From e900ca3a8621e94e8f44f01ad06f3e6dbc3eb84b Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Fri, 28 Oct 2022 09:46:48 -0600 Subject: [PATCH] Polish Method Security Preparation Steps - Add instruction to declare 5.8 defaults Issue gh-11337 --- docs/modules/ROOT/pages/migration.adoc | 45 ++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 7 deletions(-) diff --git a/docs/modules/ROOT/pages/migration.adoc b/docs/modules/ROOT/pages/migration.adoc index b2205efc30..beb2281245 100644 --- a/docs/modules/ROOT/pages/migration.adoc +++ b/docs/modules/ROOT/pages/migration.adoc @@ -519,11 +519,47 @@ xref:reactive/authorization/method.adoc[Method Security] has been xref:reactive/ ''' +In Spring Security 5.8, `useAuthorizationManager` was added to {security-api-url}org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.html[`@EnableReactiveMethodSecurity`] to allow applications to opt in to ``AuthorizationManager``'s features. + +==== Declare the 5.8 default + +First, declare the 5.8 default: + +==== +.Java +[source,java,role="primary"] +---- +@EnableReactiveMethodSecurity +---- + +.Kotlin +[source,kotlin,role="secondary"] +---- +@EnableReactiveMethodSecurity +---- +==== + +to: + +==== +.Java +[source,java,role="primary"] +---- +@EnableReactiveMethodSecurity(useAuthorizationManager = false) +---- + +.Kotlin +[source,kotlin,role="secondary"] +---- +@EnableReactiveMethodSecurity(useAuthorizationManager = false) +---- +==== + +This is helpful because, if the remaining preparation steps cannot be taken, you can still upgrade to 6.0 while keeping this feature as-is. + [[reactive-change-to-useauthorizationmanager]] ==== Change `useAuthorizationManager` to `true` -In Spring Security 5.8, `useAuthorizationManager` was added to {security-api-url}org/springframework/security/config/annotation/method/configuration/EnableReactiveMethodSecurity.html[`@EnableReactiveMethodSecurity`] to allow applications to opt-in to ``AuthorizationManager``'s features. - To opt in, change `useAuthorizationManager` to `true` like so: ==== @@ -556,11 +592,6 @@ changes to: ---- ==== -[NOTE] -===== -In 6.0, `useAuthorizationManager` defaults to `true`. -===== - ''' [[reactive-check-for-annotationconfigurationexceptions]]