Deprecate ChannelDecisionManager

jzheaux · jzheaux · commit ab52fd858a73 · 2025-02-28T12:35:21.000-07:00
Closes gh-16681
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManager.java
@@ -23,12 +23,16 @@
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 
 /**
  * Decides whether a web channel provides sufficient security.
  *
  * @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
  */
+@Deprecated
 public interface ChannelDecisionManager {
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelDecisionManagerImpl.java
@@ -26,6 +26,7 @@
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
@@ -44,7 +45,10 @@
  * channel processors will be skipped (see SEC-494, SEC-335).
  *
  * @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
  */
+@Deprecated
 public class ChannelDecisionManagerImpl implements ChannelDecisionManager, InitializingBean {
 
 	public static final String ANY_CHANNEL = "ANY_CHANNEL";
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessingFilter.java
@@ -83,7 +83,9 @@
  * over HTTPS.
  *
  * @author Ben Alex
+ * @deprecated see {@link org.springframework.security.web.transport.HttpsRedirectFilter}
  */
+@Deprecated
 public class ChannelProcessingFilter extends GenericFilterBean {
 
 	private ChannelDecisionManager channelDecisionManager;
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/ChannelProcessor.java
@@ -23,6 +23,7 @@
 
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 
 /**
  * Decides whether a web channel meets a specific security condition.
@@ -34,7 +35,10 @@
  * themselves. The callers of the implementation do not take any action.
  *
  * @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
  */
+@Deprecated
 public interface ChannelProcessor {
 
 	/**
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/InsecureChannelProcessor.java
@@ -24,6 +24,7 @@
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
@@ -39,7 +40,10 @@
  * The default <code>insecureKeyword</code> is <code>REQUIRES_INSECURE_CHANNEL</code>.
  *
  * @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
  */
+@Deprecated
 public class InsecureChannelProcessor implements InitializingBean, ChannelProcessor {
 
 	private ChannelEntryPoint entryPoint = new RetryWithHttpEntryPoint();
diff --git a/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java b/web/src/main/java/org/springframework/security/web/access/channel/SecureChannelProcessor.java
@@ -24,6 +24,7 @@
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
 /**
@@ -39,7 +40,10 @@
  * The default <code>secureKeyword</code> is <code>REQUIRES_SECURE_CHANNEL</code>.
  *
  * @author Ben Alex
+ * @deprecated no replacement is planned, though consider using a custom
+ * {@link RequestMatcher} for any sophisticated decision-making
  */
+@Deprecated
 public class SecureChannelProcessor implements InitializingBean, ChannelProcessor {
 
 	private ChannelEntryPoint entryPoint = new RetryWithHttpsEntryPoint();

Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,9 @@`
`83`	`83`	`* over HTTPS.`
`84`	`84`	`*`
`85`	`85`	`* @author Ben Alex`
	`86`	`+ * @deprecated see {@link org.springframework.security.web.transport.HttpsRedirectFilter}`
`86`	`87`	`*/`
	`88`	`+@Deprecated`
`87`	`89`	`public class ChannelProcessingFilter extends GenericFilterBean {`
`88`	`90`
`89`	`91`	`private ChannelDecisionManager channelDecisionManager;`