diff --git a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java index 2a45b5eedb..86575886b2 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java +++ b/config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java @@ -79,6 +79,15 @@ protected AbstractConfiguredSecurityBuilder(ObjectPostProcessor objectPo this(objectPostProcessor, false); } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + protected AbstractConfiguredSecurityBuilder( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + this(objectPostProcessor, false); + } + /*** * Creates a new instance with the provided {@link ObjectPostProcessor}. This post * processor must support Object since there are many types of objects that may be @@ -94,6 +103,18 @@ protected AbstractConfiguredSecurityBuilder(ObjectPostProcessor objectPo this.allowConfigurersOfSameType = allowConfigurersOfSameType; } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + protected AbstractConfiguredSecurityBuilder( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor, + boolean allowConfigurersOfSameType) { + Assert.notNull(objectPostProcessor, "objectPostProcessor cannot be null"); + this.objectPostProcessor = objectPostProcessor; + this.allowConfigurersOfSameType = allowConfigurersOfSameType; + } + /** * Similar to {@link #build()} and {@link #getObject()} but checks the state to * determine if {@link #build()} needs to be called first. diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java index bc02c6e363..0fee685935 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java +++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java @@ -92,6 +92,15 @@ public void addObjectPostProcessor(ObjectPostProcessor objectPostProcessor) { this.objectPostProcessor.addObjectPostProcessor(objectPostProcessor); } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + public void addObjectPostProcessor( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + this.objectPostProcessor.addObjectPostProcessor(objectPostProcessor); + } + /** * Sets the {@link SecurityBuilder} to be used. This is automatically set when using * {@link AbstractConfiguredSecurityBuilder#apply(SecurityConfigurerAdapter)} diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java index 0a734574a3..44ebc77674 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/builders/AuthenticationManagerBuilder.java @@ -70,19 +70,17 @@ public class AuthenticationManagerBuilder * @param objectPostProcessor the * {@link org.springframework.security.config.annotation.ObjectPostProcessor} instance * to use. - * @deprecated */ - @Deprecated(since = "6.4", forRemoval = true) - public AuthenticationManagerBuilder( - org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + public AuthenticationManagerBuilder(ObjectPostProcessor objectPostProcessor) { super(objectPostProcessor, true); } /** - * Creates a new instance - * @param objectPostProcessor the {@link ObjectPostProcessor} instance to use. + * @deprecated */ - public AuthenticationManagerBuilder(ObjectPostProcessor objectPostProcessor) { + @Deprecated(since = "6.4", forRemoval = true) + public AuthenticationManagerBuilder( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { super(objectPostProcessor, true); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java index 79259083fb..8ec435edee 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java @@ -140,6 +140,16 @@ public LdapAuthenticationProviderConfigurer withObjectPostProcessor(ObjectPos return this; } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + public LdapAuthenticationProviderConfigurer withObjectPostProcessor( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + addObjectPostProcessor(objectPostProcessor); + return this; + } + /** * Gets the {@link LdapAuthoritiesPopulator} and defaults to * {@link DefaultLdapAuthoritiesPopulator} diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java index b8595db8bd..7dce6f73ef 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java @@ -63,6 +63,17 @@ public C withObjectPostProcessor(ObjectPostProcessor objectPostProcessor) { return (C) this; } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + @SuppressWarnings("unchecked") + public C withObjectPostProcessor( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + addObjectPostProcessor(objectPostProcessor); + return (C) this; + } + /** * Allows specifying the {@link PasswordEncoder} to use with the * {@link DaoAuthenticationProvider}. The default is to use plain text. diff --git a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java index b2e08e044b..b20c5eab2a 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/method/configuration/GlobalMethodSecurityConfiguration.java @@ -407,6 +407,16 @@ public void setObjectPostProcessor(ObjectPostProcessor objectPostProcess this.objectPostProcessor = objectPostProcessor; } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + @Autowired(required = false) + public void setObjectPostProcessor( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + this.objectPostProcessor = objectPostProcessor; + } + @Autowired(required = false) public void setMethodSecurityExpressionHandler(List handlers) { if (handlers.size() != 1) { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index 3f65f8a7db..f96c943d55 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -188,6 +188,23 @@ public HttpSecurity(ObjectPostProcessor