Remove deprecated API for removal.

Closes gh-729

Author: mp911de

spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdAuthentication.java

@@ -39,7 +39,7 @@
  * ID</a>
  * @deprecated since 2.2. Use {@link AppRoleAuthentication}.
  */
-@Deprecated
+@Deprecated(since = "2.2", forRemoval = true)
 public class AppIdAuthentication implements ClientAuthentication, AuthenticationStepsFactory {
 
 	private static final Log logger = LogFactory.getLog(AppIdAuthentication.class);

spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdAuthenticationOptions.java

@@ -30,7 +30,7 @@
  * @see #builder()
  * @deprecated since 2.2. Use {@link AppRoleAuthentication}.
  */
-@Deprecated
+@Deprecated(since = "2.2", forRemoval = true)
 public class AppIdAuthenticationOptions {
 
 	public static final String DEFAULT_APPID_AUTHENTICATION_PATH = "app-id";

spring-vault-core/src/main/java/org/springframework/vault/authentication/AppIdUserIdMechanism.java

@@ -24,7 +24,7 @@
  * @see AppIdAuthentication
  * @deprecated since 2.2. Use {@link AppRoleAuthentication}.
  */
-@Deprecated
+@Deprecated(since = "2.2", forRemoval = true)
 @FunctionalInterface
 public interface AppIdUserIdMechanism {
 

spring-vault-core/src/main/java/org/springframework/vault/authentication/AppRoleAuthenticationOptions.java

@@ -65,24 +65,14 @@ public class AppRoleAuthenticationOptions {
 	 */
 	private final UnwrappingEndpoints unwrappingEndpoints;
 
-	/**
-	 * Token associated for pull mode (retrieval of secretId/roleId).
-	 * @deprecated since 2.0, use {@link RoleId#pull(VaultToken)}/
-	 * {@link SecretId#pull(VaultToken)} to configure pull mode for roleId/secretId.
-	 */
-	@Nullable
-	@Deprecated
-	private final VaultToken initialToken;
-
 	private AppRoleAuthenticationOptions(String path, RoleId roleId, SecretId secretId, @Nullable String appRole,
-			UnwrappingEndpoints unwrappingEndpoints, @Nullable VaultToken initialToken) {
+			UnwrappingEndpoints unwrappingEndpoints) {
 
 		this.path = path;
 		this.roleId = roleId;
 		this.secretId = secretId;
 		this.appRole = appRole;
 		this.unwrappingEndpoints = unwrappingEndpoints;
-		this.initialToken = initialToken;
 	}
 
 	/**
@@ -130,18 +120,6 @@ public UnwrappingEndpoints getUnwrappingEndpoints() {
 		return this.unwrappingEndpoints;
 	}
 
-	/**
-	 * @return the initial token for roleId/secretId retrieval in pull mode.
-	 * @since 1.1
-	 * @deprecated since 2.0, use {@link #getRoleId()}/{@link #getSecretId()} to obtain
-	 * configuration modes (pull/wrapped) for an AppRole token.
-	 */
-	@Nullable
-	@Deprecated
-	public VaultToken getInitialToken() {
-		return this.initialToken;
-	}
-
 	/**
 	 * Builder for {@link AppRoleAuthenticationOptions}.
 	 */
@@ -166,10 +144,6 @@ public static class AppRoleAuthenticationOptionsBuilder {
 
 		private UnwrappingEndpoints unwrappingEndpoints = UnwrappingEndpoints.SysWrapping;
 
-		@Nullable
-		@Deprecated
-		private VaultToken initialToken;
-
 		AppRoleAuthenticationOptionsBuilder() {
 		}
 
@@ -201,22 +175,6 @@ public AppRoleAuthenticationOptionsBuilder roleId(RoleId roleId) {
 			return this;
 		}
 
