Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 09:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish Method Security Migration Steps

Browse Source 
Removed checkboxes when there is only one step
This commit is contained in:
Josh Cummings 2022-10-26 13:47:16 -06:00
parent d076ddb26c
commit 2b50aa3ae0
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 4 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/modules/ROOT/pages/migration.adoc
View File

@ -21,12 +21,8 @@ However, if you run into trouble with this enhancement, you can instead <<servle
If you run into trouble with this enhancement, you can instead <<reactive-change-to-useauthorizationmanager-false,revert the behavior>>. If you run into trouble with this enhancement, you can instead <<reactive-change-to-useauthorizationmanager-false,revert the behavior>>.
[[reactive-method-security-remove-useauthorizationmanager]] In 6.0, `@EnableReactiveMethodSecurity` defaults `useAuthorizationManager` to `true`.
[%interactive] So, to complete migration, {security-api-url}org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.html[`@EnableReactiveMethodSecurity`] remove the `useAuthorizationManager` attribute:
* [ ] Remove `useAuthorizationManager` usage from `@EnableReactiveMethodSecurity`
{security-api-url}org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.html[`@EnableReactiveMethodSecurity`] sets `useAuthorizationManager` to `true` by default.
Because of that, in 6.0 you can change:
==== ====
.Java .Java
@ -42,7 +38,7 @@ Because of that, in 6.0 you can change:
---- ----
==== ====
to: changes to:
==== ====
.Java .Java
@ -68,9 +64,7 @@ It's more important to stay on 6.0 and get the security improvements.
=== Don't Use `AuthorizationManager` in Method Security === Don't Use `AuthorizationManager` in Method Security
[[servlet-replace-methodsecurity-with-globalmethodsecurity]] To opt out of `AuthorizationManager` for Method Security, replace xref:servlet/authorization/method-security.adoc#jc-enable-method-security[method security] with xref:servlet/authorization/method-security.adoc#jc-enable-global-method-security[global method security]
[%interactive]
* [ ] Replace xref:servlet/authorization/method-security.adoc#jc-enable-method-security[method security] with xref:servlet/authorization/method-security.adoc#jc-enable-global-method-security[global method security]
For applications using xref:servlet/authorization/method-security.adoc#jc-enable-method-security[pre-post annotations], make sure to turn it on to reactivate the behavior. For applications using xref:servlet/authorization/method-security.adoc#jc-enable-method-security[pre-post annotations], make sure to turn it on to reactivate the behavior.
@ -166,10 +160,6 @@ should change to:
=== Don't Use `AuthorizationManager` in Method Security === Don't Use `AuthorizationManager` in Method Security
[[reactive-change-to-useauthorizationmanager-false]]
[%interactive]
* [ ] Change `useAuthorizationManager` to `false`
To opt-out of {security-api-url}org/springframework/security/authorization/AuthorizationManager.html[`AuthorizationManager`] for reactive method security, add `useAuthorizationManager = false`: To opt-out of {security-api-url}org/springframework/security/authorization/AuthorizationManager.html[`AuthorizationManager`] for reactive method security, add `useAuthorizationManager = false`:
==== ====