Spring 3.1 - Deprecated warnings in XML configuration file

[paulkuhn]

Hi all,

I am trying to migrate Spring Security in a Web application from 3.0.7 to 3.1.
Everything is fine, however in STS 2.8.1 I receive a bunch of Warnings in the Security XML configuration file.

These are the warnings:

• Method 'setAuthenticationEntryPoint' is marked deprecated
• Method 'setAuthenticationManager' is marked deprecated
• Method 'setKey' is marked deprecated
• Method 'setLoginFormUrl' is marked deprecated
• Method 'setRequestCache' is marked deprecated
• Method 'setSecurityContextRepository' is marked deprecated
• Method 'setSessionAuthenticationStrategy' is marked deprecated
• Method 'setUserAttribute' is marked deprecated

Here is the file:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
		http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security-3.1.xsd">


	<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />

	<global-method-security secured-annotations="enabled" />

	<http auto-config="true" access-denied-page="/accessDenied">

		<form-login login-page="/login" default-target-url="/log/viewLogs" authentication-failure-url="/login?login_error=1" />

		<logout logout-success-url="/logout" />

		<session-management invalid-session-url="/login">
			<concurrency-control max-sessions="1" expired-url="/sessionTimeout" error-if-maximum-exceeded="true" />
		</session-management>

		<http-basic />

		<anonymous enabled="true" granted-authority="ROLE_ANONYMOUS" username="Anonymous_User" />

		<intercept-url pattern="/log/**" access="ROLE_USER,ROLE_ADMIN" />
	</http>
	
</beans:beans>

Any idea what I am missing the configuration or what I did wrong? The warnings were not there in Spring Security 3.0.7.

Thanks a lot.
Paul