Include information about -parameters flag in 6.2 upgrade notes

Closes gh-13552
spring-projects · Jul 19, 2023 · 5ceea9e · 5ceea9e
1 parent 4c77a55
commit 5ceea9e
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 0 deletions.
diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc
@@ -5,6 +5,7 @@
 * xref:migration-7/index.adoc[Preparing for 7.0]
 ** xref:migration-7/configuration.adoc[Configuration]
 * xref:migration/index.adoc[Migrating to 6.2]
+** xref:migration/authorization.adoc[Authorization Changes]
 * xref:getting-spring-security.adoc[Getting Spring Security]
 * xref:features/index.adoc[Features]
 ** xref:features/authentication/index.adoc[Authentication]

diff --git a/docs/modules/ROOT/pages/migration/authorization.adoc b/docs/modules/ROOT/pages/migration/authorization.adoc
@@ -0,0 +1,24 @@
+= Authorization Changes
+
+The following sections relate to how to adapt to changes in the authorization support.
+
+== Method Security
+
+[[compile-with-parameters]]
+=== Compile With `-parameters`
+
+Spring Framework 6.1 https://github.com/spring-projects/spring-framework/issues/29559[removes LocalVariableTableParameterNameDiscoverer].
+This affects how `@PreAuthorize` and other xref:servlet/authorization/method-security.adoc[method security] annotations will process parameter names.
+If you are using method security annotations with parameter names, for example:
+
+[source,java]
+.Method security annotation using `id` parameter name
+----
+@PreAuthorize("@authz.checkPermission(#id, authentication)")
+public void doSomething(Long id) {
+    // ...
+}
+----
+
+You must compile with `-parameters` to ensure that the parameter names are available at runtime.
+For more information about this, please visit the https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x#core-container[Upgrading to Spring Framework 6.1 page].
diff --git a/docs/modules/ROOT/pages/migration/index.adoc b/docs/modules/ROOT/pages/migration/index.adoc
@@ -15,3 +15,9 @@ Next, you should ensure you are on the latest patch release of Spring Security 6
 Typically, the latest patch release of Spring Boot uses the latest patch release of Spring Security.
 
 With those two steps complete, you can now update to Spring Security 6.2.
+
+== Quick Reference
+
+The following list provide a quick reference for the changes that are described in this guide.
+
+- xref:migration/authorization.adoc#compile-with-parameters[You are using method parameter names in `@PreAuthorize`, `@PostAuthorize`, or any other method security annotations]