From 82a149207da6ffd66aa6790f3cb526e92e6324ff Mon Sep 17 00:00:00 2001 From: Marcus Da Coregio Date: Wed, 12 Apr 2023 10:55:59 -0300 Subject: [PATCH] Deprecate .and() and non lambda DSL methods Closes gh-12629 --- .../annotation/SecurityConfigurerAdapter.java | 4 +- .../annotation/web/builders/HttpSecurity.java | 77 ++++++++- .../AuthorizeHttpRequestsConfigurer.java | 2 + .../ChannelSecurityConfigurer.java | 6 +- .../web/configurers/CsrfConfigurer.java | 2 +- .../web/configurers/HeadersConfigurer.java | 64 +++++++- .../SessionManagementConfigurer.java | 5 +- .../oauth2/client/OAuth2ClientConfigurer.java | 8 +- .../oauth2/client/OAuth2LoginConfigurer.java | 23 ++- .../OAuth2ResourceServerConfigurer.java | 14 +- .../saml2/Saml2LogoutConfigurer.java | 14 +- .../config/web/server/ServerHttpSecurity.java | 147 +++++++++++++++++- 12 files changed, 352 insertions(+), 14 deletions(-) diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java index fd25c16d12..7703c974bd 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java +++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2013 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -53,7 +53,9 @@ public abstract class SecurityConfigurerAdapter> * Return the {@link SecurityBuilder} when done using the {@link SecurityConfigurer}. * This is useful for method chaining. * @return the {@link SecurityBuilder} for further customizations + * @deprecated For removal in 7.0. Use the lambda based configuration instead. */ + @Deprecated(since = "6.1", forRemoval = true) public B and() { return getBuilder(); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 338e1ef6bf..13bd565c09 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -285,8 +285,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link HeadersConfigurer} for further customizations * @throws Exception + * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead * @see HeadersConfigurer */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer headers() throws Exception { return getOrApply(new HeadersConfigurer<>()); } @@ -399,7 +401,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder cors() throws Exception { return getOrApply(new CorsConfigurer<>()); } @@ -486,7 +490,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder sessionManagement() throws Exception { return getOrApply(new SessionManagementConfigurer<>()); } @@ -608,8 +614,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link PortMapperConfigurer} for further customizations * @throws Exception + * @deprecated For removal in 7.0. Use {@link #portMapper(Customizer)} instead * @see #requiresChannel() */ + @Deprecated(since = "6.1", forRemoval = true) public PortMapperConfigurer portMapper() throws Exception { return getOrApply(new PortMapperConfigurer<>()); } @@ -739,7 +747,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder jee() throws Exception { return getOrApply(new JeeConfigurer<>()); } @@ -850,7 +860,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link X509Configurer} for further customizations * @throws Exception + * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public X509Configurer x509() throws Exception { return getOrApply(new X509Configurer<>()); } @@ -928,7 +940,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link RememberMeConfigurer} for further customizations * @throws Exception + * @deprecated For removal in 7.0. Use {@link #rememberMe(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public RememberMeConfigurer rememberMe() throws Exception { return getOrApply(new RememberMeConfigurer<>()); } @@ -1072,7 +1086,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations * @throws Exception - * @deprecated Use {@link #authorizeHttpRequests()} instead + * @deprecated For removal in 7.0. Use {@link #authorizeHttpRequests()} instead */ @Deprecated public ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests() @@ -1187,7 +1201,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder.AuthorizationManagerRequestMatcherRegistry authorizeHttpRequests() throws Exception { ApplicationContext context = getContext(); @@ -1434,7 +1451,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder requestCache() throws Exception { return getOrApply(new RequestCacheConfigurer<>()); } @@ -1485,7 +1504,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder exceptionHandling() throws Exception { return getOrApply(new ExceptionHandlingConfigurer<>()); } @@ -1537,7 +1558,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder securityContext() throws Exception { return getOrApply(new SecurityContextConfigurer<>()); } @@ -1582,7 +1605,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder servletApi() throws Exception { return getOrApply(new ServletApiConfigurer<>()); } @@ -1638,7 +1663,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link CsrfConfigurer} for further customizations * @throws Exception + * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public CsrfConfigurer csrf() throws Exception { ApplicationContext context = getContext(); return getOrApply(new CsrfConfigurer<>(context)); @@ -1713,7 +1740,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link