CUBA-web 6.95 is still referring to a deprecated class cuba_AuthProviderFactory

In CUBA 6.9.5, the class CubaAuthProviderFactory has been deprecated.
However in cuba-web.jar ,its still using it in cuba-web-spring.xml.

This forces us to have to us the deprecated class to create our custom auth provider.

You cannot get rid of it because it is a part of compatibility layer with old AuthProvider interface. We are not going to remove it until 7.0+ version. By default it creates com.haulmont.cuba.web.auth.NoOpAuthProvider which does not perform authentication at all.

For custom authentication you can use new API: https://doc.cuba-platform.com/manual-6.9/web_login.html

I tried that way yesterday as per your suggestion.
However we configure the custom authentication in web-app.properties as below:

cuba.web.externalAuthenticationProviderClass= this is our custom authentication.

when we deploy it ,it will throw classcastException since the new custom authentication implements HttpRequestFilter which is not old AuthProvider interface implementation.

You should not use this property anymore. Use cuba.web.idp.enabled property to enable IDP and replace Spring beans if needed.

i do set that flag and add the below in web.xml

<servlet>
	<servlet-name>idp</servlet-name>
	<servlet-class>com.haulmont.idp.sys.CubaIdpServlet</servlet-class>
	<load-on-startup>3</load-on-startup>
</servlet>

<servlet-mapping>
	<servlet-name>idp</servlet-name>
	<url-pattern>/idp/*</url-pattern>
</servlet-mapping>

<filter>
	<filter-name>idpSpringSecurityFilterChain</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	<init-param>
		<param-name>contextAttribute</param-name>
		<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.idp</param-value>
	</init-param>
	<init-param>
		<param-name>targetBeanName</param-name>
		<param-value>springSecurityFilterChain</param-value>
	</init-param>
</filter>

<filter-mapping>
	<filter-name>idpSpringSecurityFilterChain</filter-name>
	<url-pattern>/idp/*</url-pattern>
</filter-mapping>

So for the custom authentication which implements HttpRequestFilter ,how can it be recognized by Spring?

You should simply replace IdpLoginHttpRequestFilter bean with ID cuba_IdpLoginHttpRequestFilter in web-spring.xml:

<bean id="cuba_IdpLoginHttpRequestFilter" class="your.custom.FilterClass"/>