此版本仍在开发中,尚未被视为稳定版本。对于最新的稳定版本,请使用 Spring Security 6.3.1Spring中文文档

此版本仍在开发中,尚未被视为稳定版本。对于最新的稳定版本,请使用 Spring Security 6.3.1Spring中文文档

如果您已经执行了 Reactive 应用程序的初始迁移步骤,那么您现在就可以执行特定于 Reactive 应用程序的步骤了。Spring中文文档

用于方法安全性AuthorizationManager

在 6.0 中,默认为 . 因此,要完成迁移,@EnableReactiveMethodSecurity删除该属性:@EnableReactiveMethodSecurityuseAuthorizationManagertrueuseAuthorizationManagerSpring中文文档

@EnableReactiveMethodSecurity(useAuthorizationManager = true)
@EnableReactiveMethodSecurity(useAuthorizationManager = true)

更改为:Spring中文文档

@EnableReactiveMethodSecurity
@EnableReactiveMethodSecurity

传播 sAuthenticationServiceException

AuthenticationWebFilterAuthenticationServiceException传播到 ServerAuthenticationEntryPoint。 由于 s 表示服务器端错误而不是客户端错误,因此在 6.0 中,此更改为将它们传播到容器。AuthenticationServiceExceptionSpring中文文档

因此,如果您通过设置选择此行为,您现在可以像这样删除它:rethrowAuthenticationServiceExceptiontrueSpring中文文档

AuthenticationFailureHandler bearerFailureHandler = new ServerAuthenticationEntryPointFailureHandler(bearerEntryPoint);
bearerFailureHandler.setRethrowAuthenticationServiceException(true);
AuthenticationFailureHandler basicFailureHandler = new ServerAuthenticationEntryPointFailureHandler(basicEntryPoint);
basicFailureHandler.setRethrowAuthenticationServiceException(true);
val bearerFailureHandler: AuthenticationFailureHandler = ServerAuthenticationEntryPointFailureHandler(bearerEntryPoint)
bearerFailureHandler.setRethrowAuthenticationServiceException(true)
val basicFailureHandler: AuthenticationFailureHandler = ServerAuthenticationEntryPointFailureHandler(basicEntryPoint)
basicFailureHandler.setRethrowAuthenticationServiceException(true)

更改为:Spring中文文档

AuthenticationFailureHandler bearerFailureHandler = new ServerAuthenticationEntryPointFailureHandler(bearerEntryPoint);
AuthenticationFailureHandler basicFailureHandler = new ServerAuthenticationEntryPointFailureHandler(basicEntryPoint);
val bearerFailureHandler: AuthenticationFailureHandler = ServerAuthenticationEntryPointFailureHandler(bearerEntryPoint)
val basicFailureHandler: AuthenticationFailureHandler = ServerAuthenticationEntryPointFailureHandler(basicEntryPoint)

如果仅为了更新到 6.0 而配置了 only,则可以将其完全删除。ServerAuthenticationFailureHandlerSpring中文文档

如果仅为了更新到 6.0 而配置了 only,则可以将其完全删除。ServerAuthenticationFailureHandlerSpring中文文档