From 7cd4efb8c812302460e9bebae26270734cf922c1 Mon Sep 17 00:00:00 2001
From: "philipp.delmonego" <philipp.delmonego@diva-e.com>
Date: Fri, 20 Jun 2025 11:54:30 +0200
Subject: [PATCH] Adjust log message to include guidance for XML users

Signed-off-by: philipp.delmonego <philipp.delmonego@live.de>
---
 .../web/builders/WebSecurityFilterChainValidator.java          | 3 ++-
 .../security/config/http/DefaultFilterChainValidator.java      | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurityFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurityFilterChainValidator.java
index b0bf43fb3b..9faadf0020 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurityFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurityFilterChainValidator.java
@@ -103,7 +103,8 @@ final class WebSecurityFilterChainValidator implements FilterChainProxy.FilterCh
 			}
 			if (filterSecurityInterceptor != null) {
 				this.logger.warn(
-						"Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration");
+						"Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration. "
+								+ "If using XML, ensure use-authorization-manager=\"true\" is configured");
 			}
 			authorizationFilter = null;
 			filterSecurityInterceptor = null;
diff --git a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
index 8f2baeb4c6..0b85375f13 100644
--- a/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
+++ b/config/src/main/java/org/springframework/security/config/http/DefaultFilterChainValidator.java
@@ -126,7 +126,8 @@ public class DefaultFilterChainValidator implements FilterChainProxy.FilterChain
 			}
 			if (filterSecurityInterceptor != null) {
 				this.logger.warn(
-						"Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration");
+						"Usage of authorizeRequests is deprecated. Please use authorizeHttpRequests in the configuration. "
+								+ "If using XML, ensure use-authorization-manager=\"true\" is configured");
 			}
 			authorizationFilter = null;
 			filterSecurityInterceptor = null;