Remove deprecated elements from DaoAuthenticationProvider

Closes gh-17298

Signed-off-by: Tran Ngoc Nhan <[email protected]>

Author: ngocnhan-tran1996

config/src/main/java/org/springframework/security/config/authentication/AbstractUserDetailsServiceBeanDefinitionParser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@
 
 import org.springframework.beans.factory.BeanDefinitionStoreException;
 import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.parsing.BeanComponentDefinition;
 import org.springframework.beans.factory.support.AbstractBeanDefinition;
@@ -73,8 +74,10 @@ private String resolveId(Element element, AbstractBeanDefinition definition, Par
 			if (!StringUtils.hasText(id)) {
 				id = pc.getReaderContext().generateBeanName(definition);
 			}
+			ValueHolder userDetailsServiceValueHolder = new ValueHolder(new RuntimeBeanReference(id));
+			userDetailsServiceValueHolder.setName("userDetailsService");
 			BeanDefinition container = pc.getContainingBeanDefinition();
-			container.getPropertyValues().add("userDetailsService", new RuntimeBeanReference(id));
+			container.getConstructorArgumentValues().addGenericArgumentValue(userDetailsServiceValueHolder);
 		}
 		if (StringUtils.hasText(id)) {
 			return id;

config/src/main/java/org/springframework/security/config/authentication/AuthenticationProviderBeanDefinitionParser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,6 +20,7 @@
 
 import org.springframework.beans.BeanMetadataElement;
 import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.beans.factory.config.ConstructorArgumentValues.ValueHolder;
 import org.springframework.beans.factory.config.RuntimeBeanReference;
 import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
@@ -64,7 +65,9 @@ public BeanDefinition parse(Element element, ParserContext pc) {
 							+ "elements '" + Elements.USER_SERVICE + "', '" + Elements.JDBC_USER_SERVICE + "' or '"
 							+ Elements.LDAP_USER_SERVICE + "'", element);
 			}
-			authProvider.getPropertyValues().add("userDetailsService", new RuntimeBeanReference(ref));
+			ValueHolder userDetailsServiceValueHolder = new ValueHolder(new RuntimeBeanReference(ref));
+			userDetailsServiceValueHolder.setName("userDetailsService");
+			authProvider.getConstructorArgumentValues().addGenericArgumentValue(userDetailsServiceValueHolder);
 		}
 		else {
 			// Use the child elements to create the UserDetailsService

config/src/test/java/org/springframework/security/config/annotation/authentication/AuthenticationManagerBuilderTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -241,8 +241,7 @@ AuthenticationManager authenticationManager() throws Exception {
 
 		@Bean
 		AuthenticationProvider authenticationProvider() throws Exception {
-			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-			provider.setUserDetailsService(userDetailsService());
+			DaoAuthenticationProvider provider = new DaoAuthenticationProvider(userDetailsService());
 			return provider;
 		}
 

config/src/test/java/org/springframework/security/config/annotation/authentication/NamespaceAuthenticationProviderTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -74,9 +74,7 @@ void configure(AuthenticationManagerBuilder auth) {
 
 		@Bean
 		DaoAuthenticationProvider authenticationProvider() {
-			DaoAuthenticationProvider result = new DaoAuthenticationProvider();
-			result.setUserDetailsService(new InMemoryUserDetailsManager(PasswordEncodedUser.user()));
-			return result;
+			return new DaoAuthenticationProvider(new InMemoryUserDetailsManager(PasswordEncodedUser.user()));
 		}
 
 	}

config/src/test/java/org/springframework/security/config/annotation/authentication/configuration/AuthenticationConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -503,8 +503,7 @@ public void configure(AuthenticationManagerBuilder auth) {
 			UserDetails user = User.withUserDetails(PasswordEncodedUser.user()).username("boot").build();
 			List<UserDetails> users = Arrays.asList(user);
 			InMemoryUserDetailsManager inMemory = new InMemoryUserDetailsManager(users);
-			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-			provider.setUserDetailsService(inMemory);
+			DaoAuthenticationProvider provider = new DaoAuthenticationProvider(inMemory);
 			auth.authenticationProvider(provider);
 		}
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -378,8 +378,8 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		@Autowired
 		void configure(AuthenticationManagerBuilder auth) {
 			User user = (User) PasswordEncodedUser.user();
-			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-			provider.setUserDetailsService(new InMemoryUserDetailsManager(Collections.singletonList(user)));
+			DaoAuthenticationProvider provider = new DaoAuthenticationProvider(
+					new InMemoryUserDetailsManager(Collections.singletonList(user)));
 			// @formatter:off
 			auth
 				.authenticationProvider(provider);

config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -269,8 +269,7 @@ UserDetailsService userDetailsService() {
 
 		@Bean
 		AuthenticationManager customAuthenticationManager(UserDetailsService userDetailsService) {
-			DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
-			provider.setUserDetailsService(userDetailsService);
+			DaoAuthenticationProvider provider = new DaoAuthenticationProvider(userDetailsService);
 			return provider::authenticate;
 		}
 

config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-Sec750.xml

@@ -34,7 +34,7 @@
 	</authentication-manager>
 
 	<b:bean name="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
-		<b:property name="userDetailsService" ref="userService"/>
+		<b:constructor-arg name="userDetailsService" ref="userService"/>
 	</b:bean>
 
 	<b:bean name="userService" class="org.mockito.Mockito" factory-method="mock">

core/src/main/java/org/springframework/security/authentication/dao/DaoAuthenticationProvider.java

@@ -68,31 +68,11 @@ public class DaoAuthenticationProvider extends AbstractUserDetailsAuthentication
 
 	private CompromisedPasswordChecker compromisedPasswordChecker;
 
-	/**
-	 * @deprecated Please provide the {@link UserDetailsService} in the constructor
-	 */
-	@Deprecated
-	public DaoAuthenticationProvider() {
-	}
-
 	public DaoAuthenticationProvider(UserDetailsService userDetailsService) {
-		setUserDetailsService(userDetailsService);
-	}
-
-	/**
-	 * Creates a new instance using the provided {@link PasswordEncoder}
-	 * @param passwordEncoder the {@link PasswordEncoder} to use. Cannot be null.
-	 * @since 6.0.3
-	 * @deprecated Please provide the {@link UserDetailsService} in the constructor
-	 * followed by {@link #setPasswordEncoder(PasswordEncoder)} instead
-	 */
-	@Deprecated
-	public DaoAuthenticationProvider(PasswordEncoder passwordEncoder) {
-		setPasswordEncoder(passwordEncoder);
+		this.userDetailsService = userDetailsService;
 	}
 
 	@Override
-	@SuppressWarnings("deprecation")
 	protected void additionalAuthenticationChecks(UserDetails userDetails,
 			UsernamePasswordAuthenticationToken authentication) throws AuthenticationException {
 		if (authentication.getCredentials() == null) {
@@ -185,15 +165,6 @@ protected PasswordEncoder getPasswordEncoder() {
 		return this.passwordEncoder.get();
 	}
 
-	/**
-	 * @param userDetailsService
-	 * @deprecated Please provide the {@link UserDetailsService} in the constructor
-	 */
-	@Deprecated
-	public void setUserDetailsService(UserDetailsService userDetailsService) {
-		this.userDetailsService = userDetailsService;
-	}
-
 	protected UserDetailsService getUserDetailsService() {
 		return this.userDetailsService;
 	}