Polish Method Security Migration Steps
- Revert steps removed since implicitly included in preparation guide Issue gh-11337
This commit is contained in:
parent
e727ef3e86
commit
56482e25de
|
@ -47,7 +47,6 @@ include::partial$servlet/architecture/request-cache-continue.adoc[]
|
||||||
=== Use `AuthorizationManager` for Method Security
|
=== Use `AuthorizationManager` for Method Security
|
||||||
|
|
||||||
There are no further migration steps for this feature.
|
There are no further migration steps for this feature.
|
||||||
However, if you run into trouble with this enhancement, you can instead <<servlet-replace-methodsecurity-with-globalmethodsecurity,revert the behavior>>.
|
|
||||||
|
|
||||||
=== Use `AuthorizationManager` for Message Security
|
=== Use `AuthorizationManager` for Message Security
|
||||||
|
|
||||||
|
@ -80,8 +79,6 @@ There are no further migrations steps for Java or Kotlin for this feature.
|
||||||
|
|
||||||
=== Use `AuthorizationManager` for Method Security
|
=== Use `AuthorizationManager` for Method Security
|
||||||
|
|
||||||
If you run into trouble with this enhancement, you can instead <<reactive-change-to-useauthorizationmanager-false,revert the behavior>>.
|
|
||||||
|
|
||||||
In 6.0, `@EnableReactiveMethodSecurity` defaults `useAuthorizationManager` to `true`.
|
In 6.0, `@EnableReactiveMethodSecurity` defaults `useAuthorizationManager` to `true`.
|
||||||
So, to complete migration, {security-api-url}org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.html[`@EnableReactiveMethodSecurity`] remove the `useAuthorizationManager` attribute:
|
So, to complete migration, {security-api-url}org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.html[`@EnableReactiveMethodSecurity`] remove the `useAuthorizationManager` attribute:
|
||||||
|
|
||||||
|
@ -123,135 +120,4 @@ It's more important to stay on 6.0 and get the security improvements.
|
||||||
|
|
||||||
== Revert Servlet
|
== Revert Servlet
|
||||||
|
|
||||||
[[servlet-replace-methodsecurity-with-globalmethodsecurity]]
|
|
||||||
=== Don't Use `AuthorizationManager` in Method Security
|
|
||||||
|
|
||||||
To opt out of `AuthorizationManager` for Method Security, replace xref:servlet/authorization/method-security.adoc#jc-enable-method-security[method security] with xref:servlet/authorization/method-security.adoc#jc-enable-global-method-security[global method security]
|
|
||||||
|
|
||||||
For applications using xref:servlet/authorization/method-security.adoc#jc-enable-method-security[pre-post annotations], make sure to turn it on to reactivate the behavior.
|
|
||||||
|
|
||||||
For example, change:
|
|
||||||
|
|
||||||
====
|
|
||||||
.Java
|
|
||||||
[source,java,role="primary"]
|
|
||||||
----
|
|
||||||
@EnableMethodSecurity
|
|
||||||
----
|
|
||||||
|
|
||||||
.Kotlin
|
|
||||||
[source,kotlin,role="secondary"]
|
|
||||||
----
|
|
||||||
@EnableMethodSecurity
|
|
||||||
----
|
|
||||||
|
|
||||||
.Xml
|
|
||||||
[source,xml,role="secondary"]
|
|
||||||
----
|
|
||||||
<method-security/>
|
|
||||||
----
|
|
||||||
====
|
|
||||||
|
|
||||||
to:
|
|
||||||
|
|
||||||
====
|
|
||||||
.Java
|
|
||||||
[source,java,role="primary"]
|
|
||||||
----
|
|
||||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
|
||||||
----
|
|
||||||
|
|
||||||
.Kotlin
|
|
||||||
[source,kotlin,role="secondary"]
|
|
||||||
----
|
|
||||||
@EnableGlobalMethodSecurity(prePostEnabled = true)
|
|
||||||
----
|
|
||||||
|
|
||||||
.Xml
|
|
||||||
[source,xml,role="secondary"]
|
|
||||||
----
|
|
||||||
<global-method-security pre-post-enabled="true"/>
|
|
||||||
----
|
|
||||||
====
|
|
||||||
|
|
||||||
Other usages can simply change {security-api-url}org/springframework/security/config/annotation/method/configuration/EnableMethodSecurity.html[`@EnableMethodSecurity`] and xref:servlet/appendix/namespace/method-security.adoc#nsa-method-security[`<method-security>`] to {security-api-url}org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.html[`@EnableGlobalMethodSecurity`] and xref:servlet/appendix/namespace/method-security.adoc#nsa-global-method-security[`<global-method-security>`], like so:
|
|
||||||
|
|
||||||
====
|
|
||||||
.Java
|
|
||||||
[source,java,role="primary"]
|
|
||||||
----
|
|
||||||
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = false)
|
|
||||||
----
|
|
||||||
|
|
||||||
.Kotlin
|
|
||||||
[source,kotlin,role="secondary"]
|
|
||||||
----
|
|
||||||
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = false)
|
|
||||||
----
|
|
||||||
|
|
||||||
.Xml
|
|
||||||
[source,xml,role="secondary"]
|
|
||||||
----
|
|
||||||
<method-security secured-enabled="true" pre-post-enabled="false"/>
|
|
||||||
----
|
|
||||||
====
|
|
||||||
|
|
||||||
should change to:
|
|
||||||
|
|
||||||
====
|
|
||||||
.Java
|
|
||||||
[source,java,role="primary"]
|
|
||||||
----
|
|
||||||
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = false)
|
|
||||||
----
|
|
||||||
|
|
||||||
.Kotlin
|
|
||||||
[source,kotlin,role="secondary"]
|
|
||||||
----
|
|
||||||
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = false)
|
|
||||||
----
|
|
||||||
|
|
||||||
.Xml
|
|
||||||
[source,xml,role="secondary"]
|
|
||||||
----
|
|
||||||
<global-method-security secured-enabled="true" pre-post-enabled="false"/>
|
|
||||||
----
|
|
||||||
====
|
|
||||||
|
|
||||||
== Revert Reactive
|
== Revert Reactive
|
||||||
|
|
||||||
[[reactive-change-to-useauthorizationmanager-false]]
|
|
||||||
=== Don't Use `AuthorizationManager` in Method Security
|
|
||||||
|
|
||||||
To opt-out of {security-api-url}org/springframework/security/authorization/AuthorizationManager.html[`AuthorizationManager`] for reactive method security, add `useAuthorizationManager = false`:
|
|
||||||
|
|
||||||
====
|
|
||||||
.Java
|
|
||||||
[source,java,role="primary"]
|
|
||||||
----
|
|
||||||
@EnableReactiveMethodSecurity
|
|
||||||
----
|
|
||||||
|
|
||||||
.Kotlin
|
|
||||||
[source,kotlin,role="secondary"]
|
|
||||||
----
|
|
||||||
@EnableReactiveMethodSecurity
|
|
||||||
----
|
|
||||||
====
|
|
||||||
|
|
||||||
changes to:
|
|
||||||
|
|
||||||
====
|
|
||||||
.Java
|
|
||||||
[source,java,role="primary"]
|
|
||||||
----
|
|
||||||
@EnableReactiveMethodSecurity(useAuthorizationManager = false)
|
|
||||||
----
|
|
||||||
|
|
||||||
.Kotlin
|
|
||||||
[source,kotlin,role="secondary"]
|
|
||||||
----
|
|
||||||
@EnableReactiveMethodSecurity(useAuthorizationManager = false)
|
|
||||||
----
|
|
||||||
====
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue