GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add Message Security Cleanup Steps 

Issue gh-11337
pull/12103/head
Josh Cummings 3 years ago
parent
1109808ba7
commit
f2fc2f9a2b
No known key found for this signature in database
GPG Key ID: A306A51F43B8E5A5
1 changed files with 27 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      docs/modules/ROOT/pages/migration.adoc

27
docs/modules/ROOT/pages/migration.adoc
Unescape View File

@ -49,6 +49,33 @@ include::partial$servlet/architecture/request-cache-continue.adoc[] @@ -49,6 +49,33 @@ include::partial$servlet/architecture/request-cache-continue.adoc[]
There are no further migration steps for this feature.
However, if you run into trouble with this enhancement, you can instead <<servlet-replace-methodsecurity-with-globalmethodsecurity,revert the behavior>>.
=== Use `AuthorizationManager` for Message Security
In 6.0, `<websocket-message-broker>` defaults `use-authorization-manager` to `true`.
So, to complete migration, remove any `websocket-message-broker@use-authorization-manager=true` attribute.
For example:
====
.Xml
[source,xml,role="primary"]
----
<websocket-message-broker use-authorization-manager="true"/>
----
====
changes to:
====
.Xml
[source,xml,role="primary"]
----
<websocket-message-broker/>
----
====
There are no further migrations steps for Java or Kotlin for this feature.
== Reactive
=== Use `AuthorizationManager` for Method Security

Write Preview
Loading…
Cancel
Save