Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Include information about -parameters flag in 6.2 upgrade notes 

Closes gh-13552
This commit is contained in:
Marcus Da Coregio 2023-07-19 10:53:29 -03:00
parent 4c77a550ae
commit 5ceea9e2aa
3 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/modules/ROOT/nav.adoc
View File

@ -5,6 +5,7 @@
* xref:migration-7/index.adoc[Preparing for 7.0]
** xref:migration-7/configuration.adoc[Configuration]
* xref:migration/index.adoc[Migrating to 6.2]
** xref:migration/authorization.adoc[Authorization Changes]
* xref:getting-spring-security.adoc[Getting Spring Security]
* xref:features/index.adoc[Features]
** xref:features/authentication/index.adoc[Authentication]

24
docs/modules/ROOT/pages/migration/authorization.adoc Normal file
View File

@ -0,0 +1,24 @@
= Authorization Changes
The following sections relate to how to adapt to changes in the authorization support.
== Method Security
[[compile-with-parameters]]
=== Compile With `-parameters`
Spring Framework 6.1 https://github.com/spring-projects/spring-framework/issues/29559[removes LocalVariableTableParameterNameDiscoverer].
This affects how `@PreAuthorize` and other xref:servlet/authorization/method-security.adoc[method security] annotations will process parameter names.
If you are using method security annotations with parameter names, for example:
[source,java]
.Method security annotation using `id` parameter name
----
@PreAuthorize("@authz.checkPermission(#id, authentication)")
public void doSomething(Long id) {
// ...
}
----
You must compile with `-parameters` to ensure that the parameter names are available at runtime.
For more information about this, please visit the https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x#core-container[Upgrading to Spring Framework 6.1 page].

6
docs/modules/ROOT/pages/migration/index.adoc
View File

@ -15,3 +15,9 @@ Next, you should ensure you are on the latest patch release of Spring Security 6
Typically, the latest patch release of Spring Boot uses the latest patch release of Spring Security.
With those two steps complete, you can now update to Spring Security 6.2.
== Quick Reference
The following list provide a quick reference for the changes that are described in this guide.
- xref:migration/authorization.adoc#compile-with-parameters[You are using method parameter names in `@PreAuthorize`, `@PostAuthorize`, or any other method security annotations]