LogoutConfigurer} for further customizations * @throws Exception + * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public LogoutConfigurer logout() throws Exception { return getOrApply(new LogoutConfigurer<>()); } @@ -1852,7 +1881,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link AnonymousConfigurer} for further customizations * @throws Exception + * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public AnonymousConfigurer anonymous() throws Exception { return getOrApply(new AnonymousConfigurer<>()); } @@ -2015,8 +2046,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link FormLoginConfigurer} for further customizations * @throws Exception + * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead * @see FormLoginConfigurer#loginPage(String) */ + @Deprecated(since = "6.1", forRemoval = true) public FormLoginConfigurer formLogin() throws Exception { return getOrApply(new FormLoginConfigurer<>()); } @@ -2191,7 +2224,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder saml2Login() throws Exception { return getOrApply(new Saml2LoginConfigurer<>()); } @@ -2421,7 +2456,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder saml2Logout() throws Exception { return getOrApply(new Saml2LogoutConfigurer<>(getContext())); } @@ -2517,7 +2554,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder saml2Metadata() throws Exception { return getOrApply(new Saml2MetadataConfigurer<>(getContext())); } @@ -2608,6 +2647,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderSection 4.1 Authorization Code * Grant @@ -2617,6 +2657,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder oauth2Login() throws Exception { return getOrApply(new OAuth2LoginConfigurer<>()); } @@ -2729,10 +2770,12 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderOAuth 2.0 Authorization * Framework */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2ClientConfigurer oauth2Client() throws Exception { OAuth2ClientConfigurer configurer = getOrApply(new OAuth2ClientConfigurer<>()); this.postProcess(configurer); @@ -2783,10 +2826,13 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilderOAuth 2.0 Authorization * Framework */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2ResourceServerConfigurer oauth2ResourceServer() throws Exception { OAuth2ResourceServerConfigurer configurer = getOrApply( new OAuth2ResourceServerConfigurer<>(getContext())); @@ -2884,7 +2930,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link ChannelSecurityConfigurer} for further customizations * @throws Exception + * @deprecated For removal in 7.0. Use {@link #requiresChannel(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ChannelSecurityConfigurer.ChannelRequestMatcherRegistry requiresChannel() throws Exception { ApplicationContext context = getContext(); return getOrApply(new ChannelSecurityConfigurer<>(context)).getRegistry(); @@ -2979,7 +3027,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link HttpBasicConfigurer} for further customizations * @throws Exception + * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HttpBasicConfigurer httpBasic() throws Exception { return getOrApply(new HttpBasicConfigurer<>()); } @@ -3308,7 +3358,9 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder * @return the {@link RequestMatcherConfigurer} for further customizations + * @deprecated For removal in 7.0. Use {@link #securityMatchers(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public RequestMatcherConfigurer securityMatchers() { return this.requestMatcherConfigurer; } @@ -3566,7 +3618,28 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder + * @Configuration + * @EnableWebSecurity + * public class SecurityConfig { + * + * @Bean + * public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + * http + * .securityMatchers((matchers) -> matchers + * .requestMatchers("/api/**") + * ) + * .authorizeHttpRequests((authorize) -> authorize + * .anyRequest().hasRole("USER") + * ) + * .httpBasic(Customizer.withDefaults()); + * return http.build(); + * } + * + * } + * */ + @Deprecated(since = "6.1", forRemoval = true) public HttpSecurity and() { return HttpSecurity.this; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java index b1f03c4ac0..d311e4e859 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java @@ -222,7 +222,9 @@ public final class AuthorizeHttpRequestsConfigurer> * Return the {@link SecurityBuilder} when done using the * {@link SecurityConfigurer}. This is useful for method chaining. * @return the type of {@link HttpSecurityBuilder} that is being configured + * @deprecated For removal in 7.0. Use + * {@link HttpSecurity#requiresChannel(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public H and() { return ChannelSecurityConfigurer.this.and(); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java index 54009892e2..7288fd486a 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java index abcdf331d3..98fa467f8b 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -135,7 +135,9 @@ public class HeadersConfigurer> * X-Content-Type-Options: nosniff * * @return the {@link ContentTypeOptionsConfig} for additional customizations + * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ContentTypeOptionsConfig contentTypeOptions() { return this.contentTypeOptions.enable(); } @@ -166,7 +168,9 @@ public class HeadersConfigurer> * >X-XSS-Protection header *

