|
|
@@ -424,3 +424,47 @@ The method `setAllowMultipleAuthorizationRequests(...)` has no direct replacemen
|
|
|
=== `UnAuthenticatedServerOAuth2AuthorizedClientRepository`
|
|
|
|
|
|
The class `UnAuthenticatedServerOAuth2AuthorizedClientRepository` has no direct replacement. Usage of the class can be replaced with `AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager`.
|
|
|
+
|
|
|
+== Add `@Configuration` to `@Enable*` annotations
|
|
|
+
|
|
|
+In 6.0, all Spring Security's `@Enable*` annotations had their `@Configuration` removed.
|
|
|
+While convenient, it was not consistent with the rest of the Spring projects and most notably Spring Framework's `@Enable*` annotations.
|
|
|
+Additionally, the introduction of support for `@Configuration(proxyBeanMethods=false)` in Spring Framework provides another reason to remove `@Configuration` meta-annotation from Spring Security's `@Enable*` annotations and allow users to opt into their preferred configuration mode.
|
|
|
+
|
|
|
+The following annotations had their `@Configuration` removed:
|
|
|
+
|
|
|
+- `@EnableGlobalAuthentication`
|
|
|
+- `@EnableGlobalMethodSecurity`
|
|
|
+- `@EnableMethodSecurity`
|
|
|
+- `@EnableReactiveMethodSecurity`
|
|
|
+- `@EnableWebSecurity`
|
|
|
+- `@EnableWebFluxSecurity`
|
|
|
+
|
|
|
+For example, if you are using `@EnableWebFluxSecurity`, you will need to change:
|
|
|
+
|
|
|
+====
|
|
|
+.Java
|
|
|
+[source,java,role="primary"]
|
|
|
+----
|
|
|
+@EnableWebFluxSecurity
|
|
|
+public class SecurityConfig {
|
|
|
+ // ...
|
|
|
+}
|
|
|
+----
|
|
|
+====
|
|
|
+
|
|
|
+to:
|
|
|
+
|
|
|
+====
|
|
|
+.Java
|
|
|
+[source,java,role="primary"]
|
|
|
+----
|
|
|
+@Configuration
|
|
|
+@EnableWebFluxSecurity
|
|
|
+public class SecurityConfig {
|
|
|
+ // ...
|
|
|
+}
|
|
|
+----
|
|
|
+====
|
|
|
+
|
|
|
+And the same applies to every other annotation listed above.
|
Marcus Da Coregio