diff --git a/docs/manual/src/docs/asciidoc/_includes/about/modules.adoc b/docs/manual/src/docs/asciidoc/_includes/about/modules.adoc index ae976076fa..d912230107 100644 --- a/docs/manual/src/docs/asciidoc/_includes/about/modules.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/about/modules.adoc @@ -1,11 +1,21 @@ // FIXME: This might make sense in Getting Spring Security along with the artifact information [[modules]] -= Project Modules += Project Modules and Dependencies In Spring Security 3.0, the codebase was sub-divided into separate jars which more clearly separate different functionality areas and third-party dependencies. If you use Maven to build your project, these are the modules you should add to your `pom.xml`. Even if you do not use Maven, we recommend that you consult the `pom.xml` files to get an idea of third-party dependencies and versions. Another good idea is to examine the libraries that are included in the sample applications. +This section provides a reference of the modules in Spring Security and the additional dependencies that they require in order to function in a running application. +We don't include dependencies that are only used when building or testing Spring Security itself. +Nor do we include transitive dependencies which are required by external dependencies. + +The version of Spring required is listed on the project website, so the specific versions are omitted for Spring dependencies below. +Note that some of the dependencies listed as "optional" below may still be required for other non-security functionality in a Spring application. +Also dependencies listed as "optional" may not actually be marked as such in the project's Maven POM files if they are used in most applications. +They are "optional" only in the sense that you don't need them unless you are using the specified functionality. + +Where a module depends on another Spring Security module, the non-optional dependencies of the module it depends on are also assumed to be required and are not listed separately. [[spring-security-core]] @@ -20,12 +30,62 @@ It contains the following top-level packages: * `org.springframework.security.authentication` * `org.springframework.security.provisioning` +.Core Dependencies +|=== +| Dependency | Version | Description + +| ehcache +| 1.6.2 +| Required if the Ehcache-based user cache implementation is used (optional). + +| spring-aop +| +| Method security is based on Spring AOP + +| spring-beans +| +| Required for Spring configuration + +| spring-expression +| +| Required for expression-based method security (optional) + +| spring-jdbc +| +| Required if using a database to store user data (optional). + +| spring-tx +| +| Required if using a database to store user data (optional). + +| aspectjrt +| 1.6.10 +| Required if using AspectJ support (optional). + +| jsr250-api +| 1.0 +| Required if you are using JSR-250 method-security annotations (optional). +|=== + + [[spring-security-remoting]] == Remoting -- `spring-security-remoting.jar` This module provides integration with Spring Remoting. You do not need this unless you are writing a remote client that uses Spring Remoting. The main package is `org.springframework.security.remoting`. +.Remoting Dependencies +|=== +| Dependency | Version | Description + +| spring-security-core +| +| + +| spring-web +| +| Required for clients which use HTTP remoting support. +|=== [[spring-security-web]] == Web -- `spring-security-web.jar` @@ -34,6 +94,26 @@ It contains anything with a servlet API dependency. You need it if you require Spring Security web authentication services and URL-based access-control. The main package is `org.springframework.security.web`. +.Web Dependencies +|=== +| Dependency | Version | Description + +| spring-security-core +| +| + +| spring-web +| +| Spring web support classes are used extensively. + +| spring-jdbc +| +| Required for JDBC-based persistent remember-me token repository (optional). + +| spring-tx +| +| Required by remember-me persistent token repository implementations (optional). +|=== [[spring-security-config]] == Config -- `spring-security-config.jar` @@ -42,6 +122,30 @@ You need it if you use the Spring Security XML namespace for configuration or Sp The main package is `org.springframework.security.config`. None of the classes are intended for direct use in an application. +.Config Dependencies +|=== +| Dependency | Version | Description + +| spring-security-core +| +| + +| spring-security-web +| +| Required if you are using any web-related namespace configuration (optional). + +| spring-security-ldap +| +| Required if you are using the LDAP namespace options (optional). + +| spring-security-openid +| +| Required if you are using OpenID authentication (optional). + +| aspectjweaver +| 1.6.10 +| Required if using the protect-pointcut namespace syntax (optional). +|=== [[spring-security-ldap]] == LDAP -- `spring-security-ldap.jar` @@ -49,6 +153,36 @@ This module provides LDAP authentication and provisioning code. It is required if you need to use LDAP authentication or manage LDAP user entries. The top-level package is `org.springframework.security.ldap`. +.LDAP Dependencies +|=== +| Dependency | Version | Description + +| spring-security-core +| +| + +| spring-ldap-core +| 1.3.0 +| LDAP support is based on Spring LDAP. + +| spring-tx +| +| Data exception classes are required. + +| apache-ds footnote:[The modules `apacheds-core`, `apacheds-core-entry`, `apacheds-protocol-shared`, `apacheds-protocol-ldap` and `apacheds-server-jndi` are required. +] +| 1.5.5 +| Required if you are using an embedded LDAP server (optional). + +| shared-ldap +| 0.9.15 +| Required if you are using an embedded LDAP server (optional). + +| ldapsdk +| 4.1 +| Mozilla LdapSDK. +Used for decoding LDAP password policy controls if you are using password-policy functionality with OpenLDAP, for example. +|=== [[spring-security-oauth2-core]] == OAuth 2.0 Core -- `spring-security-oauth2-core.jar` @@ -92,6 +226,26 @@ This module contains a specialized domain object ACL implementation. It is used to apply security to specific domain object instances within your application. The top-level package is `org.springframework.security.acls`. +.ACL Dependencies +|=== +| Dependency | Version | Description + +| spring-security-core +| +| + +| ehcache +| 1.6.2 +| Required if the Ehcache-based ACL cache implementation is used (optional if you are using your own implementation). + +| spring-jdbc +| +| Required if you are using the default JDBC-based AclService (optional if you implement your own). + +| spring-tx +| +| Required if you are using the default JDBC-based AclService (optional if you implement your own). +|=== [[spring-security-cas]] == CAS -- `spring-security-cas.jar` @@ -99,6 +253,27 @@ This module contains Spring Security's CAS client integration. You should use it if you want to use Spring Security web authentication with a CAS single sign-on server. The top-level package is `org.springframework.security.cas`. +.CAS Dependencies +|=== +| Dependency | Version | Description + +| spring-security-core +| +| + +| spring-security-web +| +| + +| cas-client-core +| 3.1.12 +| The JA-SIG CAS Client. +This is the basis of the Spring Security integration. + +| ehcache +| 1.6.2 +| Required if you are using the Ehcache-based ticket cache (optional). +|=== [[spring-security-openid]] == OpenID -- `spring-security-openid.jar` @@ -110,7 +285,57 @@ It is used to authenticate users against an external OpenID server. The top-level package is `org.springframework.security.openid`. It requires OpenID4Java. +.OpenID Dependencies +|=== +| Dependency | Version | Description + +| spring-security-core +| +| + +| spring-security-web +| +| + +| openid4java-nodeps +| 0.9.6 +| Spring Security's OpenID integration uses OpenID4Java. + +| httpclient +| 4.1.1 +| openid4java-nodeps depends on HttpClient 4. + +| guice +| 2.0 +| openid4java-nodeps depends on Guice 2. +|=== + [[spring-security-test]] == Test -- `spring-security-test.jar` This module contains support for testing with Spring Security. + +[[spring-security-taglibs]] +== Taglibs -- `spring-secuity-taglibs.jar` +Provides Spring Security's JSP tag implementations. + +.Taglib Dependencies +|=== +| Dependency | Version | Description + +| spring-security-core +| +| + +| spring-security-web +| +| + +| spring-security-acl +| +| Required if you are using the `accesscontrollist` tag or `hasPermission()` expressions with ACLs (optional). + +| spring-expression +| +| Required if you are using SPEL expressions in your tag access constraints. +|=== diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/appendix/dependencies.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/appendix/dependencies.adoc deleted file mode 100644 index 40bbd8d130..0000000000 --- a/docs/manual/src/docs/asciidoc/_includes/servlet/appendix/dependencies.adoc +++ /dev/null @@ -1,261 +0,0 @@ - - -[[appendix-dependencies]] -== Spring Security Dependencies -This appendix provides a reference of the modules in Spring Security and the additional dependencies that they require in order to function in a running application. -We don't include dependencies that are only used when building or testing Spring Security itself. -Nor do we include transitive dependencies which are required by external dependencies. - -The version of Spring required is listed on the project website, so the specific versions are omitted for Spring dependencies below. -Note that some of the dependencies listed as "optional" below may still be required for other non-security functionality in a Spring application. -Also dependencies listed as "optional" may not actually be marked as such in the project's Maven POM files if they are used in most applications. -They are "optional" only in the sense that you don't need them unless you are using the specified functionality. - -Where a module depends on another Spring Security module, the non-optional dependencies of the module it depends on are also assumed to be required and are not listed separately. - - -=== spring-security-core - -The core module must be included in any project using Spring Security. - -.Core Dependencies -|=== -| Dependency | Version | Description - -| ehcache -| 1.6.2 -| Required