Deprecated API

Contents

• Terminally Deprecated
• Classes
• Fields
• Methods
• Constructors

Terminally Deprecated Elements

Element	Description
org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken(Object, String)	Please use constructor that takes a String instead
org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken(Object, Collection<? extends GrantedAuthority>)	Please use OneTimeTokenAuthentication instead
org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.authenticated(Object, Collection<? extends GrantedAuthority>)	Please use OneTimeTokenAuthentication instead
org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.unauthenticated(String)	Please use constructor that takes a String instead
org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.unauthenticated(Object, String)	Please use constructor that takes a String instead
org.springframework.security.core.SpringSecurityCoreVersion.SERIAL_VERSION_UID	Please have each class use its own serialization version For more details, refer to the SpringSecurityCoreVersionSerializableTests class.
org.springframework.security.jackson2.CoreJackson2Module	as of 7.0 in favor of CoreJacksonModule based on Jackson 3
org.springframework.security.jackson2.SecurityJackson2Modules	as of 7.0 in favor of SecurityJacksonModules based on Jackson 3
org.springframework.security.jackson2.SimpleGrantedAuthorityMixin	as of 7.0 in favor of org.springframework.security.jackson.SimpleGrantedAuthorityMixin based on Jackson 3

Deprecated Classes

Class	Description
org.springframework.security.jackson2.CoreJackson2Module	as of 7.0 in favor of CoreJacksonModule based on Jackson 3
org.springframework.security.jackson2.SecurityJackson2Modules	as of 7.0 in favor of SecurityJacksonModules based on Jackson 3
org.springframework.security.jackson2.SimpleGrantedAuthorityMixin	as of 7.0 in favor of org.springframework.security.jackson.SimpleGrantedAuthorityMixin based on Jackson 3

Deprecated Fields

Field	Description
org.springframework.security.core.SpringSecurityCoreVersion.SERIAL_VERSION_UID	Please have each class use its own serialization version For more details, refer to the SpringSecurityCoreVersionSerializableTests class.

Deprecated Methods

Method	Description
org.springframework.security.access.expression.AbstractSecurityExpressionHandler.getDefaultAuthorizationManagerFactory()	Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
org.springframework.security.access.expression.AbstractSecurityExpressionHandler.getRoleHierarchy()	Use AbstractSecurityExpressionHandler.getDefaultAuthorizationManagerFactory() instead
org.springframework.security.access.expression.AbstractSecurityExpressionHandler.setRoleHierarchy(RoleHierarchy)	Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler.getDefaultRolePrefix()	Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler.getTrustResolver()	Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler.setDefaultRolePrefix(String)	Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler.setTrustResolver(AuthenticationTrustResolver)	Use AbstractSecurityExpressionHandler.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
org.springframework.security.access.expression.SecurityExpressionRoot.setDefaultRolePrefix(String)	Use SecurityExpressionRoot.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
org.springframework.security.access.expression.SecurityExpressionRoot.setRoleHierarchy(RoleHierarchy)	Use SecurityExpressionRoot.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
org.springframework.security.access.expression.SecurityExpressionRoot.setTrustResolver(AuthenticationTrustResolver)	Use SecurityExpressionRoot.setAuthorizationManagerFactory(AuthorizationManagerFactory) instead
org.springframework.security.access.hierarchicalroles.RoleHierarchyUtils.roleHierarchyFromMap(Map<String, List<String>>)	Use RoleHierarchyImpl.fromHierarchy(String) or the builder-based approach instead of this manual conversion.
org.springframework.security.authentication.DefaultAuthenticationEventPublisher.setAdditionalExceptionMappings(Properties)	use DefaultAuthenticationEventPublisher.setAdditionalExceptionMappings(Map)
org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.authenticated(Object, Collection<? extends GrantedAuthority>)	Please use OneTimeTokenAuthentication instead
org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.unauthenticated(String)	Please use constructor that takes a String instead
org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.unauthenticated(Object, String)	Please use constructor that takes a String instead
org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.addAdvisor(AuthorizationAdvisor)	please provide all advisors in the constructor
org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.setAdvisors(Collection<AuthorizationAdvisor>)	Please use AuthorizationAdvisorProxyFactory.addAdvisor(AuthorizationAdvisor) instead
org.springframework.security.authorization.method.AuthorizationAdvisorProxyFactory.setAdvisors(AuthorizationAdvisor...)	Please use AuthorizationAdvisorProxyFactory.addAdvisor(AuthorizationAdvisor) instead
org.springframework.security.core.userdetails.User.withDefaultPasswordEncoder()	Using this method is not considered safe for production, but is acceptable for demos and getting started. For production purposes, ensure the password is encoded externally. See the method Javadoc for additional details. There are no plans to remove this support. It is deprecated to indicate that this is considered insecure for production purposes.

Deprecated Constructors

Constructor	Description
org.springframework.security.access.expression.SecurityExpressionRoot(Supplier<Authentication>)	Use SecurityExpressionRoot(Supplier, Object) instead
org.springframework.security.access.expression.SecurityExpressionRoot(Authentication)	Use SecurityExpressionRoot(Supplier, Object) instead
org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken(Object, String)	Please use constructor that takes a String instead
org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken(Object, Collection<? extends GrantedAuthority>)	Please use OneTimeTokenAuthentication instead