Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Message Security Cleanup Steps 

Issue gh-11337
This commit is contained in:
Josh Cummings 2022-10-28 09:17:58 -06:00
parent 1109808ba7
commit f2fc2f9a2b
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/modules/ROOT/pages/migration.adoc
View File

@ -49,6 +49,33 @@ include::partial$servlet/architecture/request-cache-continue.adoc[]
There are no further migration steps for this feature.
However, if you run into trouble with this enhancement, you can instead <<servlet-replace-methodsecurity-with-globalmethodsecurity,revert the behavior>>.
=== Use `AuthorizationManager` for Message Security
In 6.0, `<websocket-message-broker>` defaults `use-authorization-manager` to `true`.
So, to complete migration, remove any `websocket-message-broker@use-authorization-manager=true` attribute.
For example:
====
.Xml
[source,xml,role="primary"]
----
<websocket-message-broker use-authorization-manager="true"/>
----
====
changes to:
====
.Xml
[source,xml,role="primary"]
----
<websocket-message-broker/>
----
====
There are no further migrations steps for Java or Kotlin for this feature.
== Reactive
=== Use `AuthorizationManager` for Method Security