diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java index 4b1c39d2044..cabd81145a5 100644 --- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java +++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java @@ -126,7 +126,9 @@ private void checkAuthorizationFilters(List chains) { } if (filterSecurityInterceptor != null) { this.logger.warn( - "Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration"); + "Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration. " + + "If you are using XML configuration with , " + + "add use-authorization-manager=\"true\" to your element."); } authorizationFilter = null; filterSecurityInterceptor = null; diff --git a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java index c73af6e3fd2..c207e6bdb39 100644 --- a/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java +++ b/config/src/test/java/org/springframework/security/config/http/DefaultFilterChainValidatorTests.java @@ -132,6 +132,15 @@ public void validateCheckLoginPageAllowsAnonymous() { + "access to the configured login page. (Simulated access was rejected)"); } + @Test + void validateWhenOnlyFilterSecurityInterceptorThenWarnWithXmlGuidance() { + this.validator.validate(this.chain); + verify(this.logger).warn( + "Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration. " + + "If you are using XML configuration with , " + + "add use-authorization-manager=\"true\" to your element."); + } + // SEC-1957 @Test public void validateCustomMetadataSource() {