* @return the {@link XXssConfig} for additional customizations + * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public XXssConfig xssProtection() { return this.xssProtection.enable(); } @@ -197,7 +201,9 @@ public class HeadersConfigurer> *
  • Expires: 0
    • * * @return the {@link CacheControlConfig} for additional customizations + * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public CacheControlConfig cacheControl() { return this.cacheControl.enable(); } @@ -224,7 +230,10 @@ public class HeadersConfigurer> * HTTP Strict Transport Security * (HSTS). * @return the {@link HstsConfig} for additional customizations + * @deprecated For removal in 7.0. Use + * {@link #httpStrictTransportSecurity(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HstsConfig httpStrictTransportSecurity() { return this.hsts.enable(); } @@ -245,7 +254,9 @@ public class HeadersConfigurer> /** * Allows customizing the {@link XFrameOptionsHeaderWriter}. * @return the {@link FrameOptionsConfig} for additional customizations + * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public FrameOptionsConfig frameOptions() { return this.frameOptions.enable(); } @@ -315,8 +326,11 @@ public class HeadersConfigurer> * @return the {@link ContentSecurityPolicyConfig} for additional configuration * @throws IllegalArgumentException if policyDirectives is null or empty * @since 4.1 + * @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)} + * instead * @see ContentSecurityPolicyHeaderWriter */ + @Deprecated(since = "6.1", forRemoval = true) public ContentSecurityPolicyConfig contentSecurityPolicy(String policyDirectives) { this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives); return this.contentSecurityPolicy; @@ -446,8 +460,10 @@ public class HeadersConfigurer> * * @return the {@link ReferrerPolicyConfig} for additional configuration * @since 4.2 + * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead * @see ReferrerPolicyHeaderWriter */ + @Deprecated(since = "6.1", forRemoval = true) public ReferrerPolicyConfig referrerPolicy() { this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter(); return this.referrerPolicy; @@ -469,8 +485,10 @@ public class HeadersConfigurer> * @return the {@link ReferrerPolicyConfig} for additional configuration * @throws IllegalArgumentException if policy is null or empty * @since 4.2 + * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead * @see ReferrerPolicyHeaderWriter */ + @Deprecated(since = "6.1", forRemoval = true) public ReferrerPolicyConfig referrerPolicy(ReferrerPolicy policy) { this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter(policy); return this.referrerPolicy; @@ -512,7 +530,7 @@ public class HeadersConfigurer> * @return the {@link FeaturePolicyConfig} for additional configuration * @throws IllegalArgumentException if policyDirectives is {@code null} or empty * @since 5.1 - * @deprecated Use {@link #permissionsPolicy(Customizer)} instead. + * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} instead. * @seeObjectPostProcessorConfiguration FeaturePolicyHeaderWriter */ @Deprecated @@ -537,8 +555,10 @@ public class HeadersConfigurer> * * @return the {@link PermissionsPolicyConfig} for additional configuration * @since 5.5 + * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} instead * @see PermissionsPolicyHeaderWriter */ + @Deprecated(since = "6.1", forRemoval = true) public PermissionsPolicyConfig permissionsPolicy() { this.permissionsPolicy.writer = new PermissionsPolicyHeaderWriter(); return this.permissionsPolicy; @@ -575,8 +595,11 @@ public class HeadersConfigurer> *

    * @return the {@link CrossOriginOpenerPolicyConfig} for additional confniguration * @since 5.7 + * @deprecated For removal in 7.0. Use {@link #crossOriginOpenerPolicy(Customizer)} + * instead * @see CrossOriginOpenerPolicyHeaderWriter */ + @Deprecated(since = "6.1", forRemoval = true) public CrossOriginOpenerPolicyConfig crossOriginOpenerPolicy() { this.crossOriginOpenerPolicy.writer = new CrossOriginOpenerPolicyHeaderWriter(); return this.crossOriginOpenerPolicy; @@ -616,8 +639,11 @@ public class HeadersConfigurer> *

    * @return the {@link CrossOriginEmbedderPolicyConfig} for additional customizations * @since 5.7 + * @deprecated For removal in 7.0. Use {@link #crossOriginEmbedderPolicy(Customizer)} + * instead * @see CrossOriginEmbedderPolicyHeaderWriter */ + @Deprecated(since = "6.1", forRemoval = true) public CrossOriginEmbedderPolicyConfig crossOriginEmbedderPolicy() { this.crossOriginEmbedderPolicy.writer = new CrossOriginEmbedderPolicyHeaderWriter(); return this.crossOriginEmbedderPolicy; @@ -657,8 +683,11 @@ public class HeadersConfigurer> *

