To avoid this warning when using XML-based configuration, you need to add use-authorization-manager="true" to the <http> block, as described in the Spring Security 5.x to 6.x migration guide.