'org.hibernate:hibernate-validator' compile 'org.springframework:spring-jdbc' compile 'org.springframework:spring-webmvc' diff --git a/samples/xml/insecure/spring-security-samples-xml-insecure.gradle b/samples/xml/insecure/spring-security-samples-xml-insecure.gradle index 6e9e855f1a..70e85697c0 100644 --- a/samples/xml/insecure/spring-security-samples-xml-insecure.gradle +++ b/samples/xml/insecure/spring-security-samples-xml-insecure.gradle @@ -19,6 +19,7 @@ apply plugin: 'io.spring.convention.spring-sample-war' dependencies { compile jstlDependencies compile slf4jDependencies + compile 'javax.xml.bind:jaxb-api' providedCompile 'javax.servlet:javax.servlet-api' providedCompile 'javax.servlet.jsp:javax.servlet.jsp-api' diff --git a/samples/xml/insecuremvc/spring-security-samples-xml-insecuremvc.gradle b/samples/xml/insecuremvc/spring-security-samples-xml-insecuremvc.gradle index d311bb56ce..5a5a2de952 100644 --- a/samples/xml/insecuremvc/spring-security-samples-xml-insecuremvc.gradle +++ b/samples/xml/insecuremvc/spring-security-samples-xml-insecuremvc.gradle @@ -5,6 +5,7 @@ dependencies { compile slf4jDependencies compile 'javax.servlet.jsp.jstl:javax.servlet.jsp.jstl-api' compile 'javax.validation:validation-api' + compile 'javax.xml.bind:jaxb-api' compile 'org.hibernate:hibernate-validator' compile 'org.springframework:spring-jdbc' compile 'org.springframework:spring-webmvc' diff --git a/test/spring-security-test.gradle b/test/spring-security-test.gradle index e604fb08f9..35174aa77c 100644 --- a/test/spring-security-test.gradle +++ b/test/spring-security-test.gradle @@ -14,6 +14,7 @@ dependencies { testCompile 'com.fasterxml.jackson.core:jackson-databind' testCompile 'io.projectreactor:reactor-test' + testCompile 'javax.xml.bind:jaxb-api' testCompile 'org.skyscreamer:jsonassert' testCompile 'org.springframework:spring-webmvc' testCompile 'org.springframework:spring-tx' diff --git a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java index 051b57dbad..a879228611 100644 --- a/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java +++ b/test/src/test/java/org/springframework/security/test/context/support/WithSecurityContextTestExcecutionListenerTests.java @@ -101,7 +101,7 @@ public class WithSecurityContextTestExcecutionListenerTests { SqlScriptsTestExecutionListener sql = new SqlScriptsTestExecutionListener(); WithSecurityContextTestExecutionListener security = new WithSecurityContextTestExecutionListener(); - List listeners = Arrays.asList(security, sql); + List listeners = Arrays.asList(security, sql); AnnotationAwareOrderComparator.sort(listeners); diff --git a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java index 5c83bb75db..b4b9bd8e09 100644 --- a/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java +++ b/test/src/test/java/org/springframework/security/test/web/servlet/request/SecurityMockMvcRequestPostProcessorsUserTests.java @@ -24,6 +24,7 @@ import static org.powermock.api.mockito.PowerMockito.when; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user; import java.util.Arrays; +import java.util.List; import javax.servlet.http.HttpServletResponse; @@ -114,8 +115,8 @@ public class SecurityMockMvcRequestPostProcessorsUserTests { verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class)); SecurityContext context = contextCaptor.getValue(); - assertThat(context.getAuthentication().getAuthorities()).containsOnly(authority1, - authority2); + assertThat((List) context.getAuthentication().getAuthorities()) + .containsOnly(authority1, authority2); } @Test(expected = IllegalArgumentException.class) @@ -133,12 +134,12 @@ public class SecurityMockMvcRequestPostProcessorsUserTests { verify(repository).saveContext(contextCaptor.capture(), eq(request), any(HttpServletResponse.class)); SecurityContext context = contextCaptor.getValue(); - assertThat(context.getAuthentication().getAuthorities()).containsOnly(authority1, - authority2); + assertThat((List) context.getAuthentication().getAuthorities()) + .containsOnly(authority1, authority2); } private void mockWebTestUtils() { spy(WebTestUtils.class); when(WebTestUtils.getSecurityContextRepository(request)).thenReturn(repository); } -} \ No newline at end of file +} diff --git a/web/spring-security-web.gradle b/web/spring-security-web.gradle index bcb3f4a6b3..460a8f1461 100644 --- a/web/spring-security-web.gradle +++ b/web/spring-security-web.gradle @@ -21,12 +21,12 @@ dependencies { testCompile project(path: ':spring-security-core', configuration: 'tests') testCompile 'commons-codec:commons-codec' testCompile 