Merge remote-tracking branch 'origin/5.8.x'

2026-05-22 21:33:16 +00:00 · 2022-09-20 16:11:16 -06:00
parent 63af5c9b03 3f8503f1b4
commit 46f402243b
71 changed files with 297 additions and 34 deletions
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -42,7 +42,9 @@ import org.springframework.security.config.annotation.authentication.configurati
 *
 * @author Rob Winch
 * @since 3.2
+ * @deprecated Use {@link EnableMethodSecurity} instead
 */
+@Deprecated
@Retention(RetentionPolicy.RUNTIME)
@Target(ElementType.TYPE)
@Documented
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -36,7 +36,9 @@ import org.springframework.core.type.AnnotationMetadata;
 *
 * @author Rob Winch
 * @since 3.2
+ * @deprecated Use {@link EnableMethodSecurity} instead
 */
+@Deprecated
 class GlobalMethodSecurityAspectJAutoProxyRegistrar implements ImportBeanDefinitionRegistrar {

 	/**
@@ -86,7 +86,11 @@ import org.springframework.util.Assert;
 * @author Eddú Meléndez
 * @since 3.2
 * @see EnableGlobalMethodSecurity
+ * @deprecated Use {@link PrePostMethodSecurityConfiguration},
+ * {@link SecuredMethodSecurityConfiguration}, or
+ * {@link Jsr250MethodSecurityConfiguration} instead
 */
+@Deprecated
@Configuration(proxyBeanMethods = false)
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
 public class GlobalMethodSecurityConfiguration implements ImportAware, SmartInitializingSingleton, BeanFactoryAware {
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -34,7 +34,9 @@ import org.springframework.util.ClassUtils;
 *
 * @author Rob Winch
 * @since 3.2
+ * @deprecated Use {@link MethodSecuritySelector} instead
 */
+@Deprecated
 final class GlobalMethodSecuritySelector implements ImportSelector {

 	@Override
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@ import org.springframework.security.access.annotation.Jsr250MethodSecurityMetada

@Configuration(proxyBeanMethods = false)
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
+@Deprecated
 class Jsr250MetadataSourceConfiguration {

 	@Bean
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -32,7 +32,9 @@ import org.springframework.util.MultiValueMap;
 * @author Rob Winch
 * @since 4.0.2
 * @see GlobalMethodSecuritySelector
+ * @deprecated Use {@link MethodSecuritySelector} instead
 */
+@Deprecated
 class MethodSecurityMetadataSourceAdvisorRegistrar implements ImportBeanDefinitionRegistrar {

 	/**
@@ -1059,8 +1059,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * </pre>
 	 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated Use {@link #authorizeHttpRequests()} instead
 	 * @see #requestMatcher(RequestMatcher)
 	 */
+	@Deprecated
 	public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
 			throws Exception {
 		ApplicationContext context = getContext();
@@ -1173,8 +1175,10 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 	 * for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
+	 * @deprecated Use {@link #authorizeHttpRequests} instead
 	 * @see #requestMatcher(RequestMatcher)
 	 */
+	@Deprecated
 	public HttpSecurity authorizeRequests(
 			Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequestsCustomizer)
 			throws Exception {
@@ -60,7 +60,9 @@ import org.springframework.security.web.access.intercept.FilterSecurityIntercept
 * @since 3.2
 * @see ExpressionUrlAuthorizationConfigurer
 * @see UrlAuthorizationConfigurer
+ * @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
 */
+@Deprecated
 public abstract class AbstractInterceptUrlConfigurer<C extends AbstractInterceptUrlConfigurer<C, H>, H extends HttpSecurityBuilder<H>>
 		extends AbstractHttpConfigurer<C, H> {

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -79,7 +79,9 @@ import org.springframework.util.StringUtils;
 * @author Yanming Zhou
 * @since 3.2
 * @see org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()
+ * @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
 */
+@Deprecated
 public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractInterceptUrlConfigurer<ExpressionUrlAuthorizationConfigurer<H>, H> {

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -85,7 +85,9 @@ import org.springframework.util.Assert;
 * @author Rob Winch
 * @since 3.2
 * @see ExpressionUrlAuthorizationConfigurer
+ * @deprecated Use {@link AuthorizeHttpRequestsConfigurer} instead
 */
+@Deprecated
 public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		extends AbstractInterceptUrlConfigurer<UrlAuthorizationConfigurer<H>, H> {

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -46,7 +46,9 @@ import org.springframework.util.xml.DomUtils;
 * for use with a FilterSecurityInterceptor.
 *
 * @author Luke Taylor
+ * @deprecated Use `use-authorization-manager` property instead
 */
+@Deprecated
 public class FilterInvocationSecurityMetadataSourceParser implements BeanDefinitionParser {

 	private static final String ATT_USE_EXPRESSIONS = "use-expressions";
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -89,7 +89,9 @@ import org.springframework.util.xml.DomUtils;
 * @author Luke Taylor
 * @author Rob Winch
 * @since 2.0
+ * @deprecated Use {@link MethodSecurityBeanDefinitionParser} instead
 */
+@Deprecated
 public class GlobalMethodSecurityBeanDefinitionParser implements BeanDefinitionParser {

 	private final Log logger = LogFactory.getLog(getClass());
@@ -125,7 +125,11 @@ public class InterceptMethodsBeanDefinitionDecorator implements BeanDefinitionDe
 	/**
 	 * This is the real class which does the work. We need access to the ParserContext in
 	 * order to do bean registration.
+	 *
+	 * @deprecated Use
+	 * {@link InternalAuthorizationManagerInterceptMethodsBeanDefinitionDecorator}
 	 */
+	@Deprecated
 	static class InternalInterceptMethodsBeanDefinitionDecorator
 			extends AbstractInterceptorDrivenBeanDefinitionDecorator {

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -36,7 +36,10 @@ import org.springframework.util.xml.DomUtils;
 /**
 * @author Luke Taylor
 * @since 3.1
+ * @deprecated Use {@code <intercept-methods>}, {@code <method-security>}, or
+ * {@code @EnableMethodSecurity}
 */
+@Deprecated
 public class MethodSecurityMetadataSourceBeanDefinitionParser extends AbstractBeanDefinitionParser {

 	static final String ATT_METHOD = "method";
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -63,7 +63,9 @@ import org.springframework.util.StringUtils;
 *
 * @author Ben Alex
 * @since 2.0
+ * @deprecated Use {@code use-authorization-manager} flag instead
 */
+@Deprecated
 final class ProtectPointcutPostProcessor implements BeanPostProcessor {

 	private static final Log logger = LogFactory.getLog(ProtectPointcutPostProcessor.class);