Description
Current Behavior
The user has a project with Spring Security utilizing Access Decision Manager classes.
They have the following in their security.xml:
<http use-expressions="true" access-decision-manager-ref="affirmativeBasedAccessDecisionManager">
The project is based on Spring 5.x and they migrate to Spring 6.x.
The user would get an error
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: AuthorizationManager cannot be used in conjunction with `access-decision-manager-ref`
without having any AuthorizationManager beans configured.
This error message is confusing because it makes the user look for AuthorizationManager usages in the project.
Expected Behavior
If the error message pointed the user at the right attribute, it would save investigation time for users who perform the migration. It already gives a specific attribute name for access-decision-manager-ref. It should also give a reference to use-authorization-manager and highlight that it's true by default.
Context
The solution if the user doesn't want to migrate onto the new AuthorizationManager yet is to specify
<http use-expressions="true" access-decision-manager-ref="affirmativeBasedAccessDecisionManager" use-authorization-manager="false">