Merge Project Modules and Dependencies Section of the docs

Closes gh-8199
This commit is contained in:
Heinz Wittig 2020-06-29 18:11:04 +02:00 committed by GitHub
parent d31fff11b3
commit 08b69e77d2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 226 additions and 264 deletions

View File

@ -1,11 +1,21 @@
// FIXME: This might make sense in Getting Spring Security along with the artifact information // FIXME: This might make sense in Getting Spring Security along with the artifact information
[[modules]] [[modules]]
= Project Modules = Project Modules and Dependencies
In Spring Security 3.0, the codebase was sub-divided into separate jars which more clearly separate different functionality areas and third-party dependencies. In Spring Security 3.0, the codebase was sub-divided into separate jars which more clearly separate different functionality areas and third-party dependencies.
If you use Maven to build your project, these are the modules you should add to your `pom.xml`. If you use Maven to build your project, these are the modules you should add to your `pom.xml`.
Even if you do not use Maven, we recommend that you consult the `pom.xml` files to get an idea of third-party dependencies and versions. Even if you do not use Maven, we recommend that you consult the `pom.xml` files to get an idea of third-party dependencies and versions.
Another good idea is to examine the libraries that are included in the sample applications. Another good idea is to examine the libraries that are included in the sample applications.
This section provides a reference of the modules in Spring Security and the additional dependencies that they require in order to function in a running application.
We don't include dependencies that are only used when building or testing Spring Security itself.
Nor do we include transitive dependencies which are required by external dependencies.
The version of Spring required is listed on the project website, so the specific versions are omitted for Spring dependencies below.
Note that some of the dependencies listed as "optional" below may still be required for other non-security functionality in a Spring application.
Also dependencies listed as "optional" may not actually be marked as such in the project's Maven POM files if they are used in most applications.
They are "optional" only in the sense that you don't need them unless you are using the specified functionality.
Where a module depends on another Spring Security module, the non-optional dependencies of the module it depends on are also assumed to be required and are not listed separately.
[[spring-security-core]] [[spring-security-core]]
@ -20,12 +30,62 @@ It contains the following top-level packages:
* `org.springframework.security.authentication` * `org.springframework.security.authentication`
* `org.springframework.security.provisioning` * `org.springframework.security.provisioning`
.Core Dependencies
|===
| Dependency | Version | Description
| ehcache
| 1.6.2
| Required if the Ehcache-based user cache implementation is used (optional).
| spring-aop
|
| Method security is based on Spring AOP
| spring-beans
|
| Required for Spring configuration
| spring-expression
|
| Required for expression-based method security (optional)
| spring-jdbc
|
| Required if using a database to store user data (optional).
| spring-tx
|
| Required if using a database to store user data (optional).
| aspectjrt
| 1.6.10
| Required if using AspectJ support (optional).
| jsr250-api
| 1.0
| Required if you are using JSR-250 method-security annotations (optional).
|===
[[spring-security-remoting]] [[spring-security-remoting]]
== Remoting -- `spring-security-remoting.jar` == Remoting -- `spring-security-remoting.jar`
This module provides integration with Spring Remoting. This module provides integration with Spring Remoting.
You do not need this unless you are writing a remote client that uses Spring Remoting. You do not need this unless you are writing a remote client that uses Spring Remoting.
The main package is `org.springframework.security.remoting`. The main package is `org.springframework.security.remoting`.
.Remoting Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-web
|
| Required for clients which use HTTP remoting support.
|===
[[spring-security-web]] [[spring-security-web]]
== Web -- `spring-security-web.jar` == Web -- `spring-security-web.jar`
@ -34,6 +94,26 @@ It contains anything with a servlet API dependency.
You need it if you require Spring Security web authentication services and URL-based access-control. You need it if you require Spring Security web authentication services and URL-based access-control.
The main package is `org.springframework.security.web`. The main package is `org.springframework.security.web`.
.Web Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-web
|
| Spring web support classes are used extensively.
| spring-jdbc
|
| Required for JDBC-based persistent remember-me token repository (optional).
| spring-tx
|
| Required by remember-me persistent token repository implementations (optional).
|===
[[spring-security-config]] [[spring-security-config]]
