From f2fc2f9a2bb1398411e4e3bca199d598e0afc1c1 Mon Sep 17 00:00:00 2001
From: Josh Cummings <josh.cummings@gmail.com>
Date: Fri, 28 Oct 2022 09:17:58 -0600
Subject: [PATCH] Add Message Security Cleanup Steps

Issue gh-11337
---
 docs/modules/ROOT/pages/migration.adoc | 27 ++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/docs/modules/ROOT/pages/migration.adoc b/docs/modules/ROOT/pages/migration.adoc
index 309ac0e25e..a815d44438 100644
--- a/docs/modules/ROOT/pages/migration.adoc
+++ b/docs/modules/ROOT/pages/migration.adoc
@@ -49,6 +49,33 @@ include::partial$servlet/architecture/request-cache-continue.adoc[]
 There are no further migration steps for this feature.
 However, if you run into trouble with this enhancement, you can instead <<servlet-replace-methodsecurity-with-globalmethodsecurity,revert the behavior>>.
 
+=== Use `AuthorizationManager` for Message Security
+
+In 6.0, `<websocket-message-broker>` defaults `use-authorization-manager` to `true`.
+So, to complete migration, remove any `websocket-message-broker@use-authorization-manager=true` attribute.
+
+For example:
+
+====
+.Xml
+[source,xml,role="primary"]
+----
+<websocket-message-broker use-authorization-manager="true"/>
+----
+====
+
+changes to:
+
+====
+.Xml
+[source,xml,role="primary"]
+----
+<websocket-message-broker/>
+----
+====
+
+There are no further migrations steps for Java or Kotlin for this feature.
+
 == Reactive
 
 === Use `AuthorizationManager` for Method Security