首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
目录树: 95abf61c88
分支列表 标签列表
spring-security
/
docs
/
modules
/
ROOT
/
pages
/
migration
/
index.adoc

index.adoc 2.3 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839 
  1. [[migration]]
    2. 

  2. = Migrating to 7.0
    3. 

  3. :spring-security-reference-base-url: https://docs.spring.io/spring-security/reference
    4. 

  4. 

  5. Spring Security 6.5 is the last release in the 6.x generation of Spring Security.
    6. 

  6. It provides strategies for configuring breaking changes to use the 7.0 way before updating.
    7. 

  7. We recommend you use 6.5 and {spring-security-reference-base-url}/6.5/migration-7/index.html[its preparation steps] to simplify updating to 7.0.
    8. 

  8. 

  9. After updating to 6.5, follow this guide to perform any remaining migration or cleanup steps.
    10. 

  10. 

  11. And recall that if you run into trouble, the preparation guide includes opt-out steps to revert to 5.x behaviors.
    12. 

  12. 

  13. == Update to Spring Security 7
    14. 

  14. 

  15. The first step is to ensure you are the latest patch release of Spring Boot 4.0.
    16. 

  16. Next, you should ensure you are on the latest patch release of Spring Security 7.
    17. 

  17. For directions, on how to update to Spring Security 7 visit the xref:getting-spring-security.adoc[] section of the reference guide.
    18. 

  18. 

  19. === Migrate from Jackson 2 to Jackson 3
    20. 

  20. 

  21. The configuration of Jackson 2 `ObjectMapper` with `SecurityJackson2Modules` should be replaced by the configuration of
    22. 

  22. Jackson 3 `JsonMapper.Builder` with `SecurityJacksonModules`. See the
    23. 

  23. https://github.com/FasterXML/jackson/blob/main/jackson3/MIGRATING_TO_JACKSON_3.md[Jackson 3 Migration Guide] for more details.
    24. 

  24. 

  25. It is recommended to replace the configuration of
    26. 

  26. individual modules like `CoreJacksonModule` by the module detection from `SecurityJacksonModules` as it enables
    27. 

  27. automatic inclusion of type information and configure a `PolymorphicTypeValidator` that handles the validation of class
    28. 

  28. names.
    29. 

  29. 

  30. The Jackson 3 support uses a format compatible with the now deprecated Jackson 2 one, so class instances serialized with
    31. 

  31. Jackson 2 should be deserializable with the Jackson 3 support.
    32. 

  32. 

  33. `spring-security-oauth2-authorization-server` now uses Jackson 3 by default. If you want to continue
    34. 

  34. to use the deprecated Jackson 2 support, the transitive dependency on Jackson 3 (`tools.jackson.core:jackson-databind`)
    35. 

  35. should be excluded and a dependency on Jackson 2 (`com.fasterxml.jackson.core:jackson-databind`) should be added.
    36. 

  36. 

  37. == Perform Application-Specific Steps
    38. 

  38. 

  39. Next, there are steps you need to perform based on whether it is a xref:migration/servlet/index.adoc[Servlet] or xref:migration/reactive.adoc[Reactive] application.
    40.