== Config -- `spring-security-config.jar` == Config -- `spring-security-config.jar`
@ -42,6 +122,30 @@ You need it if you use the Spring Security XML namespace for configuration or Sp
The main package is `org.springframework.security.config`. The main package is `org.springframework.security.config`.
None of the classes are intended for direct use in an application. None of the classes are intended for direct use in an application.
.Config Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-security-web
|
| Required if you are using any web-related namespace configuration (optional).
| spring-security-ldap
|
| Required if you are using the LDAP namespace options (optional).
| spring-security-openid
|
| Required if you are using OpenID authentication (optional).
| aspectjweaver
| 1.6.10
| Required if using the protect-pointcut namespace syntax (optional).
|===
[[spring-security-ldap]] [[spring-security-ldap]]
== LDAP -- `spring-security-ldap.jar` == LDAP -- `spring-security-ldap.jar`
@ -49,6 +153,36 @@ This module provides LDAP authentication and provisioning code.
It is required if you need to use LDAP authentication or manage LDAP user entries. It is required if you need to use LDAP authentication or manage LDAP user entries.
The top-level package is `org.springframework.security.ldap`. The top-level package is `org.springframework.security.ldap`.
.LDAP Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-ldap-core
| 1.3.0
| LDAP support is based on Spring LDAP.
| spring-tx
|
| Data exception classes are required.
| apache-ds footnote:[The modules `apacheds-core`, `apacheds-core-entry`, `apacheds-protocol-shared`, `apacheds-protocol-ldap` and `apacheds-server-jndi` are required.
]
| 1.5.5
| Required if you are using an embedded LDAP server (optional).
| shared-ldap
| 0.9.15
| Required if you are using an embedded LDAP server (optional).
| ldapsdk
| 4.1
| Mozilla LdapSDK.
Used for decoding LDAP password policy controls if you are using password-policy functionality with OpenLDAP, for example.
|===
[[spring-security-oauth2-core]] [[spring-security-oauth2-core]]
== OAuth 2.0 Core -- `spring-security-oauth2-core.jar` == OAuth 2.0 Core -- `spring-security-oauth2-core.jar`
@ -92,6 +226,26 @@ This module contains a specialized domain object ACL implementation.
It is used to apply security to specific domain object instances within your application. It is used to apply security to specific domain object instances within your application.
The top-level package is `org.springframework.security.acls`. The top-level package is `org.springframework.security.acls`.
.ACL Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| ehcache
| 1.6.2
| Required if the Ehcache-based ACL cache implementation is used (optional if you are using your own implementation).
| spring-jdbc
|
| Required if you are using the default JDBC-based AclService (optional if you implement your own).
| spring-tx
|
| Required if you are using the default JDBC-based AclService (optional if you implement your own).
|===
[[spring-security-cas]] [[spring-security-cas]]
== CAS -- `spring-security-cas.jar` == CAS -- `spring-security-cas.jar`
@ -99,6 +253,27 @@ This module contains Spring Security's CAS client integration.
You should use it if you want to use Spring Security web authentication with a CAS single sign-on server. You should use it if you want to use Spring Security web authentication with a CAS single sign-on server.
The top-level package is `org.springframework.security.cas`. The top-level package is `org.springframework.security.cas`.
.CAS Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-security-web
|
|
| cas-client-core
| 3.1.12
| The JA-SIG CAS Client.
This is the basis of the Spring Security integration.
| ehcache
| 1.6.2
| Required if you are using the Ehcache-based ticket cache (optional).
|===
[[spring-security-openid]] [[spring-security-openid]]
== OpenID -- `spring-security-openid.jar` == OpenID -- `spring-security-openid.jar`
@ -110,7 +285,57 @@ It is used to authenticate users against an external OpenID server.
The top-level package is `org.springframework.security.openid`. The top-level package is `org.springframework.security.openid`.
It requires OpenID4Java. It requires OpenID4Java.
.OpenID Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-security-web
|
|
| openid4java-nodeps
| 0.9.6
| Spring Security's OpenID integration uses OpenID4Java.
| httpclient
| 4.1.1
| openid4java-nodeps depends on HttpClient 4.
| guice
| 2.0
| openid4java-nodeps depends on Guice 2.
|===
[[spring-security-test]] [[spring-security-test]]
== Test -- `spring-security-test.jar` == Test -- `spring-security-test.jar`
This module contains support for testing with Spring Security. This module contains support for testing with Spring Security.
[[spring-security-taglibs]]
== Taglibs -- `spring-secuity-taglibs.jar`
Provides Spring Security's JSP tag implementations.
.Taglib Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-security-web
|
|
| spring-security-acl
|
| Required if you are using the `accesscontrollist` tag or `hasPermission()` expressions with ACLs (optional).
| spring-expression
|
| Required if you are using SPEL expressions in your tag access constraints.
|===

