Deprecate ChannelDecisionManager

Closes gh-16681
spring-projects · Feb 28, 2025 · ab52fd8 · ab52fd8
1 parent 72070cd
commit ab52fd8
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 0 deletions.
diff --git a/...src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java b/...src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
@@ -23,12 +23,16 @@
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 
 /**
  * Decides whether a web channel provides sufficient security.
  *
  * @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
  */
+@Deprecated
 public interface ChannelDecisionManager {
 
 	/**

diff --git a/...main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java b/...main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
@@ -26,6 +26,7 @@
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
@@ -44,7 +45,10 @@
  * channel processors will be skipped (see SEC-494, SEC-335).
  *
  * @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
  */
+@Deprecated
 public class ChannelDecisionManagerImpl implements ChannelDecisionManager, InitializingBean {
 
 	public static final String ANY_CHANNEL = "ANY_CHANNEL";

diff --git a/...rc/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java b/...rc/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
@@ -83,7 +83,9 @@
  * over HTTPS.
  *
  * @author Ben Alex
+ * @deprecated see {@link org.springframework.security.web.transport.HttpsRedirectFilter}
  */
+@Deprecated
 public class ChannelProcessingFilter extends GenericFilterBean {
 
 	private ChannelDecisionManager channelDecisionManager;

diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
@@ -23,6 +23,7 @@
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 
 /**
  * Decides whether a web channel meets a specific security condition.
@@ -34,7 +35,10 @@
  * themselves. The callers of the implementation do not take any action.
  *
  * @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
  */
+@Deprecated
 public interface ChannelProcessor {
 
 	/**

diff --git a/...c/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java b/...c/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
@@ -24,6 +24,7 @@
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
@@ -39,7 +40,10 @@
  * The default <code>insecureKeyword</code> is <code>REQUIRES_INSECURE_CHANNEL</code>.
  *
  * @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
  */
+@Deprecated
 public class InsecureChannelProcessor implements InitializingBean, ChannelProcessor {
 
 	private ChannelEntryPoint entryPoint = new RetryWithHttpEntryPoint();

diff --git a/...src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java b/...src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
@@ -24,6 +24,7 @@
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
@@ -39,7 +40,10 @@
  * The default <code>secureKeyword</code> is <code>REQUIRES_SECURE_CHANNEL</code>.
  *
  * @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
  */
+@Deprecated
 public class SecureChannelProcessor implements InitializingBean, ChannelProcessor {
 
 	private ChannelEntryPoint entryPoint = new RetryWithHttpsEntryPoint();