Add Missing Deprecation Markers

jzheaux · jzheaux · commit 2ad859a63c36 · 2025-04-23T11:29:18.000-06:00
diff --git a/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java b/config/src/main/java/org/springframework/security/config/annotation/rsocket/PayloadInterceptorOrder.java
@@ -33,12 +33,16 @@ public enum PayloadInterceptorOrder implements Ordered {
 	/**
 	 * Where basic authentication is placed.
 	 * @see RSocketSecurity#basicAuthentication(Customizer)
+	 * @deprecated please see {@link PayloadInterceptorOrder#AUTHENTICATION}
 	 */
+	@Deprecated
 	BASIC_AUTHENTICATION,
 	/**
 	 * Where JWT based authentication is performed.
 	 * @see RSocketSecurity#jwt(Customizer)
+	 * @deprecated please see {@link PayloadInterceptorOrder#AUTHENTICATION}
 	 */
+	@Deprecated
 	JWT_AUTHENTICATION,
 	/**
 	 * A generic placeholder for other types of authentication.
diff --git a/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java b/config/src/main/java/org/springframework/security/config/method/MethodConfigUtils.java
@@ -24,6 +24,7 @@
 import org.springframework.security.access.vote.AffirmativeBased;
 import org.springframework.security.access.vote.AuthenticatedVoter;
 import org.springframework.security.access.vote.RoleVoter;
+import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.config.BeanIds;
 
 /**
@@ -32,7 +33,9 @@
  * @author Luke Taylor
  * @author Ben Alex
  * @author Rob Winch
+ * @deprecated Please use {@link AuthorizationManager} instead
  */
+@Deprecated
 abstract class MethodConfigUtils {
 
 	@SuppressWarnings("unchecked")
diff --git a/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java b/core/src/main/java/org/springframework/security/access/hierarchicalroles/RoleHierarchyUtils.java
@@ -43,7 +43,9 @@ private RoleHierarchyUtils() {
 	 * @return a string representation of a role hierarchy
 	 * @throws IllegalArgumentException if roleHierarchyMap is null or empty or if a role
 	 * name is null or empty or if an implied role name(s) is null or empty
+	 * @deprecated please see {@link RoleHierarchyImpl#setHierarchy} deprecation notice
 	 */
+	@Deprecated
 	public static String roleHierarchyFromMap(Map<String, List<String>> roleHierarchyMap) {
 		Assert.notEmpty(roleHierarchyMap, "roleHierarchyMap cannot be empty");
 		StringWriter result = new StringWriter();
diff --git a/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java b/core/src/main/java/org/springframework/security/access/intercept/NullRunAsManager.java
@@ -28,7 +28,9 @@
  * functionality.
  *
  * @author Ben Alex
+ * @deprecated please see {@link RunAsManager} deprecation notice
  */
+@Deprecated
 final class NullRunAsManager implements RunAsManager {
 
 	@Override
diff --git a/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/PostAuthorizeReactiveAuthorizationManager.java
@@ -59,7 +59,10 @@ public PostAuthorizeReactiveAuthorizationManager(MethodSecurityExpressionHandler
 	 * not be resolved.
 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
 	 * @since 6.3
+	 * @deprecated please use
+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
 	 */
+	@Deprecated
 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
 		this.registry.setTemplateDefaults(defaults);
 	}
diff --git a/core/src/main/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/authorization/method/PostFilterAuthorizationReactiveMethodInterceptor.java
@@ -74,7 +74,10 @@ public PostFilterAuthorizationReactiveMethodInterceptor(MethodSecurityExpression
 	 * not be resolved.
 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
 	 * @since 6.3
+	 * @deprecated please use
+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
 	 */
+	@Deprecated
 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
 		this.registry.setTemplateDefaults(defaults);
 	}
diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManager.java b/core/src/main/java/org/springframework/security/authorization/method/PreAuthorizeReactiveAuthorizationManager.java
@@ -59,7 +59,10 @@ public PreAuthorizeReactiveAuthorizationManager(MethodSecurityExpressionHandler
 	 * not be resolved.
 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
 	 * @since 6.3
+	 * @deprecated please use
+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
 	 */
+	@Deprecated
 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
 		this.registry.setTemplateDefaults(defaults);
 	}
diff --git a/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java b/core/src/main/java/org/springframework/security/authorization/method/PreFilterAuthorizationReactiveMethodInterceptor.java
@@ -77,7 +77,10 @@ public PreFilterAuthorizationReactiveMethodInterceptor(MethodSecurityExpressionH
 	 * not be resolved.
 	 * @param defaults - whether to resolve pre/post-authorization templates parameters
 	 * @since 6.3
+	 * @deprecated please use
+	 * {@link #setTemplateDefaults(AnnotationTemplateExpressionDefaults)}
 	 */
+	@Deprecated
 	public void setTemplateDefaults(PrePostTemplateDefaults defaults) {
 		this.registry.setTemplateDefaults(defaults);
 	}
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BasicAuthenticationPayloadExchangeConverter.java
@@ -36,7 +36,9 @@
  *
  * @author Rob Winch
  * @since 5.2
+ * @deprecated please use {@link AuthenticationPayloadExchangeConverter} instead
  */
+@Deprecated
 public class BasicAuthenticationPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {
 
 	private MimeType metadataMimetype = MimeTypeUtils
diff --git a/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java b/rsocket/src/main/java/org/springframework/security/rsocket/authentication/BearerPayloadExchangeConverter.java
@@ -34,7 +34,9 @@
  *
  * @author Rob Winch
  * @since 5.2
+ * @deprecated please use {@link AuthenticationPayloadExchangeConverter} instead
  */
+@Deprecated
 public class BearerPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {
 
 	private static final String BEARER_MIME_TYPE_VALUE = BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE.toString();
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/AbstractRetryEntryPoint.java
@@ -34,7 +34,11 @@
 