objectPostProcessor, this.requestMatcherConfigurer = new RequestMatcherConfigurer(context); } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + @SuppressWarnings("unchecked") + public HttpSecurity(org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor, + AuthenticationManagerBuilder authenticationBuilder, Map, Object> sharedObjects) { + super(objectPostProcessor); + Assert.notNull(authenticationBuilder, "authenticationBuilder cannot be null"); + setSharedObject(AuthenticationManagerBuilder.class, authenticationBuilder); + for (Map.Entry, Object> entry : sharedObjects.entrySet()) { + setSharedObject((Class) entry.getKey(), entry.getValue()); + } + ApplicationContext context = (ApplicationContext) sharedObjects.get(ApplicationContext.class); + this.requestMatcherConfigurer = new RequestMatcherConfigurer(context); + } + private ApplicationContext getContext() { return getSharedObject(ApplicationContext.class); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java index 0974736d01..aadf4302d3 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java @@ -135,6 +135,14 @@ public WebSecurity(ObjectPostProcessor objectPostProcessor) { super(objectPostProcessor); } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + public WebSecurity(org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + super(objectPostProcessor); + } + /** *

* Allows adding {@link RequestMatcher} instances that Spring Security should ignore. diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java index 9859130ca1..3cd79c9967 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java @@ -178,6 +178,17 @@ static class DefaultPasswordEncoderAuthenticationManagerBuilder extends Authenti this.defaultPasswordEncoder = defaultPasswordEncoder; } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + DefaultPasswordEncoderAuthenticationManagerBuilder( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor, + PasswordEncoder defaultPasswordEncoder) { + super(objectPostProcessor); + this.defaultPasswordEncoder = defaultPasswordEncoder; + } + @Override public InMemoryUserDetailsManagerConfigurer inMemoryAuthentication() throws Exception { diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java index dc7b1c92ce..132c7ef0d5 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AbstractHttpConfigurer.java @@ -54,6 +54,17 @@ public T withObjectPostProcessor(ObjectPostProcessor objectPostProcessor) { return (T) this; } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + @SuppressWarnings("unchecked") + public T withObjectPostProcessor( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + addObjectPostProcessor(objectPostProcessor); + return (T) this; + } + protected SecurityContextHolderStrategy getSecurityContextHolderStrategy() { if (this.securityContextHolderStrategy != null) { return this.securityContextHolderStrategy; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java index 2ec1f30a13..6834109858 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java @@ -193,6 +193,16 @@ public AuthorizationManagerRequestMatcherRegistry withObjectPostProcessor( return this; } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + public AuthorizationManagerRequestMatcherRegistry withObjectPostProcessor( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + addObjectPostProcessor(objectPostProcessor); + return this; + } + /** * Sets whether all dispatcher types should be filtered. * @param shouldFilter should filter all dispatcher types. Default is {@code true} diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java index f16db3bd3a..e3133fca61 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java @@ -169,6 +169,16 @@ public ChannelRequestMatcherRegistry withObjectPostProcessor(ObjectPostProcessor return this; } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + public ChannelRequestMatcherRegistry withObjectPostProcessor( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + addObjectPostProcessor(objectPostProcessor); + return this; + } + /** * Sets the {@link ChannelProcessor} instances to use in * {@link ChannelDecisionManagerImpl} diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java index b86f16cca1..599c9703d9 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java @@ -238,6 +238,16 @@ public ExpressionInterceptUrlRegistry withObjectPostProcessor(ObjectPostProcesso return this; } + /** + * @deprecated + */ + @Deprecated(since = "6.4", forRemoval = true) + public ExpressionInterceptUrlRegistry withObjectPostProcessor( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + addObjectPostProcessor(objectPostProcessor); + return this; + } + public H and() { return ExpressionUrlAuthorizationConfigurer.this.and(); } diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java index c1ac9a1c58..5ccbafed06 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java @@ -117,6 +117,14 @@ public UrlAuthorizationConfigurer withObjectPostProcessor(ObjectPostProcessor return this; } + @Deprecated(since = "6.4", forRemoval = true) + @Override + public UrlAuthorizationConfigurer withObjectPostProcessor( + org.springframework.security.config.annotation.ObjectPostProcessor objectPostProcessor) { + addObjectPostProcessor(objectPostProcessor); + return this; + } + /** * Creates the default {@link AccessDecisionVoter} instances used if an * {@link AccessDecisionManager} was not specified.