-		/**
-		 * Configure the RoleId.
-		 * @param roleId must not be empty or {@literal null}.
-		 * @return {@code this} {@link AppRoleAuthenticationOptionsBuilder}.
-		 * @deprecated since 2.0, use
-		 * {@link #roleId(AppRoleAuthenticationOptions.RoleId)}.
-		 */
-		@Deprecated
-		public AppRoleAuthenticationOptionsBuilder roleId(String roleId) {
-
-			Assert.hasText(roleId, "RoleId must not be empty");
-
-			this.providedRoleId = roleId;
-			return this;
-		}
-
 		/**
 		 * Configure a {@code secretId}.
 		 * @param secretId must not be empty or {@literal null}.
@@ -231,22 +189,6 @@ public AppRoleAuthenticationOptionsBuilder secretId(SecretId secretId) {
 			return this;
 		}
 
-		/**
-		 * Configure a {@code secretId}.
-		 * @param secretId must not be empty or {@literal null}.
-		 * @return {@code this} {@link AppRoleAuthenticationOptionsBuilder}.
-		 * @deprecated since 2.0, use
-		 * {@link #secretId(AppRoleAuthenticationOptions.SecretId)}.
-		 */
-		@Deprecated
-		public AppRoleAuthenticationOptionsBuilder secretId(String secretId) {
-
-			Assert.hasText(secretId, "SecretId must not be empty");
-
-			this.providedSecretId = secretId;
-			return this;
-		}
-
 		/**
 		 * Configure a {@code appRole}.
 		 * @param appRole must not be empty or {@literal null}.
@@ -275,28 +217,10 @@ public AppRoleAuthenticationOptionsBuilder unwrappingEndpoints(UnwrappingEndpoin
 			return this;
 		}
 
-		/**
-		 * Configure a {@code initialToken}.
-		 * @param initialToken must not be empty or {@literal null}.
-		 * @return {@code this} {@link AppRoleAuthenticationOptionsBuilder}.
-		 * @since 1.1
-		 * @deprecated since 2.0, use
-		 * {@link #roleId(AppRoleAuthenticationOptions.RoleId)}/{@link #secretId(AppRoleAuthenticationOptions.SecretId)}
-		 * to configure pull mode.
-		 */
-		@Deprecated
-		public AppRoleAuthenticationOptionsBuilder initialToken(VaultToken initialToken) {
-
-			Assert.notNull(initialToken, "InitialToken must not be null");
-
-			this.initialToken = initialToken;
-			return this;
-		}
-
 		/**
 		 * Build a new {@link AppRoleAuthenticationOptions} instance. Requires
-		 * {@link #roleId(String)} for push mode or {@link #appRole(String)} and
-		 * {@link #initialToken(VaultToken)} for pull mode to be configured.
+		 * {@link #roleId(RoleId)} for push mode or {@link #appRole(String)} and
+		 * {@link #secretId SecretId.pull(VaultToken)} for pull mode to be configured.
 		 * @return a new {@link AppRoleAuthenticationOptions}.
 		 */
 		public AppRoleAuthenticationOptions build() {
@@ -308,25 +232,16 @@ public AppRoleAuthenticationOptions build() {
 				if (this.providedSecretId != null) {
 					secretId(SecretId.provided(this.providedSecretId));
 				}
-				else if (this.initialToken != null) {
-					secretId(SecretId.pull(this.initialToken));
-				}
 				else {
 					secretId(SecretId.absent());
 				}
 			}
 
 			if (this.roleId == null) {
 
-				if (this.providedRoleId != null) {
-					roleId(RoleId.provided(this.providedRoleId));
-				}
-				else {
-
-					Assert.notNull(this.initialToken,
-							"AppRole authentication configured for pull mode. InitialToken must not be null (pull mode)");
-					roleId(RoleId.pull(this.initialToken));
-				}
+				Assert.notNull(this.providedRoleId,
+						"AppRole authentication configured for pull mode. Role Identifier must be provided.");
+				roleId(RoleId.provided(this.providedRoleId));
 			}
 
 			if (this.roleId instanceof Pull || this.secretId instanceof Pull) {
@@ -335,7 +250,7 @@ else if (this.initialToken != null) {
 			}
 
 			return new AppRoleAuthenticationOptions(this.path, this.roleId, this.secretId, this.appRole,
-					this.unwrappingEndpoints, this.initialToken);
+					this.unwrappingEndpoints);
 		}
 
