spring-projects · rwinch · May 7, 2025 · Nov 14, 2023 · May 7, 2025
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/CookieCsrfTokenRepository.java
@@ -169,14 +169,6 @@ public void setCookieName(String cookieName) {
 		this.cookieName = cookieName;
 	}
 
-	/**
-	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
-	 */
-	@Deprecated(since = "6.1")
-	public void setCookieHttpOnly(boolean cookieHttpOnly) {
-		this.cookieHttpOnly = cookieHttpOnly;
-	}
-
 	private String getRequestContext(HttpServletRequest request) {
 		String contextPath = request.getContextPath();
 		return (contextPath.length() > 0) ? contextPath : "/";
@@ -230,32 +222,4 @@ public String getCookiePath() {
 		return this.cookiePath;
 	}
 
-	/**
-	 * @since 5.2
-	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
-	 */
-	@Deprecated(since = "6.1")
-	public void setCookieDomain(String cookieDomain) {
-		this.cookieDomain = cookieDomain;
-	}
-
-	/**
-	 * @since 5.4
-	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
-	 */
-	@Deprecated(since = "6.1")
-	public void setSecure(Boolean secure) {
-		this.secure = secure;
-	}
-
-	/**
-	 * @since 5.5
-	 * @deprecated Use {@link #setCookieCustomizer(Consumer)} instead.
-	 */
-	@Deprecated(since = "6.1")
-	public void setCookieMaxAge(int cookieMaxAge) {
-		Assert.isTrue(cookieMaxAge != 0, "cookieMaxAge cannot be zero");
-		this.cookieMaxAge = cookieMaxAge;
-	}
-
 }
diff --git a/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java b/web/src/test/java/org/springframework/security/web/csrf/CookieCsrfTokenRepositoryTests.java
@@ -112,7 +112,7 @@ void saveTokenSecure() {
 	@Test
 	void saveTokenSecureFlagTrue() {
 		this.request.setSecure(false);
-		this.repository.setSecure(Boolean.TRUE);
+		this.repository.setCookieCustomizer((cookie) -> cookie.secure(Boolean.TRUE));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -132,7 +132,7 @@ void saveTokenSecureFlagTrueUsingCustomizer() {
 	@Test
 	void saveTokenSecureFlagFalse() {
 		this.request.setSecure(true);
-		this.repository.setSecure(Boolean.FALSE);
+		this.repository.setCookieCustomizer((cookie) -> cookie.secure(Boolean.FALSE));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -163,7 +163,7 @@ void saveTokenNull() {
 
 	@Test
 	void saveTokenHttpOnlyTrue() {
-		this.repository.setCookieHttpOnly(true);
+		this.repository.setCookieCustomizer((cookie) -> cookie.httpOnly(true));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -181,7 +181,7 @@ void saveTokenHttpOnlyTrueUsingCustomizer() {
 
 	@Test
 	void saveTokenHttpOnlyFalse() {
-		this.repository.setCookieHttpOnly(false);
+		this.repository.setCookieCustomizer((cookie) -> cookie.httpOnly(false));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -239,7 +239,7 @@ void saveTokenNullCustomPath() {
 	@Test
 	void saveTokenWithCookieDomain() {
 		String domainName = "example.com";
-		this.repository.setCookieDomain(domainName);
+		this.repository.setCookieCustomizer((cookie) -> cookie.domain(domainName));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -259,7 +259,7 @@ void saveTokenWithCookieDomainUsingCustomizer() {
 	@Test
 	void saveTokenWithCookieMaxAge() {
 		int maxAge = 1200;
-		this.repository.setCookieMaxAge(maxAge);
+		this.repository.setCookieCustomizer((cookie) -> cookie.maxAge(maxAge));
 		CsrfToken token = this.repository.generateToken(this.request);
 		this.repository.saveToken(token, this.request, this.response);
 		Cookie tokenCookie = this.response.getCookie(CookieCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME);
@@ -504,9 +504,4 @@ void setHeaderNameNullIllegalArgumentException() {
 		assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setHeaderName(null));
 	}
 
-	@Test
-	void setCookieMaxAgeZeroIllegalArgumentException() {
-		assertThatIllegalArgumentException().isThrownBy(() -> this.repository.setCookieMaxAge(0));
-	}
-
 }