From 892bbcfe0f1ff364f75e279c5276a0e7782abfd3 Mon Sep 17 00:00:00 2001 From: Marcus Da Coregio Date: Wed, 21 Dec 2022 10:24:25 -0300 Subject: [PATCH] Add EnableWebFluxSecurity migration step Closes gh-12434 --- .../ROOT/pages/migration/reactive.adoc | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/docs/modules/ROOT/pages/migration/reactive.adoc b/docs/modules/ROOT/pages/migration/reactive.adoc index ed46de7633..b4da6efe4e 100644 --- a/docs/modules/ROOT/pages/migration/reactive.adoc +++ b/docs/modules/ROOT/pages/migration/reactive.adoc @@ -424,3 +424,47 @@ The method `setAllowMultipleAuthorizationRequests(...)` has no direct replacemen === `UnAuthenticatedServerOAuth2AuthorizedClientRepository` The class `UnAuthenticatedServerOAuth2AuthorizedClientRepository` has no direct replacement. Usage of the class can be replaced with `AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager`. + +== Add `@Configuration` to `@Enable*` annotations + +In 6.0, all Spring Security's `@Enable*` annotations had their `@Configuration` removed. +While convenient, it was not consistent with the rest of the Spring projects and most notably Spring Framework's `@Enable*` annotations. +Additionally, the introduction of support for `@Configuration(proxyBeanMethods=false)` in Spring Framework provides another reason to remove `@Configuration` meta-annotation from Spring Security's `@Enable*` annotations and allow users to opt into their preferred configuration mode. + +The following annotations had their `@Configuration` removed: + +- `@EnableGlobalAuthentication` +- `@EnableGlobalMethodSecurity` +- `@EnableMethodSecurity` +- `@EnableReactiveMethodSecurity` +- `@EnableWebSecurity` +- `@EnableWebFluxSecurity` + +For example, if you are using `@EnableWebFluxSecurity`, you will need to change: + +==== +.Java +[source,java,role="primary"] +---- +@EnableWebFluxSecurity +public class SecurityConfig { + // ... +} +---- +==== + +to: + +==== +.Java +[source,java,role="primary"] +---- +@Configuration +@EnableWebFluxSecurity +public class SecurityConfig { + // ... +} +---- +==== + +And the same applies to every other annotation listed above.