Update to Spring Framework 6.0

Issue gh-10360
2026-05-22 21:33:16 +00:00 · 2021-10-11 16:01:02 -03:00
parent 4f0cc132f6
commit db60df2f9c
549 changed files with 1241 additions and 1236 deletions
@@ -305,7 +305,7 @@ This usually means that the user's application is creating a session somewhere,
 The most common culprit is a JSP. Many people aren't aware that JSPs create sessions by default.
 To prevent a JSP from creating a session, add the directive `<%@ page session="false" %>` to the top of the page.

-If you are having trouble working out where a session is being created, you can add some debugging code to track down the location(s). One way to do this would be to add a `javax.servlet.http.HttpSessionListener` to your application, which calls `Thread.dumpStack()` in the `sessionCreated` method.
+If you are having trouble working out where a session is being created, you can add some debugging code to track down the location(s). One way to do this would be to add a `jakarta.servlet.http.HttpSessionListener` to your application, which calls `Thread.dumpStack()` in the `sessionCreated` method.

 [[appendix-faq-forbidden-csrf]]
 === I get a 403 Forbidden when performing a POST
@@ -709,7 +709,7 @@ Default is any HTTP method except "GET", "TRACE", "HEAD", "OPTIONS".
 [[nsa-custom-filter]]
 === <custom-filter>
 This element is used to add a filter to the filter chain.
-It doesn't create any additional beans but is used to select a bean of type `javax.servlet.Filter` which is already defined in the application context and add that at a particular position in the filter chain maintained by Spring Security.
+It doesn't create any additional beans but is used to select a bean of type `jakarta.servlet.Filter` which is already defined in the application context and add that at a particular position in the filter chain maintained by Spring Security.
 Full details can be found in the xref:servlet/configuration/xml-namespace.adoc#ns-custom-filters[ namespace chapter].


@@ -186,7 +186,7 @@ This is the default in Servlet 3.1 and newer containers.


 When session fixation protection occurs, it results in a `SessionFixationProtectionEvent` being published in the application context.
-If you use `changeSessionId`, this protection will __also__ result in any  ``javax.servlet.http.HttpSessionIdListener``s being notified, so use caution if your code listens for both events.
+If you use `changeSessionId`, this protection will __also__ result in any  ``jakarta.servlet.http.HttpSessionIdListener``s being notified, so use caution if your code listens for both events.
 See the <<session-mgmt,Session Management>> chapter for additional information.

 == SessionManagementFilter
@@ -84,7 +84,7 @@ The following section describes the Servlet 3 methods that Spring Security integ

 [[servletapi-authenticate]]
 === HttpServletRequest.authenticate(HttpServletRequest,HttpServletResponse)
-The https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#authenticate%28javax.servlet.http.HttpServletResponse%29[HttpServletRequest.authenticate(HttpServletRequest,HttpServletResponse)] method can be used to ensure that a user is authenticated.
+The https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#authenticate%28jakarta.servlet.http.HttpServletResponse%29[HttpServletRequest.authenticate(HttpServletRequest,HttpServletResponse)] method can be used to ensure that a user is authenticated.
 If they are not authenticated, the configured AuthenticationEntryPoint will be used to request the user to authenticate (i.e. redirect to the login page).