diff --git a/docs/modules/ROOT/pages/migration/reactive.adoc b/docs/modules/ROOT/pages/migration/reactive.adoc index b4da6efe4e..eab5e4e0a1 100644 --- a/docs/modules/ROOT/pages/migration/reactive.adoc +++ b/docs/modules/ROOT/pages/migration/reactive.adoc @@ -400,6 +400,58 @@ http { To opt-out of the 6.0 defaults and instead continue to pass `AuthenticationServiceException` on to ``ServerAuthenticationEntryPoint``s, you can follow the same steps as above, except set `rethrowAuthenticationServiceException` to false. +[[add-configuration-annotation]] +== Add `@Configuration` annotation + +In 6.0, `@Configuration` is removed from `@EnableWebFluxSecurity` and `@EnableReactiveMethodSecurity`. + +To prepare for this, wherever you are using one of these annotations, you may need to add `@Configuration`. +For example, `@EnableReactiveMethodSecurity` changes from: + +==== +.Java +[source,java,role="primary"] +---- +@EnableReactiveMethodSecurity +public class MyConfiguration { + // ... +} +---- + +.Kotlin +[source,java,role="primary"] +---- +@EnableReactiveMethodSecurity +open class MyConfiguration { + // ... +} +---- +==== + +to: + +==== +.Java +[source,java,role="primary"] +---- +@Configuration +@EnableReactiveMethodSecurity +public class MyConfiguration { + // ... +} +---- + +.Kotlin +[source,java,role="primary"] +---- +@Configuration +@EnableReactiveMethodSecurity +open class MyConfiguration { + // ... +} +---- +==== + == Address OAuth2 Client Deprecations === `ServerOAuth2AuthorizedClientExchangeFilterFunction` diff --git a/docs/modules/ROOT/pages/migration/servlet/config.adoc b/docs/modules/ROOT/pages/migration/servlet/config.adoc index 0d61382507..91c6aa10ba 100644 --- a/docs/modules/ROOT/pages/migration/servlet/config.adoc +++ b/docs/modules/ROOT/pages/migration/servlet/config.adoc @@ -2,6 +2,58 @@ The following steps relate to changes around how to configure `HttpSecurity`, `WebSecurity`, and `AuthenticationManager`. +[[add-configuration-annotation]] +== Add `@Configuration` annotation + +In 6.0, `@Configuration` is removed from `@EnableWebSecurity`, `@EnableMethodSecurity`, `@EnableGlobalMethodSecurity`, and `@EnableGlobalAuthentication`. + +To prepare for this, wherever you are using one of these annotations, you may need to add `@Configuration`. +For example, `@EnableMethodSecurity` changes from: + +==== +.Java +[source,java,role="primary"] +---- +@EnableMethodSecurity +public class MyConfiguration { + // ... +} +---- + +.Kotlin +[source,java,role="primary"] +---- +@EnableMethodSecurity +open class MyConfiguration { + // ... +} +---- +==== + +to: + +==== +.Java +[source,java,role="primary"] +---- +@Configuration +@EnableMethodSecurity +public class MyConfiguration { + // ... +} +---- + +.Kotlin +[source,java,role="primary"] +---- +@Configuration +@EnableMethodSecurity +open class MyConfiguration { + // ... +} +---- +==== + [[use-new-requestmatchers]] == Use the new `requestMatchers` methods