{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Fickle 薄情 的问题《Spring Security 3.2.0.RC1 - <http> element and dep》','https://www.manongdao.com/q-787874.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
After upgrading to Spring Security 3.2.0.RC1 I'm getting the warning "Method 'setFilterProcessesUrl' is marked deprecated" for <http auto-config="true"> in my xml config. I get this warning even for a very simple configuration:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true">
<intercept-url pattern="/myurl*" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user1" password="12345" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
According to Spring Security 3.2 API documentation setFilterProcessesUrl is deprecated and setRequiresAuthenticationRequestMatcher(RequestMatcher) should be used instead. How can I change this basic XML configuration, so it doesn't use deprecated methods? I'm using Eclipse Kepler with Spring Tool Suite plugin.
UPDATE:
If I remove <http auto-config="true"> and add <form-login /> to the http element
<http>
<intercept-url pattern="/myurl*" access="ROLE_USER" />
<form-login />
</http>
I also get the "Method 'setFilterProcessesUrl' is marked deprecated" warning and if I add <logout /> I get the same warning the second time.
On the other hand, if I replace <form-login /> and <logout /> with <http-basic /> the warnings go away.
Fixed in Spring Security 3.2.1. The warnings were caused by XML namespace using a deprecated method. https://jira.springsource.org/browse/SEC-2455
If you are using the namespace then an IDE error like this doesn't really matter, since you can guarantee that Spring Security will support the feature. You aren't actually using the method yourself.
auto-configis a bad idea generally. Someone looking at that configuration won't easily know what it actually does. Do you really want basic authentication, for example? You are best to removeauto-configand explicitly add the features you want.