    * @return the {@link HeadersConfigurer} for additional customizations * @since 5.7 + * @deprecated For removal in 7.0. Use {@link #crossOriginResourcePolicy(Customizer)} + * instead * @see CrossOriginResourcePolicyHeaderWriter */ + @Deprecated(since = "6.1", forRemoval = true) public CrossOriginResourcePolicyConfig crossOriginResourcePolicy() { this.crossOriginResourcePolicy.writer = new CrossOriginResourcePolicyHeaderWriter(); return this.crossOriginResourcePolicy; @@ -708,7 +737,10 @@ public class HeadersConfigurer> /** * Allows customizing the {@link HeadersConfigurer} * @return the {@link HeadersConfigurer} for additional customization + * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } @@ -781,7 +813,9 @@ public class HeadersConfigurer> * Allows completing configuration of X-XSS-Protection and continuing * configuration of headers. * @return the {@link HeadersConfigurer} for additional configuration + * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } @@ -820,7 +854,9 @@ public class HeadersConfigurer> * Allows completing configuration of Cache Control and continuing configuration * of headers. * @return the {@link HeadersConfigurer} for additional configuration + * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } @@ -926,7 +962,10 @@ public class HeadersConfigurer> * Allows completing configuration of Strict Transport Security and continuing * configuration of headers. * @return the {@link HeadersConfigurer} for additional configuration + * @deprecated For removal in 7.0. Use + * {@link #httpStrictTransportSecurity(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } @@ -987,7 +1026,9 @@ public class HeadersConfigurer> /** * Allows continuing customizing the headers configuration. * @return the {@link HeadersConfigurer} for additional configuration + * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } @@ -1210,7 +1251,10 @@ public class HeadersConfigurer> * Allows completing configuration of Content Security Policy and continuing * configuration of headers. * @return the {@link HeadersConfigurer} for additional configuration + * @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } @@ -1235,6 +1279,10 @@ public class HeadersConfigurer> return this; } + /** + * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead + */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } @@ -1281,7 +1329,10 @@ public class HeadersConfigurer> * Allows completing configuration of Permissions Policy and continuing * configuration of headers. * @return the {@link HeadersConfigurer} for additional configuration + * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } @@ -1311,7 +1362,10 @@ public class HeadersConfigurer> * Allows completing configuration of Cross Origin Opener Policy and continuing * configuration of headers. * @return the {@link HeadersConfigurer} for additional configuration + * @deprecated For removal in 7.0. Use + * {@link #crossOriginOpenerPolicy(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } @@ -1342,7 +1396,10 @@ public class HeadersConfigurer> * Allows completing configuration of Cross-Origin-Embedder-Policy and continuing * configuration of headers. * @return the {@link HeadersConfigurer} for additional configuration + * @deprecated For removal in 7.0. Use + * {@link #crossOriginEmbedderPolicy(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } @@ -1373,7 +1430,10 @@ public class HeadersConfigurer> * Allows completing configuration of Cross-Origin-Resource-Policy and continuing * configuration of headers. * @return the {@link HeadersConfigurer} for additional configuration + * @deprecated For removal in 7.0. Use + * {@link #crossOriginResourcePolicy(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeadersConfigurer and() { return HeadersConfigurer.this; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java index f536ef0031..aecc450690 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -769,7 +769,10 @@ public final class SessionManagementConfigurer> /** * Used to chain back to the {@link SessionManagementConfigurer} * @return the {@link SessionManagementConfigurer} for further customizations + * @deprecated For removal in 7.0. Use {@link #sessionConcurrency(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public SessionManagementConfigurer and() { return SessionManagementConfigurer.this; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java index b583b4b5b7..dfd84bcab8 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -136,7 +136,10 @@ public final class OAuth2ClientConfigurer> * Returns the {@link AuthorizationCodeGrantConfigurer} for configuring the OAuth 2.0 * Authorization Code Grant. * @return the {@link AuthorizationCodeGrantConfigurer} + * @deprecated For removal in 7.0. Use {@link #authorizationCodeGrant(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public AuthorizationCodeGrantConfigurer authorizationCodeGrant() { return this.authorizationCodeGrantConfigurer; } @@ -233,7 +236,10 @@ public final class OAuth2ClientConfigurer> /** * Returns the {@link OAuth2ClientConfigurer} for further configuration. * @return the {@link OAuth2ClientConfigurer} + * @deprecated For removal in 7.0. Use {@link #authorizationCodeGrant(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2ClientConfigurer and() { return OAuth2ClientConfigurer.this; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java index e1bb0b6740..4d02a170ac 