 	}

spring-vault-core/src/main/java/org/springframework/vault/authentication/AwsIamAuthenticationOptions.java

@@ -138,17 +138,6 @@ public String getServerId() {
 		return this.serverId;
 	}
 
-	/**
-	 * @return Server name to mitigate risk of replay attacks, preferably set to Vault
-	 * server's DNS name, may be {@literal null}.
-	 * @deprecated since 2.0, renamed to {@link #getServerId()}.
-	 */
-	@Nullable
-	@Deprecated
-	public String getServerName() {
-		return this.serverId;
-	}
-
 	/**
 	 * @return STS server URI.
 	 */

spring-vault-core/src/main/java/org/springframework/vault/authentication/GcpIamAuthentication.java

@@ -68,7 +68,7 @@
  * projects.serviceAccounts.signJwt</a>
  * @deprecated since 2.3.2, use {@link GcpIamCredentialsAuthentication} instead.
  */
-@Deprecated
+@Deprecated(since = "2.3.2", forRemoval = true)
 public class GcpIamAuthentication extends GcpJwtAuthenticationSupport implements ClientAuthentication {
 
 	private static final String SCOPE = "https://www.googleapis.com/auth/iam";

spring-vault-core/src/main/java/org/springframework/vault/authentication/GcpIamAuthenticationOptions.java

@@ -38,7 +38,7 @@
  * @since 2.1
  * @deprecated since 2.3.2
  */
-@Deprecated
+@Deprecated(since = "2.3.2", forRemoval = true)
 public class GcpIamAuthenticationOptions extends GcpIamAuthenticationSupport {
 
 	public static final String DEFAULT_GCP_AUTHENTICATION_PATH = "gcp";

spring-vault-core/src/main/java/org/springframework/vault/support/Policy.java

@@ -548,7 +548,7 @@ public enum BuiltinCapabilities implements Capability {
 		 * {@link #CREATE} and {@link #UPDATE}.
 		 * @deprecated since 2.3 and Vault 0.5.
 		 */
-		@Deprecated
+		@Deprecated(since = "2.3")
 		WRITE,
 
 		/**

spring-vault-core/src/main/java/org/springframework/vault/support/SslConfiguration.java

@@ -68,25 +68,6 @@ public class SslConfiguration {
 
 	private final List<String> enabledCipherSuites;
 
-	/**
-	 * Create a new {@link SslConfiguration} with the default {@link KeyStore} type.
-	 * @param keyStore the key store resource, must not be {@literal null}.
-	 * @param keyStorePassword the key store password.
-	 * @param trustStore the trust store resource, must not be {@literal null}.
-	 * @param trustStorePassword the trust store password.
-	 * @deprecated Since 1.1, use
-	 * {@link #SslConfiguration(KeyStoreConfiguration, KeyStoreConfiguration)} to prevent
-	 * {@link String} interning and retaining passwords represented as String longer from
-	 * GC than necessary.
-	 */
-	@Deprecated
-	public SslConfiguration(Resource keyStore, @Nullable String keyStorePassword, Resource trustStore,
-			@Nullable String trustStorePassword) {
-
-		this(new KeyStoreConfiguration(keyStore, charsOrNull(keyStorePassword), DEFAULT_KEYSTORE_TYPE),
-				new KeyStoreConfiguration(trustStore, charsOrNull(trustStorePassword), DEFAULT_KEYSTORE_TYPE));
-	}
-
 	/**
 	 * Create a new {@link SslConfiguration}.
 	 * @param keyStoreConfiguration the key store configuration, must not be
@@ -174,23 +155,6 @@ public SslConfiguration(KeyStoreConfiguration keyStoreConfiguration, KeyStoreCon
 				enabledCipherSuites);
 	}
 
