对于最新的稳定版本,请使用 Spring Security 6.4.1spring-doc.cn

反应性的

如果您已经为 Reactive 应用程序执行了初始迁移步骤,那么现在可以执行特定于 Reactive 应用程序的步骤了。spring-doc.cn

用于方法安全性AuthorizationManager

在 6.0 中,默认为 . 因此,要完成迁移,@EnableReactiveMethodSecurity删除该属性:@EnableReactiveMethodSecurityuseAuthorizationManagertrueuseAuthorizationManagerspring-doc.cn

@EnableReactiveMethodSecurity(useAuthorizationManager = true)
@EnableReactiveMethodSecurity(useAuthorizationManager = true)

更改为:spring-doc.cn

@EnableReactiveMethodSecurity
@EnableReactiveMethodSecurity

传播 sAuthenticationServiceException

AuthenticationWebFilterAuthenticationServiceException传播到ServerAuthenticationEntryPoint。 由于 s 表示服务器端错误而不是客户端错误,因此在 6.0 中,这会更改以将它们传播到容器。AuthenticationServiceExceptionspring-doc.cn

因此,如果您通过 set too 选择了此行为,您现在可以像这样删除它:rethrowAuthenticationServiceExceptiontruespring-doc.cn

AuthenticationFailureHandler bearerFailureHandler = new ServerAuthenticationEntryPointFailureHandler(bearerEntryPoint);
bearerFailureHandler.setRethrowAuthenticationServiceException(true);
AuthenticationFailureHandler basicFailureHandler = new ServerAuthenticationEntryPointFailureHandler(basicEntryPoint);
basicFailureHandler.setRethrowAuthenticationServiceException(true);
val bearerFailureHandler: AuthenticationFailureHandler = ServerAuthenticationEntryPointFailureHandler(bearerEntryPoint)
bearerFailureHandler.setRethrowAuthenticationServiceException(true)
val basicFailureHandler: AuthenticationFailureHandler = ServerAuthenticationEntryPointFailureHandler(basicEntryPoint)
basicFailureHandler.setRethrowAuthenticationServiceException(true)

更改为:spring-doc.cn

AuthenticationFailureHandler bearerFailureHandler = new ServerAuthenticationEntryPointFailureHandler(bearerEntryPoint);
AuthenticationFailureHandler basicFailureHandler = new ServerAuthenticationEntryPointFailureHandler(basicEntryPoint);
val bearerFailureHandler: AuthenticationFailureHandler = ServerAuthenticationEntryPointFailureHandler(bearerEntryPoint)
val basicFailureHandler: AuthenticationFailureHandler = ServerAuthenticationEntryPointFailureHandler(basicEntryPoint)

如果您仅出于更新到 6.0 的目的配置了 ,则可以将其完全删除。ServerAuthenticationFailureHandlerspring-doc.cn