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -206,7 +206,10 @@ public final class OAuth2LoginConfigurer> * Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization * Server's Authorization Endpoint. * @return the {@link AuthorizationEndpointConfig} + * @deprecated For removal in 7.0. Use {@link #authorizationEndpoint(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public AuthorizationEndpointConfig authorizationEndpoint() { return this.authorizationEndpointConfig; } @@ -227,7 +230,9 @@ public final class OAuth2LoginConfigurer> * Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's * Token Endpoint. * @return the {@link TokenEndpointConfig} + * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public TokenEndpointConfig tokenEndpoint() { return this.tokenEndpointConfig; } @@ -248,7 +253,10 @@ public final class OAuth2LoginConfigurer> * Returns the {@link RedirectionEndpointConfig} for configuring the Client's * Redirection Endpoint. * @return the {@link RedirectionEndpointConfig} + * @deprecated For removal in 7.0. Use {@link #redirectionEndpoint(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public RedirectionEndpointConfig redirectionEndpoint() { return this.redirectionEndpointConfig; } @@ -269,7 +277,9 @@ public final class OAuth2LoginConfigurer> * Returns the {@link UserInfoEndpointConfig} for configuring the Authorization * Server's UserInfo Endpoint. * @return the {@link UserInfoEndpointConfig} + * @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public UserInfoEndpointConfig userInfoEndpoint() { return this.userInfoEndpointConfig; } @@ -590,7 +600,10 @@ public final class OAuth2LoginConfigurer> /** * Returns the {@link OAuth2LoginConfigurer} for further configuration. * @return the {@link OAuth2LoginConfigurer} + * @deprecated For removal in 7.0. Use {@link #authorizationEndpoint(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2LoginConfigurer and() { return OAuth2LoginConfigurer.this; } @@ -624,7 +637,9 @@ public final class OAuth2LoginConfigurer> /** * Returns the {@link OAuth2LoginConfigurer} for further configuration. * @return the {@link OAuth2LoginConfigurer} + * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2LoginConfigurer and() { return OAuth2LoginConfigurer.this; } @@ -656,7 +671,10 @@ public final class OAuth2LoginConfigurer> /** * Returns the {@link OAuth2LoginConfigurer} for further configuration. * @return the {@link OAuth2LoginConfigurer} + * @deprecated For removal in 7.0. Use {@link #redirectionEndpoint(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2LoginConfigurer and() { return OAuth2LoginConfigurer.this; } @@ -718,7 +736,10 @@ public final class OAuth2LoginConfigurer> /** * Returns the {@link OAuth2LoginConfigurer} for further configuration. * @return the {@link OAuth2LoginConfigurer} + * @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2LoginConfigurer and() { return OAuth2LoginConfigurer.this; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java index d1cee54096..fead2bc24c 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -198,6 +198,10 @@ public final class OAuth2ResourceServerConfigurer and() { return OAuth2ResourceServerConfigurer.this; } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java index cb020631e2..5430afc217 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java @@ -168,7 +168,9 @@ public final class Saml2LogoutConfigurer> /** * Get configurer for SAML 2.0 Logout Request components * @return the {@link LogoutRequestConfigurer} for further customizations + * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public LogoutRequestConfigurer logoutRequest() { return this.logoutRequestConfigurer; } @@ -188,13 +190,15 @@ public final class Saml2LogoutConfigurer> /** * Get configurer for SAML 2.0 Logout Response components * @return the {@link LogoutResponseConfigurer} for further customizations + * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public LogoutResponseConfigurer logoutResponse() { return this.logoutResponseConfigurer; } /** - * Configures SAML 2.0 Logout Request components + * Configures SAML 2.0 Logout Response components * @param logoutResponseConfigurerCustomizer the {@link Customizer} to provide more * options for the {@link LogoutResponseConfigurer} * @return the {@link Saml2LogoutConfigurer} for further customizations @@ -371,6 +375,10 @@ public final class Saml2LogoutConfigurer> return this; } + /** + * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} instead + */ + @Deprecated(since = "6.1", forRemoval = true) public Saml2LogoutConfigurer and() { return Saml2LogoutConfigurer.this; } @@ -439,6 +447,10 @@ public final class Saml2LogoutConfigurer> return this; } + /** + * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} instead + */ + @Deprecated(since = "6.1", forRemoval = true) public Saml2LogoutConfigurer and() { return Saml2LogoutConfigurer.this; } diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java index 11e7a716a6..92e456ec94 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2023 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -421,7 +421,9 @@ public class ServerHttpSecurity { * } * * @return