From b4974bbce9a321278e513e4659efb1434a007b1d Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Fri, 28 Oct 2022 09:26:04 -0600 Subject: [PATCH] Polish Message Security Preparation Steps - Added step to declare the 5.8 default in case later preparation steps cannot be taken yet Issue gh-11337 --- docs/modules/ROOT/pages/migration.adoc | 32 ++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/docs/modules/ROOT/pages/migration.adoc b/docs/modules/ROOT/pages/migration.adoc index 376d0a6278..b2205efc30 100644 --- a/docs/modules/ROOT/pages/migration.adoc +++ b/docs/modules/ROOT/pages/migration.adoc @@ -216,6 +216,38 @@ If after moving to either you see ``AnnotationConfigurationException``s in your xref:servlet/integrations/websocket.adoc[Message Security] has been xref:servlet/integrations/websocket.adoc#websocket-configuration[improved] through {security-api-url}org/springframework/security/authorization/AuthorizationManager.html[the `AuthorizationManager` API] and direct use of Spring AOP. +==== Declare the 5.8 default + +In case you run into trouble with the ensuing steps and cannot use `AuthorizationManager` at this time, it's recommended as a first step to declare you are using the 5.8 default so that 5.8 behavior is preserved when you update. + +The only default to change for Method Security is if you are using `` in which case you will change: + +==== +.Xml +[source,xml,role="secondary"] +---- + + + + +---- +==== + +to: + +==== +.Xml +[source,xml,role="secondary"] +---- + + + + +---- +==== + +Later steps will turn this value back on, but now your code is minimally ready for upgrading in case you run into trouble with the remaining steps. + ==== Ensure all messages have defined authorization rules The now-deprecated {security-api-url}org/springframework/security/config/annotation/web/socket/AbstractSecurityWebSocketMessageBrokerConfigurer.html[message security support] permits all messages by default.