Add hasIpAddress Migration Steps

jzheaux · jzheaux · commit 8895a66a2b88 · 2023-07-10T13:35:16.000-06:00
Closes gh-13474
diff --git a/docs/modules/ROOT/pages/migration/servlet/authorization.adoc b/docs/modules/ROOT/pages/migration/servlet/authorization.adoc
@@ -1090,6 +1090,59 @@ Xml::
 ----
 ======
 
+=== Migrate `hasIpAddress` to `access(AuthorizationManager)`
+
+`hasIpAddress` has no DSL equivalent in `authorizeHttpRequests`.
+
+As such, you need to change any called to `hasIpAddress` to using an `AuthorizationManager`.
+
+First, construct an `IpAddressMatcher` like so:
+
+====
+.Java
+[source,java,role="primary"]
+----
+IpAddressMatcher hasIpAddress = new IpAddressMatcher("127.0.0.1");
+----
+====
+
+And then change from this:
+
+====
+.Java
+[source,java,role="primary"]
+----
+http
+    .authorizeRequests((authorize) -> authorize
+        .mvcMatchers("/app/**").hasIpAddress("127.0.0.1")
+        // ...
+        .anyRequest().denyAll()
+    )
+    // ...
+----
+====
+
+to this:
+
+====
+.Java
+[source,java,role="primary"]
+----
+http
+    .authorizeHttpRequests((authorize) -> authorize
+        .requestMatchers("/app/**").access((authentication, context) ->
+            new AuthorizationDecision(hasIpAddress.matches(context.getRequest()))
+        // ...
+        .anyRequest().denyAll()
+    )
+    // ...
+----
+====
+
+[NOTE]
+Securing by IP Address is quite fragile to begin with.
+For that reason, there are no plans to port this support over to `authorizeHttpRequests`.
+
 === Migrate SpEL expressions to `AuthorizationManager`
 
 For authorization rules, Java tends to be easier to test and maintain than SpEL.