'io.projectreactor:reactor-test' + testCompile 'javax.xml.bind:jaxb-api' testCompile 'org.codehaus.groovy:groovy-all' testCompile 'org.skyscreamer:jsonassert' testCompile 'org.springframework:spring-webflux' testCompile powerMock2Dependencies testCompile spockDependencies - testCompile slf4jDependencies testRuntime 'org.hsqldb:hsqldb' } diff --git a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java index 93d312c6e0..4919954e6a 100755 --- a/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java +++ b/web/src/main/java/org/springframework/security/web/authentication/preauth/websphere/DefaultWASUsernameAndGroupsExtractor.java @@ -25,7 +25,6 @@ import java.util.List; import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.NamingException; -import javax.rmi.PortableRemoteObject; import javax.security.auth.Subject; import org.apache.commons.logging.Log; @@ -44,6 +43,8 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups private static final Log logger = LogFactory .getLog(DefaultWASUsernameAndGroupsExtractor.class); + private static final String PORTABLE_REMOTE_OBJECT_CLASSNAME = "javax.rmi.PortableRemoteObject"; + private static final String USER_REGISTRY = "UserRegistry"; private static Method getRunAsSubject = null; @@ -52,6 +53,8 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups private static Method getSecurityName = null; + private static Method narrow = null; + // SEC-803 private static Class wsCredentialClass = null; @@ -80,7 +83,7 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups .iterator().next(); if (credential != null) { userSecurityName = (String) invokeMethod(getSecurityNameMethod(), - credential, null); + credential); } } if (logger.isDebugEnabled()) { @@ -125,8 +128,7 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups // TODO: Cache UserRegistry object ic = new InitialContext(); Object objRef = ic.lookup(USER_REGISTRY); - Object userReg = PortableRemoteObject.narrow(objRef, - Class.forName("com.ibm.websphere.security.UserRegistry")); + Object userReg = invokeMethod(getNarrowMethod(), null , objRef, Class.forName("com.ibm.websphere.security.UserRegistry")); if (logger.isDebugEnabled()) { logger.debug("Determining WebSphere groups for user " + securityName + " using WebSphere UserRegistry " + userReg); @@ -156,7 +158,7 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups } } - private static Object invokeMethod(Method method, Object instance, Object[] args) { + private static Object invokeMethod(Method method, Object instance, Object... args) { try { return method.invoke(instance, args); } @@ -230,6 +232,13 @@ final class DefaultWASUsernameAndGroupsExtractor implements WASUsernameAndGroups return getSecurityName; } + private static Method getNarrowMethod() { + if (narrow == null) { + narrow = getMethod(PORTABLE_REMOTE_OBJECT_CLASSNAME, "narrow", new String[] { Object.class.getName() , Class.class.getName()}); + } + return narrow; + } + // SEC-803 private static Class getWSCredentialClass() { if (wsCredentialClass == null) { diff --git a/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java b/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java index 7714b286a1..ad7cf00791 100644 --- a/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java +++ b/web/src/main/java/org/springframework/security/web/bind/annotation/AuthenticationPrincipal.java @@ -37,6 +37,7 @@ import org.springframework.security.core.Authentication; @Target({ ElementType.PARAMETER, ElementType.ANNOTATION_TYPE }) @Retention(RetentionPolicy.RUNTIME) @Documented +@Deprecated public @interface AuthenticationPrincipal { /** diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java index 64d6c98e0f..fdf1b74adb 100644 --- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java +++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java @@ -162,6 +162,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean { * @return the URL for expiration * @deprecated Use {@link #ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)} instead. */ + @Deprecated protected String determineExpiredUrl(HttpServletRequest request, SessionInformation info) { return expiredUrl; @@ -182,6 +183,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean { * @param redirectStrategy the {@link RedirectStrategy} to use * @deprecated use {@link #ConcurrentSessionFilter(SessionRegistry, SessionInformationExpiredStrategy)} instead. */ + @Deprecated public void setRedirectStrategy(RedirectStrategy redirectStrategy) { this.redirectStrategy = redirectStrategy; }