-
Notifications
You must be signed in to change notification settings - Fork 6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Docs Use Section Summary where appropriate
Closes gh-10449
- Loading branch information
Showing
12 changed files
with
28 additions
and
50 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,10 +1,7 @@ | ||
| [[exploits]] | ||
| = Protection Against Exploits | ||
| :page-section-summary-toc: 1 | ||
|
|
||
| Spring Security provides protection against common exploits. | ||
| Whenever possible, the protection is enabled by default. | ||
| Below you will find high level description of the various exploits that Spring Security protects against. | ||
|
|
||
| * xref:features/exploits/csrf.adoc[CSRF] | ||
| * xref:features/exploits/headers.adoc[HTTP Headers] | ||
| * xref:features/exploits/http.adoc[HTTP Requests] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,13 +1,8 @@ | ||
| [[integrations]] | ||
| = Integrations | ||
| :page-section-summary-toc: 1 | ||
|
|
||
| Spring Security provides integrations with numerous frameworks and APIs. | ||
| In this section, we discuss generic integrations that are not specific to Servlet or Reactive environments. | ||
| To see specific integrations, refer to the xref:servlet/integrations/index.adoc[Servlet] and xref:servlet/integrations/index.adoc[Reactive] Integrations sections. | ||
| // FIXME add link to reactive integrations | ||
|
|
||
| * xref:features/integrations/cryptography.adoc[Cryptography] | ||
| * xref:features/integrations/data.adoc[Spring Data] | ||
| * xref:features/integrations/concurrency.adoc[Java's Concurrency APIs] | ||
| * xref:features/integrations/jackson.adoc[Jackson] | ||
| * xref:features/integrations/localization.adoc[Localization] |
20 changes: 1 addition & 19 deletions
20
docs/modules/ROOT/pages/servlet/authentication/passwords/index.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,9 @@ | ||
| [[servlet-authentication-unpwd]] | ||
| = Username/Password Authentication | ||
| :page-section-summary-toc: 1 | ||
| :figures: images/servlet/authentication/unpwd | ||
| :icondir: images/icons | ||
|
|
||
| One of the most common ways to authenticate a user is by validating a username and password. | ||
| As such, Spring Security provides comprehensive support for authenticating with a username and password. | ||
|
|
||
| [[servlet-authentication-unpwd-input]] | ||
| == Reading the Username & Password | ||
|
|
||
| Spring Security provides the following built in mechanisms for reading a username and password from the `HttpServletRequest`: | ||
|
|
||
| * xref:servlet/authentication/passwords/form.adoc#servlet-authentication-form[Form Login] | ||
| * xref:servlet/authentication/passwords/basic.adoc#servlet-authentication-basic[Basic Authentication] | ||
| * xref:servlet/authentication/passwords/digest.adoc#servlet-authentication-digest[Digest Authentication] | ||
|
|
||
| [[servlet-authentication-unpwd-storage]] | ||
| == Storage Mechanisms | ||
|
|
||
| Each of the supported mechanisms for reading a username and password can leverage any of the supported storage mechanisms: | ||
|
|
||
| * Simple Storage with xref:servlet/authentication/passwords/in-memory.adoc#servlet-authentication-inmemory[In-Memory Authentication] | ||
| * Relational Databases with xref:servlet/authentication/passwords/jdbc.adoc#servlet-authentication-jdbc[JDBC Authentication] | ||
| * Custom data stores with xref:servlet/authentication/passwords/user-details-service.adoc#servlet-authentication-userdetailsservice[UserDetailsService] | ||
| * LDAP storage with xref:servlet/authentication/passwords/ldap.adoc#servlet-authentication-ldap[LDAP Authentication] | ||
|
|
5 changes: 5 additions & 0 deletions
5
docs/modules/ROOT/pages/servlet/authentication/passwords/input.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| [[servlet-authentication-unpwd-input]] | ||
| = Reading the Username & Password | ||
| :page-section-summary-toc: 1 | ||
|
|
||
| Spring Security provides the following built in mechanisms for reading a username and password from the `HttpServletRequest`: |
11 changes: 11 additions & 0 deletions
11
docs/modules/ROOT/pages/servlet/authentication/passwords/storage.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| [[servlet-authentication-unpwd-storage]] | ||