the {@link HttpsRedirectSpec} to customize + * @deprecated For removal in 7.0. Use {@link #redirectToHttps(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HttpsRedirectSpec redirectToHttps() { this.httpsRedirectSpec = new HttpsRedirectSpec(); return this.httpsRedirectSpec; @@ -502,7 +504,9 @@ public class ServerHttpSecurity { * } * * @return the {@link CsrfSpec} to customize + * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public CsrfSpec csrf() { if (this.csrf == null) { this.csrf = new CsrfSpec(); @@ -566,7 +570,9 @@ public class ServerHttpSecurity { * used instead. If neither has been configured, the Cors configuration will do * nothing. * @return the {@link CorsSpec} to customize + * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public CorsSpec cors() { if (this.cors == null) { this.cors = new CorsSpec(); @@ -608,7 +614,9 @@ public class ServerHttpSecurity { * * @return the {@link AnonymousSpec} to customize * @since 5.2.0 + * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public AnonymousSpec anonymous() { if (this.anonymous == null) { this.anonymous = new AnonymousSpec(); @@ -662,7 +670,9 @@ public class ServerHttpSecurity { * } * * @return the {@link HttpBasicSpec} to customize + * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HttpBasicSpec httpBasic() { if (this.httpBasic == null) { this.httpBasic = new HttpBasicSpec(); @@ -714,7 +724,9 @@ public class ServerHttpSecurity { * * @return the {@link PasswordManagementSpec} to customize * @since 5.6 + * @deprecated For removal in 7.0. Use {@link #passwordManagement(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public PasswordManagementSpec passwordManagement() { if (this.passwordManagement == null) { this.passwordManagement = new PasswordManagementSpec(); @@ -771,7 +783,9 @@ public class ServerHttpSecurity { * } * * @return the {@link FormLoginSpec} to customize + * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public FormLoginSpec formLogin() { if (this.formLogin == null) { this.formLogin = new FormLoginSpec(); @@ -832,7 +846,9 @@ public class ServerHttpSecurity { * {@link ReactivePreAuthenticatedAuthenticationManager} will be used. * @return the {@link X509Spec} to customize * @since 5.2 + * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public X509Spec x509() { if (this.x509 == null) { this.x509 = new X509Spec(); @@ -889,7 +905,9 @@ public class ServerHttpSecurity { * } * * @return the {@link OAuth2LoginSpec} to customize + * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2LoginSpec oauth2Login() { if (this.oauth2Login == null) { this.oauth2Login = new OAuth2LoginSpec(); @@ -941,7 +959,9 @@ public class ServerHttpSecurity { * } * * @return the {@link OAuth2ClientSpec} to customize + * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2ClientSpec oauth2Client() { if (this.client == null) { this.client = new OAuth2ClientSpec(); @@ -992,7 +1012,10 @@ public class ServerHttpSecurity { * } * * @return the {@link OAuth2ResourceServerSpec} to customize + * @deprecated For removal in 7.0. Use {@link #oauth2ResourceServer(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2ResourceServerSpec oauth2ResourceServer() { if (this.resourceServer == null) { this.resourceServer = new OAuth2ResourceServerSpec(); @@ -1064,7 +1087,9 @@ public class ServerHttpSecurity { * } * * @return the {@link HeaderSpec} to customize + * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec headers() { if (this.headers == null) { this.headers = new HeaderSpec(); @@ -1138,7 +1163,9 @@ public class ServerHttpSecurity { * } * * @return the {@link ExceptionHandlingSpec} to customize + * @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ExceptionHandlingSpec exceptionHandling() { if (this.exceptionHandling == null) { this.exceptionHandling = new ExceptionHandlingSpec(); @@ -1204,7 +1231,9 @@ public class ServerHttpSecurity { * } * * @return the {@link AuthorizeExchangeSpec} to customize + * @deprecated For removal in 7.0. Use {@link #authorizeExchange(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public AuthorizeExchangeSpec authorizeExchange() { if (this.authorizeExchange == null) { this.authorizeExchange = new AuthorizeExchangeSpec(); @@ -1273,7 +1302,9 @@ public class ServerHttpSecurity { * } * * @return the {@link LogoutSpec} to customize + * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public LogoutSpec logout() { if (this.logout == null) { this.logout = new LogoutSpec(); @@ -1330,7 +1361,9 @@ public class ServerHttpSecurity { * } * * @return the {@link RequestCacheSpec} to customize + * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public RequestCacheSpec requestCache() { return this.requestCache; } @@ -1603,7 +1636,10 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #authorizeExchange(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -1801,7 +1837,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated use {@link #redirectToHttps(Customizer)} */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -1879,7 +1917,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -1945,7 +1985,10 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -1987,7 +2030,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -2083,7 +2128,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -2156,7 +2203,10 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity}. * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #passwordManagement(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -2314,7 +2364,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -2438,7 +2490,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -2455,7 +2509,9 @@ public class ServerHttpSecurity { /** * Configures cache control headers * @return the {@link CacheSpec} to configure + * @deprecated For removal in 7.0. Use {@link #cache(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public CacheSpec cache() { return new CacheSpec(); } @@ -2474,7 +2530,10 @@ public class ServerHttpSecurity { /** * Configures content type response headers * @return the {@link ContentTypeOptionsSpec} to configure + * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public ContentTypeOptionsSpec contentTypeOptions() { return new ContentTypeOptionsSpec(); } @@ -2493,7 +2552,9 @@ public class ServerHttpSecurity { /** * Configures frame options response headers * @return the {@link FrameOptionsSpec} to configure + * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public FrameOptionsSpec frameOptions() { return new FrameOptionsSpec(); } @@ -2525,7 +2586,9 @@ public class ServerHttpSecurity { /** * Configures the Strict Transport Security response headers * @return the {@link HstsSpec} to configure + * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HstsSpec hsts() { return new HstsSpec(); } @@ -2550,7 +2613,9 @@ public class ServerHttpSecurity { /** * Configures x-xss-protection response header. * @return the {@link XssProtectionSpec} to configure + * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public XssProtectionSpec xssProtection() { return new XssProtectionSpec(); } @@ -2570,7 +2635,10 @@ public class ServerHttpSecurity { * Configures {@code Content-Security-Policy} response header. * @param policyDirectives the policy directive(s) * @return the {@link ContentSecurityPolicySpec} to configure + * @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)} + * instead. */ + @Deprecated(since = "6.1", forRemoval = true) public ContentSecurityPolicySpec contentSecurityPolicy(String policyDirectives) { return new ContentSecurityPolicySpec(policyDirectives); } @@ -2590,7 +2658,8 @@ public class ServerHttpSecurity { * Configures {@code Feature-Policy} response header. * @param policyDirectives the policy * @return the {@link FeaturePolicySpec} to configure - * @deprecated Use {@link #permissionsPolicy(Customizer)} instead. + * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} + * instead. */ @Deprecated public FeaturePolicySpec featurePolicy(String policyDirectives) { @@ -2600,7 +2669,10 @@ public class ServerHttpSecurity { /** * Configures {@code Permissions-Policy} response header. * @return the {@link PermissionsPolicySpec} to configure + * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} + * instead. */ + @Deprecated(since = "6.1", forRemoval = true) public PermissionsPolicySpec permissionsPolicy() { return new PermissionsPolicySpec(); } @@ -2620,7 +2692,10 @@ public class ServerHttpSecurity { * Configures {@code Referrer-Policy} response header. * @param referrerPolicy the policy to use * @return the {@link ReferrerPolicySpec} to configure + * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} + * instead. */ + @Deprecated(since = "6.1", forRemoval = true) public ReferrerPolicySpec referrerPolicy(ReferrerPolicy referrerPolicy) { return new ReferrerPolicySpec(referrerPolicy); } @@ -2628,7 +2703,10 @@ public class ServerHttpSecurity { /** * Configures {@code Referrer-Policy} response header. * @return the {@link ReferrerPolicySpec} to configure + * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} + * instead. */ + @Deprecated(since = "6.1", forRemoval = true) public ReferrerPolicySpec referrerPolicy() { return new ReferrerPolicySpec(); } @@ -2650,8 +2728,11 @@ public class ServerHttpSecurity { * Cross-Origin-Opener-Policy header. * @return the {@link CrossOriginOpenerPolicySpec} to configure * @since 5.7 + * @deprecated For removal in 7.0. Use + * {@link #crossOriginOpenerPolicy(Customizer)} instead. * @see CrossOriginOpenerPolicyServerHttpHeadersWriter */ + @Deprecated(since = "6.1", forRemoval = true) public CrossOriginOpenerPolicySpec crossOriginOpenerPolicy() { return new CrossOriginOpenerPolicySpec(); } @@ -2676,8 +2757,11 @@ public class ServerHttpSecurity { * Cross-Origin-Embedder-Policy header. * @return the {@link CrossOriginEmbedderPolicySpec} to configure * @since 5.7 + * @deprecated For removal in 7.0. Use + * {@link #crossOriginEmbedderPolicy(Customizer)} instead. * @see CrossOriginEmbedderPolicyServerHttpHeadersWriter */ + @Deprecated(since = "6.1", forRemoval = true) public CrossOriginEmbedderPolicySpec crossOriginEmbedderPolicy() { return new CrossOriginEmbedderPolicySpec(); } @@ -2702,8 +2786,11 @@ public class ServerHttpSecurity { * Cross-Origin-Resource-Policy header. * @return the {@link CrossOriginResourcePolicySpec} to