Add Missing Deprecation Markers

config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java

@@ -33,12 +33,16 @@ public enum PayloadInterceptorOrder implements Ordered {
 	/**
 	 * Where basic authentication is placed.
 	 * @see RSocketSecurity#basicAuthentication(Customizer)
+	 * @deprecated please see {@link PayloadInterceptorOrder#AUTHENTICATION}
 	 */
+	@Deprecated
 	BASIC_AUTHENTICATION,
 	/**
 	 * Where JWT based authentication is performed.
 	 * @see RSocketSecurity#jwt(Customizer)
+	 * @deprecated please see {@link PayloadInterceptorOrder#AUTHENTICATION}
 	 */
+	@Deprecated
 	JWT_AUTHENTICATION,
 	/**
 	 * A generic placeholder for other types of authentication.

config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java

@@ -24,6 +24,7 @@ import org.springframework.security.access.AccessDecisionVoter;
 import org.springframework.security.access.vote.AffirmativeBased;
 import org.springframework.security.access.vote.AuthenticatedVoter;
 import org.springframework.security.access.vote.RoleVoter;
+import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.config.BeanIds;
 
 /**
@@ -32,7 +33,9 @@ import org.springframework.security.config.BeanIds;
  * @author Luke Taylor
  * @author Ben Alex
  * @author Rob Winch
+ * @deprecated Please use {@link AuthorizationManager} instead
  */
+@Deprecated
 abstract class MethodConfigUtils {
 
 	@SuppressWarnings("unchecked")

core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java

@@ -43,7 +43,9 @@ public final class RoleHierarchyUtils {
 	 * @return a string representation of a role hierarchy
 	 * @throws IllegalArgumentException if roleHierarchyMap is null or empty or if a role
 	 * name is null or empty or if an implied role name(s) is null or empty
+	 * @deprecated please see {@link RoleHierarchyImpl#setHierarchy} deprecation notice
 	 */
+	@Deprecated
 	public static String roleHierarchyFromMap(Map<String, List<String>> roleHierarchyMap) {
 		Assert.notEmpty(roleHierarchyMap, "roleHierarchyMap cannot be empty");
 		StringWriter result = new StringWriter();

core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java

@@ -28,7 +28,9 @@ import org.springframework.security.core.Authentication;
  * functionality.
  *
  * @author Ben Alex
+ * @deprecated please see {@link RunAsManager} deprecation notice
  */
+@Deprecated
 final class NullRunAsManager implements RunAsManager {
 
 	@Override

core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManager.java

@@ -59,7 +59,10 @@ public final class PostAuthorizeReactiveAuthorizationManager
 	 * not be resolved.
 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
 	 * @since 6.3
+	 * @deprecated please use
+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
 	 */
+	@Deprecated
 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
 		this.registry.setTemplateDefaults(defaults);
 	}

core/src/main/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptor.java

@@ -74,7 +74,10 @@ public final class PostFilterAuthorizationReactiveMethodInterceptor implements A
 	 * not be resolved.
 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
 	 * @since 6.3
+	 * @deprecated please use
+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
 	 */
+	@Deprecated
 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
 		this.registry.setTemplateDefaults(defaults);
 	}

core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManager.java

@@ -59,7 +59,10 @@ public final class PreAuthorizeReactiveAuthorizationManager
 	 * not be resolved.
 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
 	 * @since 6.3
+	 * @deprecated please use
+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
 	 */
+	@Deprecated
 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
 		this.registry.setTemplateDefaults(defaults);
 	}

core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java

@@ -77,7 +77,10 @@ public final class PreFilterAuthorizationReactiveMethodInterceptor implements Au
 	 * not be resolved.
 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
 	 * @since 6.3
+	 * @deprecated please use
+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
 	 */
+	@Deprecated
 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
 		this.registry.setTemplateDefaults(defaults);
 	}

rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java

@@ -36,7 +36,9 @@ import org.springframework.util.MimeTypeUtils;
  *
  * @author Rob Winch
  * @since 5.2
+ * @deprecated please use {@link AuthenticationPayloadExchangeConverter} instead
  */
+@Deprecated
 public class BasicAuthenticationPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {
 
 	private MimeType metadataMimetype = MimeTypeUtils

rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java

@@ -34,7 +34,9 @@ import org.springframework.security.rsocket.metadata.BearerTokenMetadata;
  *
  * @author Rob Winch
  * @since 5.2
+ * @deprecated please use {@link AuthenticationPayloadExchangeConverter} instead
  */
+@Deprecated
 public class BearerPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {
 
 	private static final String BEARER_MIME_TYPE_VALUE = BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE.toString();

web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java

@@ -34,7 +34,11 @@ import org.springframework.util.Assert;
 
