Add XML configuration guidance to authorizeRequests deprecation warning#19267
Open
s-chan-o wants to merge 1 commit into
Open
Add XML configuration guidance to authorizeRequests deprecation warning#19267s-chan-o wants to merge 1 commit into
s-chan-o wants to merge 1 commit into
Conversation
spring-projects-issues
added
the
status: waiting-for-triage
When using XML configuration with <intercept-url>, Spring Security internally registers a FilterSecurityInterceptor, which triggers the authorizeRequests deprecation warning. However, the warning message previously provided no actionable guidance for XML users. This commit adds a note to the deprecation warning indicating that XML users should add use-authorization-manager="true" to their <http> element to migrate to the modern authorization model. Closes spring-projectsgh-17259 Signed-off-by: seungchan <s24041@gsm.hs.kr>
s-chan-o
force-pushed
the
fix/17259-xml-authorizeRequests-deprecation-warning
branch
from
3f87240 to
fb95239
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When using XML configuration with
<intercept-url>, Spring Security internally registers aFilterSecurityInterceptor, which triggers theauthorizeRequestsdeprecation warning inDefaultFilterChainValidator. However, the previous warning message provided no actionable guidance for XML users:XML users cannot directly replace
<intercept-url>withauthorizeHttpRequests()— they need to adduse-authorization-manager="true"to their<http>element. Without this guidance, the warning is confusing and leaves XML users with no clear path forward.Fix
Added XML-specific guidance to the deprecation warning message:
Testing
Added
validateWhenOnlyFilterSecurityInterceptorThenWarnWithXmlGuidance()toDefaultFilterChainValidatorTeststo verify the updated warning message.Closes gh-17259