Document NoOpPasswordEncoder will not be removed

This commit adds extension to deprecation notice. Fixes gh-8506
2020-05-09 22:12:42 +02:00 · 2020-05-09 22:12:42 +02:00 · db4ca1f756
parent bb05603b3c
commit db4ca1f756
1 changed files with 2 additions and 1 deletions
--- a/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
+++ b/crypto/src/main/java/org/springframework/security/crypto/password/NoOpPasswordEncoder.java
@ -26,7 +26,8 @@ package org.springframework.security.crypto.password;
 * @deprecated This PasswordEncoder is not secure. Instead use an
 * adaptive one way function like BCryptPasswordEncoder, Pbkdf2PasswordEncoder, or
 * SCryptPasswordEncoder. Even better use {@link DelegatingPasswordEncoder} which supports
- * password upgrades.
+ * password upgrades. There are no plans to remove this support. It is deprecated to indicate that
+ * this is a legacy implementation and using it is considered insecure.
 */
@Deprecated
 public final class NoOpPasswordEncoder implements PasswordEncoder {