configure * @since 5.7 + * @deprecated For removal in 7.0. Use + * {@link #crossOriginResourcePolicy(Customizer)} instead. * @see CrossOriginResourcePolicyServerHttpHeadersWriter */ + @Deprecated(since = "6.1", forRemoval = true) public CrossOriginResourcePolicySpec crossOriginResourcePolicy() { return new CrossOriginResourcePolicySpec(); } @@ -2789,7 +2876,10 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity} * @return the {@link HeaderSpec} to continue configuring + * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) private HeaderSpec and() { return HeaderSpec.this; } @@ -2857,7 +2947,9 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity} * @return the {@link HeaderSpec} to continue configuring + * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec and() { return HeaderSpec.this; } @@ -2946,7 +3038,10 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity}. * @return the {@link HeaderSpec} to continue configuring + * @deprecated For removal in 7.0. Use + * {@link #contentSecurityPolicy(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec and() { return HeaderSpec.this; } @@ -2973,7 +3068,10 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity}. * @return the {@link HeaderSpec} to continue configuring + * @deprecated For removal in 7.0. Use {@link #featurePolicy(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec and() { return HeaderSpec.this; } @@ -3005,7 +3103,10 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity}. * @return the {@link HeaderSpec} to continue configuring + * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec and() { return HeaderSpec.this; } @@ -3042,7 +3143,10 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity}. * @return the {@link HeaderSpec} to continue configuring + * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec and() { return HeaderSpec.this; } @@ -3073,7 +3177,10 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity}. * @return the {@link HeaderSpec} to continue configuring + * @deprecated For removal in 7.0. Use + * {@link #crossOriginOpenerPolicy(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec and() { return HeaderSpec.this; } @@ -3104,7 +3211,10 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity}. * @return the {@link HeaderSpec} to continue configuring + * @deprecated For removal in 7.0. Use + * {@link #crossOriginEmbedderPolicy(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec and() { return HeaderSpec.this; } @@ -3135,7 +3245,10 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity}. * @return the {@link HeaderSpec} to continue configuring + * @deprecated For removal in 7.0. Use + * {@link #crossOriginResourcePolicy(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public HeaderSpec and() { return HeaderSpec.this; } @@ -3211,7 +3324,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -3322,7 +3437,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -3378,6 +3495,10 @@ public class ServerHttpSecurity { return this; } + /** + * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead + */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -3630,7 +3751,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -3965,7 +4088,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -4113,7 +4238,9 @@ public class ServerHttpSecurity { /** * Enables JWT Resource Server support. * @return the {@link JwtSpec} for additional configuration + * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public JwtSpec jwt() { if (this.jwt == null) { this.jwt = new JwtSpec(); @@ -4138,7 +4265,9 @@ public class ServerHttpSecurity { /** * Enables Opaque Token Resource Server support. * @return the {@link OpaqueTokenSpec} for additional configuration + * @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public OpaqueTokenSpec opaqueToken() { if (this.opaqueToken == null) { this.opaqueToken = new OpaqueTokenSpec(); @@ -4230,6 +4359,11 @@ public class ServerHttpSecurity { return new ServerAuthenticationEntryPointFailureHandler(this.entryPoint); } + /** + * @deprecated For removal in 7.0. Use {@link #oauth2ResourceServer(Customizer)} + * instead + */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; } @@ -4303,6 +4437,10 @@ public class ServerHttpSecurity { return this; } + /** + * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead + */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2ResourceServerSpec and() { return OAuth2ResourceServerSpec.this; } @@ -4413,7 +4551,10 @@ public class ServerHttpSecurity { * Allows method chaining to continue configuring the * {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} + * instead */ + @Deprecated(since = "6.1", forRemoval = true) public OAuth2ResourceServerSpec and() { return OAuth2ResourceServerSpec.this; } @@ -4539,7 +4680,9 @@ public class ServerHttpSecurity { /** * Allows method chaining to continue configuring the {@link ServerHttpSecurity} * @return the {@link ServerHttpSecurity} to continue configuring + * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead */ + @Deprecated(since = "6.1", forRemoval = true) public ServerHttpSecurity and() { return ServerHttpSecurity.this; }