if the Ehcache-based user cache implementation is used (optional). - -| spring-aop -| -| Method security is based on Spring AOP - -| spring-beans -| -| Required for Spring configuration - -| spring-expression -| -| Required for expression-based method security (optional) - -| spring-jdbc -| -| Required if using a database to store user data (optional). - -| spring-tx -| -| Required if using a database to store user data (optional). - -| aspectjrt -| 1.6.10 -| Required if using AspectJ support (optional). - -| jsr250-api -| 1.0 -| Required if you are using JSR-250 method-security annotations (optional). -|=== - -=== spring-security-remoting -This module is typically required in web applications which use the Servlet API. - -.Remoting Dependencies -|=== -| Dependency | Version | Description - -| spring-security-core -| -| - -| spring-web -| -| Required for clients which use HTTP remoting support. -|=== - -=== spring-security-web -This module is typically required in web applications which use the Servlet API. - -.Web Dependencies -|=== -| Dependency | Version | Description - -| spring-security-core -| -| - -| spring-web -| -| Spring web support classes are used extensively. - -| spring-jdbc -| -| Required for JDBC-based persistent remember-me token repository (optional). - -| spring-tx -| -| Required by remember-me persistent token repository implementations (optional). -|=== - -=== spring-security-ldap -This module is only required if you are using LDAP authentication. - -.LDAP Dependencies -|=== -| Dependency | Version | Description - -| spring-security-core -| -| - -| spring-ldap-core -| 1.3.0 -| LDAP support is based on Spring LDAP. - -| spring-tx -| -| Data exception classes are required. - -| apache-ds footnote:[The modules `apacheds-core`, `apacheds-core-entry`, `apacheds-protocol-shared`, `apacheds-protocol-ldap` and `apacheds-server-jndi` are required. -] -| 1.5.5 -| Required if you are using an embedded LDAP server (optional). - -| shared-ldap -| 0.9.15 -| Required if you are using an embedded LDAP server (optional). - -| ldapsdk -| 4.1 -| Mozilla LdapSDK. -Used for decoding LDAP password policy controls if you are using password-policy functionality with OpenLDAP, for example. -|=== - - -=== spring-security-config -This module is required if you are using Spring Security namespace configuration. - -.Config Dependencies -|=== -| Dependency | Version | Description - -| spring-security-core -| -| - -| spring-security-web -| -| Required if you are using any web-related namespace configuration (optional). - -| spring-security-ldap -| -| Required if you are using the LDAP namespace options (optional). - -| spring-security-openid -| -| Required if you are using OpenID authentication (optional). - -| aspectjweaver -| 1.6.10 -| Required if using the protect-pointcut namespace syntax (optional). -|=== - - -=== spring-security-acl -The ACL module. - -.ACL Dependencies -|=== -| Dependency | Version | Description - -| spring-security-core -| -| - -| ehcache -| 1.6.2 -| Required if the Ehcache-based ACL cache implementation is used (optional if you are using your own implementation). - -| spring-jdbc -| -| Required if you are using the default JDBC-based AclService (optional if you implement your own). - -| spring-tx -| -| Required if you are using the default JDBC-based AclService (optional if you implement your own). -|=== - -=== spring-security-cas -The CAS module provides integration with JA-SIG CAS. - -.CAS Dependencies -|=== -| Dependency | Version | Description - -| spring-security-core -| -| - -| spring-security-web -| -| - -| cas-client-core -| 3.1.12 -| The JA-SIG CAS Client. -This is the basis of the Spring Security integration. - -| ehcache -| 1.6.2 -| Required if you are using the Ehcache-based ticket cache (optional). -|=== - -=== spring-security-openid -The OpenID module. - -.OpenID Dependencies -|=== -| Dependency | Version | Description - -| spring-security-core -| -| - -| spring-security-web -| -| - -| openid4java-nodeps -| 0.9.6 -| Spring Security's OpenID integration uses OpenID4Java. - -| httpclient -| 4.1.1 -| openid4java-nodeps depends on HttpClient 4. - -| guice -| 2.0 -| openid4java-nodeps depends on Guice 2. -|=== - -=== spring-security-taglibs -Provides Spring Security's JSP tag implementations. - -.Taglib Dependencies -|=== -| Dependency | Version | Description - -| spring-security-core -| -| - -| spring-security-web -| -| - -| spring-security-acl -| -| Required if you are using the `accesscontrollist` tag or `hasPermission()` expressions with ACLs (optional). - -| spring-expression -| -| Required if you are using SPEL expressions in your tag access constraints. -|=== diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/appendix/index.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/appendix/index.adoc index f0a169ecfb..7ab1808a9c 100644 --- a/docs/manual/src/docs/asciidoc/_includes/servlet/appendix/index.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/servlet/appendix/index.adoc @@ -5,6 +5,4 @@ include::database-schema.adoc[] include::namespace.adoc[] -include::dependencies.adoc[] - include::faq.adoc[]