For the latest stable version, please use Spring Security 6.4.2! |
Authorization Changes
The following sections relate to how to adapt to changes in the authorization support.
Method Security
Compile With -parameters
Spring Framework 6.1 removes LocalVariableTableParameterNameDiscoverer.
This affects how @PreAuthorize
and other method security annotations will process parameter names.
If you are using method security annotations with parameter names, for example:
Method security annotation using
id
parameter name@PreAuthorize("@authz.checkPermission(#id, authentication)")
public void doSomething(Long id) {
// ...
}
You must compile with -parameters
to ensure that the parameter names are available at runtime.
For more information about this, please visit the Upgrading to Spring Framework 6.1 page.