|
This version is still in development and is not considered stable yet. For the latest stable version, please use Spring Security 6.3.11! |
Authorization Migrations
The following steps relate to how to finish migrating authorization support.
Use AuthorizationManager for Message Security
In 6.0, <websocket-message-broker> defaults use-authorization-manager to true.
So, to complete migration, remove any websocket-message-broker@use-authorization-manager=true attribute.
For example:
-
Xml
<websocket-message-broker use-authorization-manager="true"/>changes to:
-
Xml
<websocket-message-broker/>There are no further migrations steps for Java or Kotlin for this feature.
Use AuthorizationManager for Request Security
In 6.0, <http> defaults once-per-request to false, filter-all-dispatcher-types to true, and use-authorization-manager to true.
Also, authorizeRequests#filterSecurityInterceptorOncePerRequest defaults to false and authorizeHttpRequests#filterAllDispatcherTypes defaults to true.
So, to complete migration, any defaults values can be removed.
For example, if you opted in to the 6.0 default for filter-all-dispatcher-types or authorizeHttpRequests#filterAllDispatcherTypes like so:
-
Java
-
Kotlin
-
Xml
http
.authorizeHttpRequests((authorize) -> authorize
.filterAllDispatcherTypes(true)
// ...
)http {
authorizeHttpRequests {
filterAllDispatcherTypes = true
// ...
}
}<http use-authorization-manager="true" filter-all-dispatcher-types="true"/>then the defaults may be removed:
-
Java
-
Kotlin
-
Xml
http
.authorizeHttpRequests((authorize) -> authorize
// ...
)http {
authorizeHttpRequests {
// ...
}
}<http/>|
|