 /**
  * @author Luke Taylor
+ * @deprecated please use
+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
+ * associated {@link PortMapper}
  */
+@Deprecated
 public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 
 	protected final Log logger = LogFactory.getLog(getClass());

web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java

@@ -22,6 +22,8 @@ import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
+import org.springframework.security.web.PortMapper;
+
 /**
  * May be used by a {@link ChannelProcessor} to launch a web channel.
  *
@@ -31,7 +33,11 @@ import jakarta.servlet.http.HttpServletResponse;
  * interface to assist <code>ChannelProcessor</code>s in performing this delegation.
  *
  * @author Ben Alex
+ * @deprecated please use
+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
+ * associated {@link PortMapper}
  */
+@Deprecated
 public interface ChannelEntryPoint {
 
 	/**

web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java

@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.access.channel;
 
+import org.springframework.security.web.PortMapper;
+
 /**
  * Commences an insecure channel by retrying the original request using HTTP.
  * <p>
@@ -24,7 +26,11 @@ package org.springframework.security.web.access.channel;
  * issue.
  *
  * @author Ben Alex
+ * @deprecated please use
+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
+ * associated {@link PortMapper}
  */
+@Deprecated(since = "6.5")
 public class RetryWithHttpEntryPoint extends AbstractRetryEntryPoint {
 
 	public RetryWithHttpEntryPoint() {

web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java

@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.access.channel;
 
+import org.springframework.security.web.PortMapper;
+
 /**
  * Commences a secure channel by retrying the original request using HTTPS.
  * <p>
@@ -25,7 +27,11 @@ package org.springframework.security.web.access.channel;
  * </p>
  *
  * @author Ben Alex
+ * @deprecated please use
+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
+ * associated {@link PortMapper}
  */
+@Deprecated(since = "6.5")
 public class RetryWithHttpsEntryPoint extends AbstractRetryEntryPoint {
 
 	public RetryWithHttpsEntryPoint() {

web/src/main/java/org/springframework/security/web/context/DelegatingSecurityContextRepository.java

@@ -44,7 +44,12 @@ public final class DelegatingSecurityContextRepository implements SecurityContex
 		this.delegates = delegates;
 	}
 
+	/**
+	 * @deprecated
+	 * @see SecurityContextRepository#loadContext
+	 */
 	@Override
+	@Deprecated
 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 		SecurityContext result = null;
 		for (SecurityContextRepository delegate : this.delegates) {

web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java

@@ -115,7 +115,9 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	 * If the session is null, the context object is null or the context object stored in
 	 * the session is not an instance of {@code SecurityContext}, a new context object
 	 * will be generated and returned.
+	 * @deprecated please see {@link SecurityContextRepository#loadContext}
 	 */
+	@Deprecated
 	@Override
 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 		HttpServletRequest request = requestResponseHolder.getRequest();

web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java

@@ -38,7 +38,11 @@ public final class NullSecurityContextRepository implements SecurityContextRepos
 		return false;
 	}
 
+	/**
+	 * @deprecated please see {@link SecurityContextRepository#loadContext}
+	 */
 	@Override
+	@Deprecated
 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 		return this.securityContextHolderStrategy.createEmptyContext();
 	}

web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java

@@ -75,7 +75,11 @@ public final class RequestAttributeSecurityContextRepository implements Security
 		return getContext(request) != null;
 	}
 
+	/**
+	 * @deprecated please see {@link SecurityContextRepository#loadContext}
+	 */
 	@Override
+	@Deprecated
 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 		return loadDeferredContext(requestResponseHolder.getRequest()).get();
 	}