View File

@ -1,261 +0,0 @@
[[appendix-dependencies]]
== Spring Security Dependencies
This appendix provides a reference of the modules in Spring Security and the additional dependencies that they require in order to function in a running application.
We don't include dependencies that are only used when building or testing Spring Security itself.
Nor do we include transitive dependencies which are required by external dependencies.
The version of Spring required is listed on the project website, so the specific versions are omitted for Spring dependencies below.
Note that some of the dependencies listed as "optional" below may still be required for other non-security functionality in a Spring application.
Also dependencies listed as "optional" may not actually be marked as such in the project's Maven POM files if they are used in most applications.
They are "optional" only in the sense that you don't need them unless you are using the specified functionality.
Where a module depends on another Spring Security module, the non-optional dependencies of the module it depends on are also assumed to be required and are not listed separately.
=== spring-security-core
The core module must be included in any project using Spring Security.
.Core Dependencies
|===
| Dependency | Version | Description
| ehcache
| 1.6.2
| Required if the Ehcache-based user cache implementation is used (optional).
| spring-aop
|
| Method security is based on Spring AOP
| spring-beans
|
| Required for Spring configuration
| spring-expression
|
| Required for expression-based method security (optional)
| spring-jdbc
|
| Required if using a database to store user data (optional).
| spring-tx
|
| Required if using a database to store user data (optional).
| aspectjrt
| 1.6.10
| Required if using AspectJ support (optional).
| jsr250-api
| 1.0
| Required if you are using JSR-250 method-security annotations (optional).
|===
=== spring-security-remoting
This module is typically required in web applications which use the Servlet API.
.Remoting Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-web
|
| Required for clients which use HTTP remoting support.
|===
=== spring-security-web
This module is typically required in web applications which use the Servlet API.
.Web Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-web
|
| Spring web support classes are used extensively.
| spring-jdbc
|
| Required for JDBC-based persistent remember-me token repository (optional).
| spring-tx
|
| Required by remember-me persistent token repository implementations (optional).
|===
=== spring-security-ldap
This module is only required if you are using LDAP authentication.
.LDAP Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-ldap-core
| 1.3.0
| LDAP support is based on Spring LDAP.
| spring-tx
|
| Data exception classes are required.
| apache-ds footnote:[The modules `apacheds-core`, `apacheds-core-entry`, `apacheds-protocol-shared`, `apacheds-protocol-ldap` and `apacheds-server-jndi` are required.
]
| 1.5.5
| Required if you are using an embedded LDAP server (optional).
| shared-ldap
| 0.9.15
| Required if you are using an embedded LDAP server (optional).
| ldapsdk
| 4.1
| Mozilla LdapSDK.
Used for decoding LDAP password policy controls if you are using password-policy functionality with OpenLDAP, for example.
|===
=== spring-security-config
This module is required if you are using Spring Security namespace configuration.
.Config Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-security-web
|
| Required if you are using any web-related namespace configuration (optional).
| spring-security-ldap
|
| Required if you are using the LDAP namespace options (optional).
| spring-security-openid
|
| Required if you are using OpenID authentication (optional).
| aspectjweaver
| 1.6.10
| Required if using the protect-pointcut namespace syntax (optional).
|===
=== spring-security-acl
The ACL module.
.ACL Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| ehcache
| 1.6.2
| Required if the Ehcache-based ACL cache implementation is used (optional if you are using your own implementation).
| spring-jdbc
|
| Required if you are using the default JDBC-based AclService (optional if you implement your own).
| spring-tx
|
| Required if you are using the default JDBC-based AclService (optional if you implement your own).
|===
=== spring-security-cas
The CAS module provides integration with JA-SIG CAS.
.CAS Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-security-web
|
|
| cas-client-core
| 3.1.12
| The JA-SIG CAS Client.
This is the basis of the Spring Security integration.
| ehcache
| 1.6.2
| Required if you are using the Ehcache-based ticket cache (optional).
|===
=== spring-security-openid
The OpenID module.
.OpenID Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-security-web
|
|
| openid4java-nodeps
| 0.9.6
| Spring Security's OpenID integration uses OpenID4Java.
| httpclient
| 4.1.1
| openid4java-nodeps depends on HttpClient 4.
| guice
| 2.0
| openid4java-nodeps depends on Guice 2.
|===
=== spring-security-taglibs
Provides Spring Security's JSP tag implementations.
.Taglib Dependencies
|===
| Dependency | Version | Description
| spring-security-core
|
|
| spring-security-web
|
|
| spring-security-acl
|
| Required if you are using the `accesscontrollist` tag or `hasPermission()` expressions with ACLs (optional).
| spring-expression
|
| Required if you are using SPEL expressions in your tag access constraints.
|===

View File

@ -5,6 +5,4 @@ include::database-schema.adoc[]
include::namespace.adoc[] include::namespace.adoc[]
include::dependencies.adoc[]
include::faq.adoc[] include::faq.adoc[]