diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
index 3dace42b1e..71f3091d4e 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
@@ -23,12 +23,16 @@
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
/**
* Decides whether a web channel provides sufficient security.
*
* @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
*/
+@Deprecated
public interface ChannelDecisionManager {
/**
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
index 5685c65066..1d9f05f65c 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
@@ -26,6 +26,7 @@
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
/**
@@ -44,7 +45,10 @@
* channel processors will be skipped (see SEC-494, SEC-335).
*
* @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
*/
+@Deprecated
public class ChannelDecisionManagerImpl implements ChannelDecisionManager, InitializingBean {
public static final String ANY_CHANNEL = "ANY_CHANNEL";
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
index 1f4fd2a783..b14ae3bd47 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
@@ -83,7 +83,9 @@
* over HTTPS.
*
* @author Ben Alex
+ * @deprecated see {@link org.springframework.security.web.transport.HttpsRedirectFilter}
*/
+@Deprecated
public class ChannelProcessingFilter extends GenericFilterBean {
private ChannelDecisionManager channelDecisionManager;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
index 07e27769c4..56ab0f262b 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
@@ -23,6 +23,7 @@
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
/**
* Decides whether a web channel meets a specific security condition.
@@ -34,7 +35,10 @@
* themselves. The callers of the implementation do not take any action.
*
* @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
*/
+@Deprecated
public interface ChannelProcessor {
/**
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
index dbf23df699..69d0fe9931 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
@@ -24,6 +24,7 @@
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
/**
@@ -39,7 +40,10 @@
* The default insecureKeyword is REQUIRES_INSECURE_CHANNEL.
*
* @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
*/
+@Deprecated
public class InsecureChannelProcessor implements InitializingBean, ChannelProcessor {
private ChannelEntryPoint entryPoint = new RetryWithHttpEntryPoint();
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
index bc3dd8805d..60de136c8a 100644
--- a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
+++ b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
@@ -24,6 +24,7 @@
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
/**
@@ -39,7 +40,10 @@
* The default secureKeyword is REQUIRES_SECURE_CHANNEL.
*
* @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
*/
+@Deprecated
public class SecureChannelProcessor implements InitializingBean, ChannelProcessor {
private ChannelEntryPoint entryPoint = new RetryWithHttpsEntryPoint();