| = Storage Mechanisms | ||
| :page-section-summary-toc: 1 | ||
|
|
||
| Each of the supported mechanisms for reading a username and password can leverage any of the supported storage mechanisms: | ||
|
|
||
| * Simple Storage with xref:servlet/authentication/passwords/in-memory.adoc#servlet-authentication-inmemory[In-Memory Authentication] | ||
| * Relational Databases with xref:servlet/authentication/passwords/jdbc.adoc#servlet-authentication-jdbc[JDBC Authentication] | ||
| * Custom data stores with xref:servlet/authentication/passwords/user-details-service.adoc#servlet-authentication-userdetailsservice[UserDetailsService] | ||
| * LDAP storage with xref:servlet/authentication/passwords/ldap.adoc#servlet-authentication-ldap[LDAP Authentication] | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,15 +1,11 @@ | ||
| [[servlet-authorization]] | ||
| = Authorization | ||
| :page-section-summary-toc: 1 | ||
|
|
||
| The advanced authorization capabilities within Spring Security represent one of the most compelling reasons for its popularity. | ||
| Irrespective of how you choose to authenticate - whether using a Spring Security-provided mechanism and provider, or integrating with a container or other non-Spring Security authentication authority - you will find the authorization services can be used within your application in a consistent and simple way. | ||
|
|
||
| In this part we'll explore the different `AbstractSecurityInterceptor` implementations, which were introduced in Part I. | ||
| We then move on to explore how to fine-tune authorization through use of domain access control lists. | ||
|
|
||
| * xref:servlet/authorization/architecture.adoc[leveloffset=+1] | ||
| * xref:servlet/authorization/authorize-requests.adoc[leveloffset=+1] | ||
| * xref:servlet/authorization/expression-based.adoc[] | ||
| * xref:servlet/authorization/secure-objects.adoc[] | ||
| * xref:servlet/authorization/method-security.adoc[] | ||
| * xref:servlet/authorization/acls.adoc[] | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,5 @@ | ||
| [[servlet-exploits]] | ||
| = Protection Against Exploits | ||
| :page-section-summary-toc: 1 | ||
|
|
||
| This section discusses Servlet specific support for xref:features/exploits/index.adoc#exploits[Spring Security's protection against common exploits]. | ||
|
|
||
| * xref:servlet/exploits/csrf.adoc[] | ||
| * xref:servlet/exploits/headers.adoc[] | ||
| * xref:servlet/exploits/http.adoc[] | ||
| * xref:servlet/exploits/firewall.adoc[] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,5 @@ | ||
| [[servlet-applications]] | ||
| = Servlet Applications | ||
| :page-section-summary-toc: 1 | ||
|
|
||
| Spring Security integrates with the Servlet Container by using a standard Servlet `Filter`. This means it works with any application that runs in a Servlet Container. More concretely, you do not need to use Spring in your Servlet-based application to take advantage of Spring Security. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,10 +1,5 @@ | ||
| = Integrations | ||
| :page-section-summary-toc: 1 | ||
|
|
||
| Spring Security integrates with numerous frameworks and APIs. | ||
| In this section, we discuss Spring Security integration with: | ||
|
|
||
| * xref:servlet/integrations/servlet-api.adoc[Servlet APIs] | ||
| * xref:servlet/integrations/mvc.adoc[Spring MVC] | ||
| * xref:servlet/integrations/websocket.adoc[WebSocket] | ||
| * xref:servlet/integrations/cors.adoc[Spring's CORS Support] | ||
| * xref:servlet/integrations/jsp-taglibs.adoc[JSP Taglib] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,10 @@ | ||
| [[test]] | ||
| = Testing | ||
| :page-section-summary-toc: 1 | ||
|
|
||
| This section describes the testing support provided by Spring Security. | ||
|
|
||
| To use the Spring Security test support, you must include `spring-security-test-{spring-security-version}.jar` as a dependency of your project. | ||
|
|
||
| At a high level Spring Security's test support provides integration for: | ||
|
|
||
| * xref:servlet/test/method.adoc[Method Security] - provides test support for Spring Security's method security. | ||
| * xref:servlet/test/mockmvc.adoc[MockMvc] - Provides test support to integrate with Spring's `MockMvc`. |