Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Include information about -parameters flag in 6.2 upgrade notes 

Closes gh-13552
This commit is contained in:
Marcus Da Coregio 2023-07-19 10:53:29 -03:00
parent 4c77a550ae
commit 5ceea9e2aa
3 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/modules/ROOT/nav.adoc
View File

@ -5,6 +5,7 @@
* xref:migration-7/index.adoc[Preparing for 7.0] * xref:migration-7/index.adoc[Preparing for 7.0]
** xref:migration-7/configuration.adoc[Configuration] ** xref:migration-7/configuration.adoc[Configuration]
* xref:migration/index.adoc[Migrating to 6.2] * xref:migration/index.adoc[Migrating to 6.2]
** xref:migration/authorization.adoc[Authorization Changes]
* xref:getting-spring-security.adoc[Getting Spring Security] * xref:getting-spring-security.adoc[Getting Spring Security]
* xref:features/index.adoc[Features] * xref:features/index.adoc[Features]
** xref:features/authentication/index.adoc[Authentication] ** xref:features/authentication/index.adoc[Authentication]

24
docs/modules/ROOT/pages/migration/authorization.adoc Normal file
View File

@ -0,0 +1,24 @@
= Authorization Changes
The following sections relate to how to adapt to changes in the authorization support.
== Method Security
[[compile-with-parameters]]
=== Compile With `-parameters`
Spring Framework 6.1 https://github.com/spring-projects/spring-framework/issues/29559[removes LocalVariableTableParameterNameDiscoverer].
This affects how `@PreAuthorize` and other xref:servlet/authorization/method-security.adoc[method security] annotations will process parameter names.
If you are using method security annotations with parameter names, for example:
[source,java]
.Method security annotation using `id` parameter name
----
@PreAuthorize("@authz.checkPermission(#id, authentication)")
public void doSomething(Long id) {
// ...
}
----
You must compile with `-parameters` to ensure that the parameter names are available at runtime.
For more information about this, please visit the https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x#core-container[Upgrading to Spring Framework 6.1 page].

6
docs/modules/ROOT/pages/migration/index.adoc
View File

@ -15,3 +15,9 @@ Next, you should ensure you are on the latest patch release of Spring Security 6
Typically, the latest patch release of Spring Boot uses the latest patch release of Spring Security. Typically, the latest patch release of Spring Boot uses the latest patch release of Spring Security.
With those two steps complete, you can now update to Spring Security 6.2. With those two steps complete, you can now update to Spring Security 6.2.
== Quick Reference
The following list provide a quick reference for the changes that are described in this guide.
- xref:migration/authorization.adoc#compile-with-parameters[You are using method parameter names in `@PreAuthorize`, `@PostAuthorize`, or any other method security annotations]