 /**
  * @author Luke Taylor
+ * @deprecated please use
+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
+ * associated {@link PortMapper}
  */
+@Deprecated
 public abstract class AbstractRetryEntryPoint implements ChannelEntryPoint {
 
 	protected final Log logger = LogFactory.getLog(getClass());
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelEntryPoint.java
@@ -22,6 +22,8 @@
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
+import org.springframework.security.web.PortMapper;
+
 /**
  * May be used by a {@link ChannelProcessor} to launch a web channel.
  *
@@ -31,7 +33,11 @@
  * interface to assist <code>ChannelProcessor</code>s in performing this delegation.
  *
  * @author Ben Alex
+ * @deprecated please use
+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
+ * associated {@link PortMapper}
  */
+@Deprecated
 public interface ChannelEntryPoint {
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpEntryPoint.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.access.channel;
 
+import org.springframework.security.web.PortMapper;
+
 /**
  * Commences an insecure channel by retrying the original request using HTTP.
  * <p>
@@ -24,7 +26,11 @@
  * issue.
  *
  * @author Ben Alex
+ * @deprecated please use
+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
+ * associated {@link PortMapper}
  */
+@Deprecated(since = "6.5")
 public class RetryWithHttpEntryPoint extends AbstractRetryEntryPoint {
 
 	public RetryWithHttpEntryPoint() {
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java b/web/src/main/java/org/springframework/security/web/access/channel/RetryWithHttpsEntryPoint.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.access.channel;
 
+import org.springframework.security.web.PortMapper;
+
 /**
  * Commences a secure channel by retrying the original request using HTTPS.
  * <p>
@@ -25,7 +27,11 @@
  * </p>
  *
  * @author Ben Alex
+ * @deprecated please use
+ * {@link org.springframework.security.web.transport.HttpsRedirectFilter} and its
+ * associated {@link PortMapper}
  */
+@Deprecated(since = "6.5")
 public class RetryWithHttpsEntryPoint extends AbstractRetryEntryPoint {
 
 	public RetryWithHttpsEntryPoint() {
diff --git a/web/src/main/java/org/springframework/security/web/context/DelegatingSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/DelegatingSecurityContextRepository.java
@@ -44,7 +44,12 @@ public DelegatingSecurityContextRepository(List<SecurityContextRepository> deleg
 		this.delegates = delegates;
 	}
 
+	/**
+	 * @deprecated
+	 * @see SecurityContextRepository#loadContext
+	 */
 	@Override
+	@Deprecated
 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 		SecurityContext result = null;
 		for (SecurityContextRepository delegate : this.delegates) {
diff --git a/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/HttpSessionSecurityContextRepository.java
@@ -115,7 +115,9 @@ public class HttpSessionSecurityContextRepository implements SecurityContextRepo
 	 * If the session is null, the context object is null or the context object stored in
 	 * the session is not an instance of {@code SecurityContext}, a new context object
 	 * will be generated and returned.
+	 * @deprecated please see {@link SecurityContextRepository#loadContext}
 	 */
+	@Deprecated
 	@Override
 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 		HttpServletRequest request = requestResponseHolder.getRequest();
diff --git a/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/NullSecurityContextRepository.java
@@ -38,7 +38,11 @@ public boolean containsContext(HttpServletRequest request) {
 		return false;
 	}
 
+	/**
+	 * @deprecated please see {@link SecurityContextRepository#loadContext}
+	 */
 	@Override
+	@Deprecated
 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 		return this.securityContextHolderStrategy.createEmptyContext();
 	}
diff --git a/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java b/web/src/main/java/org/springframework/security/web/context/RequestAttributeSecurityContextRepository.java
@@ -75,7 +75,11 @@ public boolean containsContext(HttpServletRequest request) {
 		return getContext(request) != null;
 	}
 
+	/**
+	 * @deprecated please see {@link SecurityContextRepository#loadContext}
+	 */
 	@Override
+	@Deprecated
 	public SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder) {
 		return loadDeferredContext(requestResponseHolder.getRequest()).get();
 	}

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,9 @@`
`28`	`28`	`* functionality.`
`29`	`29`	`*`
`30`	`30`	`* @author Ben Alex`
	`31`	`+ * @deprecated please see {@link RunAsManager} deprecation notice`
`31`	`32`	`*/`
	`33`	`+@Deprecated`
`32`	`34`	`final class NullRunAsManager implements RunAsManager {`
`33`	`35`
`34`	`36`	`@Override`
Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,9 @@`
`36`	`36`	`*`
`37`	`37`	`* @author Rob Winch`
`38`	`38`	`* @since 5.2`
	`39`	`+ * @deprecated please use {@link AuthenticationPayloadExchangeConverter} instead`
`39`	`40`	`*/`
	`41`	`+@Deprecated`
`40`	`42`	`public class BasicAuthenticationPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {`
`41`	`43`
`42`	`44`	`private MimeType metadataMimetype = MimeTypeUtils`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,9 @@`
`34`	`34`	`*`
`35`	`35`	`* @author Rob Winch`
`36`	`36`	`* @since 5.2`
	`37`	`+ * @deprecated please use {@link AuthenticationPayloadExchangeConverter} instead`
`37`	`38`	`*/`
	`39`	`+@Deprecated`
`38`	`40`	`public class BearerPayloadExchangeConverter implements PayloadExchangeAuthenticationConverter {`
`39`	`41`
`40`	`42`	`private static final String BEARER_MIME_TYPE_VALUE = BearerTokenMetadata.BEARER_AUTHENTICATION_MIME_TYPE.toString();`