Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication.

This also deprecated the majority of the Access API. The Access API comprises the family of components in the Spring Security access packages; for example, AccessDecisionManager, AccessDecisionVoter, and FilterSecurityInterceptor. It also includes @EnableGlobalMethodSecurity and other related configuration components.

The numerous benefits to this evolution are detailed on Spring Security's reference guide. It also includes a number of migration hints for moving from one API to the other.

In order to give more time to organizations to migrate while also further encouraging updating to the latest, Spring Security 7.0.0-M3 will introduce a new module, spring-security-access, which will contain the deprecated portions of the Access API.

This is an optional dependency, and is only needed if you are still using AccessDecisionManager, AccessDecisionVoter, FilterSecurityInterceptor, @EnableGlobalMethodSecurity and the like. In this case, you can add spring-security-access as a dependency in your POM:

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-access</artifactId>
</dependency>

If you are already using AuthorizationManager, then your application needn't change.