GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Spring Security
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19681 Commits
61 Branches
369 Tags
120 MiB
 
 
 
 
Tree: 8f8a25533a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8f8a25533a'
${ noResults }
spring-security/docs/modules/ROOT/pages/migration/index.adoc

39 lines
2.3 KiB
Raw Blame History

[[migration]]
= Migrating to 7.0
:spring-security-reference-base-url: https://docs.spring.io/spring-security/reference
Spring Security 6.5 is the last release in the 6.x generation of Spring Security.
It provides strategies for configuring breaking changes to use the 7.0 way before updating.
We recommend you use 6.5 and {spring-security-reference-base-url}/6.5/migration-7/index.html[its preparation steps] to simplify updating to 7.0.
After updating to 6.5, follow this guide to perform any remaining migration or cleanup steps.
And recall that if you run into trouble, the preparation guide includes opt-out steps to revert to 5.x behaviors.
== Update to Spring Security 7
The first step is to ensure you are the latest patch release of Spring Boot 4.0.
Next, you should ensure you are on the latest patch release of Spring Security 7.
For directions, on how to update to Spring Security 7 visit the xref:getting-spring-security.adoc[] section of the reference guide.
=== Migrate from Jackson 2 to Jackson 3
The configuration of Jackson 2 `ObjectMapper` with `SecurityJackson2Modules` should be replaced by the configuration of
Jackson 3 `JsonMapper.Builder` with `SecurityJacksonModules`. See the
https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md[Jackson 3 Migration Guide] for more details.
It is recommended to replace the configuration of
individual modules like `CoreJacksonModule` by the module detection from `SecurityJacksonModules` as it enables
automatic inclusion of type information and configure a `PolymorphicTypeValidator` that handles the validation of class
names.
The Jackson 3 support uses the same format than the now deprecated Jackson 2 one, so class instances serialized with
Jackson 2 should be deserializable with the Jackson 3 support.
`spring-security-oauth2-authorization-server` now uses Jackson 3 by default. If you want to continue
to use the deprecated Jackson 2 support, the transitive dependency on Jackson 3 (`tools.jackson.core:jackson-databind`)
should be excluded and a dependency on Jackson 2 (`com.fasterxml.jackson.core:jackson-databind`) should be added.
== Perform Application-Specific Steps
Next, there are steps you need to perform based on whether it is a xref:migration/servlet/index.adoc[Servlet] or xref:migration/reactive.adoc[Reactive] application.