-	/**
-	 * Create a new {@link SslConfiguration} for the given trust store with the default
-	 * {@link KeyStore} type.
-	 * @param trustStore resource pointing to an existing trust store, must not be
-	 * {@literal null}.
-	 * @param trustStorePassword may be {@literal null}.
-	 * @return the created {@link SslConfiguration}.
-	 * @see java.security.KeyStore
-	 * @deprecated Since 1.1, use {@link #forTrustStore(Resource, char[])} to prevent
-	 * {@link String} interning and retaining passwords represented as String longer from
-	 * GC than necessary.
-	 */
-	@Deprecated
-	public static SslConfiguration forTrustStore(Resource trustStore, @Nullable String trustStorePassword) {
-		return forTrustStore(trustStore, charsOrNull(trustStorePassword));
-	}
-
 	/**
 	 * Create a new {@link SslConfiguration} for the given trust store with the default
 	 * {@link KeyStore} type.
@@ -222,23 +186,6 @@ public static SslConfiguration forTrustStore(KeyStoreConfiguration trustStore) {
 		return unconfigured().withTrustStore(trustStore);
 	}
 
-	/**
-	 * Create a new {@link SslConfiguration} for the given key store with the default
-	 * {@link KeyStore} type.
-	 * @param keyStore resource pointing to an existing key store, must not be
-	 * {@literal null}.
-	 * @param keyStorePassword may be {@literal null}.
-	 * @return the created {@link SslConfiguration}.
-	 * @see java.security.KeyStore
-	 * @deprecated Since 1.1, use {@link #forKeyStore(Resource, char[])} to prevent
-	 * {@link String} interning and retaining passwords represented as String longer from
-	 * GC than necessary.
-	 */
-	@Deprecated
-	public static SslConfiguration forKeyStore(Resource keyStore, @Nullable String keyStorePassword) {
-		return forKeyStore(keyStore, charsOrNull(keyStorePassword));
-	}
-
 	/**
 	 * Create a new {@link SslConfiguration} for the given key store with the default
 	 * {@link KeyStore} type.
@@ -304,27 +251,6 @@ public static SslConfiguration forKeyStore(Resource keyStore, @Nullable char[] k
 				keyConfiguration, KeyStoreConfiguration.unconfigured());
 	}
 
-	/**
-	 * Create a new {@link SslConfiguration} for the given truststore with the default
-	 * {@link KeyStore} type.
-	 * @param keyStore resource pointing to an existing keystore, must not be
-	 * {@literal null}.
-	 * @param keyStorePassword may be {@literal null}.
-	 * @param trustStore resource pointing to an existing trust store, must not be
-	 * {@literal null}.
-	 * @param trustStorePassword may be {@literal null}.
-	 * @return the created {@link SslConfiguration}.
-	 * @see java.security.KeyStore
-	 * @deprecated Since 1.1, use {@link #create(Resource, char[], Resource, char[])} to
-	 * prevent {@link String} interning and retaining passwords represented as String
-	 * longer from GC than necessary.
-	 */
-	@Deprecated
-	public SslConfiguration create(Resource keyStore, @Nullable String keyStorePassword, Resource trustStore,
-			@Nullable String trustStorePassword) {
-		return create(keyStore, charsOrNull(keyStorePassword), trustStore, charsOrNull(trustStorePassword));
-	}
-
 	/**
 	 * Create a new {@link SslConfiguration} for the given truststore with the default
 	 * {@link KeyStore} type.

spring-vault-core/src/main/java/org/springframework/vault/support/VaultSignRequest.java

@@ -89,7 +89,7 @@ public String getSignatureAlgorithm() {
 	 * default algorithm.
 	 * @deprecated since 2.4, use {@link #getSignatureAlgorithm()} instead.
 	 */
-	@Deprecated
+	@Deprecated(since = "2.4")
 	@Nullable
 	public String getAlgorithm() {
 		return getSignatureAlgorithm();
@@ -159,7 +159,7 @@ public VaultSignRequestBuilder signatureAlgorithm(String signatureAlgorithm) {
 		 * @return {@code this} {@link VaultSignRequestBuilder}.
 		 * @deprecated since 2.4, use {@link #signatureAlgorithm(String)} instead.
 		 */
-		@Deprecated
+		@Deprecated(since = "2.4")
 		public VaultSignRequestBuilder algorithm(String algorithm) {
 			return signatureAlgorithm(algorithm);
 		}