I'm currently attempting to upgrade from Spring Security 5 to Spring Security 6.2.1. We use XML namespace configuration to support different requirements from different customers. However, dealing with the "documentation" from your source, as well as several other books and documents I've not been successful. I have determined that apparently the documentation for the XML namespace has not been updated to match how things are actually implemented. I've made a support question on Stackoverflow https://stackoverflow.com/q/77918629/299014 however in the last 7 days it has only been viewed 18 times and there's not a hint of a possible answer. So I'll try here in the hopes that someone can update the XML namespace documentation to clarify how it is supposed to work now.
According to the documentation here: https://docs.spring.io/spring-security/reference/servlet/appendix/namespace/http.html#nsa-http-attributes
access-decision-manager-ref Use this AuthorizationManager instead of deriving one from
elements
However when this attribute is used then the application refuses to start since is not allowed to assign an implementation of an AuthorizationManager to this reference. Also attempts to use the older AccessDecisionManager in this attribute, which worked under Spring Security 5, also prevents the application from starting.
Any assistance in clarifying what I'm missing in the documentation would be quite helpful, or at least an update of the documentation.
Comment From: jreed-cartago
Forget it. I'll figure out how to do this myself or we'll just have to try and find a replacement for Spring Security.