From 1dd13e69a472e9cda79e8199c2ad37d6cfbaf84e Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Thu, 27 Oct 2022 10:34:20 -0600 Subject: [PATCH] Standardize Preparation Guide Layout Closes gh-12096 --- docs/modules/ROOT/pages/migration.adoc | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/docs/modules/ROOT/pages/migration.adoc b/docs/modules/ROOT/pages/migration.adoc index d9fca3aa19..52353959c9 100644 --- a/docs/modules/ROOT/pages/migration.adoc +++ b/docs/modules/ROOT/pages/migration.adoc @@ -34,8 +34,7 @@ xref:servlet/authorization/method-security.adoc[Method Security] has been xref:s ''' [[servlet-replace-globalmethodsecurity-with-methodsecurity]] -[%interactive] -* [ ] Replace xref:servlet/authorization/method-security.adoc#jc-enable-global-method-security[global method security] with xref:servlet/authorization/method-security.adoc#jc-enable-method-security[method security] +==== Replace xref:servlet/authorization/method-security.adoc#jc-enable-global-method-security[global method security] with xref:servlet/authorization/method-security.adoc#jc-enable-method-security[method security] {security-api-url}org/springframework/security/config/annotation/method/configuration/EnableGlobalMethodSecurity.html[`@EnableGlobalMethodSecurity`] and xref:servlet/appendix/namespace/method-security.adoc#nsa-global-method-security[``] are deprecated in favor of {security-api-url}org/springframework/security/config/annotation/method/configuration/EnableMethodSecurity.html[`@EnableMethodSecurity`] and xref:servlet/appendix/namespace/method-security.adoc#nsa-method-security[``], respectively. The new annotation and XML element activate Spring's xref:servlet/authorization/method-security.adoc#jc-enable-method-security[pre-post annotations] by default and use `AuthorizationManager` internally. @@ -133,8 +132,7 @@ should change to: ''' [[servlet-replace-permissionevaluator-bean-with-methodsecurityexpression-handler]] -[%interactive] -* [ ] Publish a `MethodSecurityExpressionHandler` instead of a `PermissionEvaluator` +==== Publish a `MethodSecurityExpressionHandler` instead of a `PermissionEvaluator` `@EnableMethodSecurity` does not pick up a `PermissionEvaluator`. This helps keep its API simple. @@ -194,8 +192,7 @@ companion object { ''' [[servlet-check-for-annotationconfigurationexceptions]] -[%interactive] -* [ ] Check for ``AnnotationConfigurationException``s +==== Check for ``AnnotationConfigurationException``s `@EnableMethodSecurity` and `` activate stricter enforcement of Spring Security's non-repeatable or otherwise incompatible annotations. If after moving to either you see ``AnnotationConfigurationException``s in your logs, follow the instructions in the exception message to clean up your application's method security annotation usage. @@ -209,8 +206,7 @@ xref:reactive/authorization/method.adoc[Method Security] has been xref:reactive/ ''' [[reactive-change-to-useauthorizationmanager]] -[%interactive] -* [ ] Change `useAuthorizationManager` to `true` +==== Change `useAuthorizationManager` to `true` In Spring Security 5.8, `useAuthorizationManager` was added to {security-api-url}org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.html[`@EnableReactiveMethodSecurity`] to allow applications to opt-in to ``AuthorizationManager``'s features. @@ -254,8 +250,7 @@ In 6.0, `useAuthorizationManager` defaults to `true`. ''' [[reactive-check-for-annotationconfigurationexceptions]] -[%interactive] -* [ ] Check for ``AnnotationConfigurationException``s +==== Check for ``AnnotationConfigurationException``s `useAuthorizationManager` activates stricter enforcement of Spring Security's non-repeatable or otherwise incompatible annotations. If after turning on `useAuthorizationManager` you see ``AnnotationConfigurationException``s in your logs, follow the instructions in the exception message to clean up your application's method security annotation usage.