From 10e6ed20cf1ed946521c5094fd14fe4df798c0c1 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 9 Apr 2008 23:35:29 +0000 Subject: [PATCH] Minor corrections to namespace chapter. Fixed image paths for pdf version --- src/docbkx/authorization-common.xml | 8 ++- src/docbkx/domain-acls-old.xml | 9 ++++ src/docbkx/namespace-config.xml | 77 +++++++++++++++-------------- src/docbkx/springsecurity.xml | 8 +-- src/docbkx/technical-overview.xml | 12 ++--- 5 files changed, 65 insertions(+), 49 deletions(-) diff --git a/src/docbkx/authorization-common.xml b/src/docbkx/authorization-common.xml index f9331864c4..79fc96259b 100644 --- a/src/docbkx/authorization-common.xml +++ b/src/docbkx/authorization-common.xml @@ -95,6 +95,9 @@ public boolean supports(Class clazz); based on voting. Figure 4 illustrates the relevant classes. + + + @@ -266,7 +269,10 @@ public boolean supports(Class clazz); - + + + + diff --git a/src/docbkx/domain-acls-old.xml b/src/docbkx/domain-acls-old.xml index 0f6d03f8d9..da729e82a7 100644 --- a/src/docbkx/domain-acls-old.xml +++ b/src/docbkx/domain-acls-old.xml @@ -108,6 +108,9 @@ access control list (ACL) lookups. + + + @@ -166,6 +169,9 @@ public AclEntry[] getAcls(java.lang.Object domainInstance, Authentication authen implementation, which is shown in Figure 7. + + + @@ -457,6 +463,9 @@ END; for more information. + + + diff --git a/src/docbkx/namespace-config.xml b/src/docbkx/namespace-config.xml index 38181a42ed..3ed561232d 100644 --- a/src/docbkx/namespace-config.xml +++ b/src/docbkx/namespace-config.xml @@ -23,7 +23,7 @@ ]]> This is much simpler than wiring up the equivalent Apache Directory Server beans. The most - common alterative configuration requirements are supported by attributes on the + common alternative configuration requirements are supported by attributes on the ldap-server element and the user is isolated from worrying about which beans they need to be set on and what the bean property names are. @@ -126,7 +126,7 @@
<literal>web.xml</literal> Configuration - The first thing you need to do is add the following fiter declaration to your + The first thing you need to do is add the following filter declaration to your web.xml file: @@ -196,7 +196,7 @@ At this point you should be able to start up your application and you will be required to - log in to proceed. Try it out, or try experimenting with the "tutorial" sample applicaition + log in to proceed. Try it out, or try experimenting with the "tutorial" sample application that comes with the project. The above configuration actually adds quite a few services to the application because we have used the auto-config @@ -222,19 +222,23 @@ ]]> - These other elements are responsible for setting up form-login, see + These other elements are responsible for setting up form-login, anonymous authentication, basic authentication, logout handling and remember-me services respectively. They each have attributes which can be used to alter their behaviour. For example, if you want to supply your own login page, you could use: + ]]> Note that you can still use auto-config. The form-login element just overrides the - default settings. If you want to use basic authentication instead of form login, then change the configuration to + default settings. Also note that we've added an extra intercept-url element to say that any requests + for the login page should be excluded from processing by the security filters. Otherwise the request would be matched by + the pattern /** and it wouldn't be possible to access the login page itself! + If you want to use basic authentication instead of form login, then change the configuration to @@ -247,34 +251,35 @@ through a login form embedded in another web page.
-
- Configuring other Authentication Providers - - In practice you will need a more scalable source of user information than a few names added to the context file. - Most likely you will want to store your user information in something like a database or an LDAP server. LDAP namespace - configuration is dealt with in the LDAP chapter, so we won't cover it here. If you have a - custom implementation of Spring Security's UserDetailsService, called "myUserDetailsService" in your - application context, then you can authenticate against this using - +
+ Configuring other Authentication Providers + + In practice you will need a more scalable source of user information than a few names added to the context file. + Most likely you will want to store your user information in something like a database or an LDAP server. LDAP namespace + configuration is dealt with in the LDAP chapter, so we won't cover it here. If you have a + custom implementation of Spring Security's UserDetailsService, called "myUserDetailsService" in your + application context, then you can authenticate against this using + ]]> - - If you want to use a database, then you can use - + If you want to use a database, then you can use + ]]> - - Where "securityDataSource" is the name of a DataSource bean in the application context, - pointing at a database containing the standard Spring Security user data tables. Alternatively, you could configure - a Spring Security JdbcDaoImpl bean and point at that using the user-service-ref - attribute. - -
Adding a Password Encoder + + Where "securityDataSource" is the name of a DataSource bean in the application context, + pointing at a database containing the standard Spring Security user data tables. Alternatively, you could configure + a Spring Security JdbcDaoImpl bean and point at that using the user-service-ref + attribute. + +
Adding a Password Encoder - Often your password data will be encoded using a hashing algorithm. This is supported by the >password-encoder< - element. With SHA-encoded passwords, the original authentication provider configuration would look like this: + Often your password data will be encoded using a hashing algorithm. This is supported by the <password-encoder> + element. With SHA encoded passwords, the original authentication provider configuration would look like this: @@ -286,22 +291,20 @@ ]]> - - When using hashed passwords, it's also a good idea to use a salt value to protect against dictionary attacks and Spring Security supports this too. - Ideally you would want to use a randomly generated salt value for each user, but you can use any property of the UserDetails - object which is loaded by your UserDetailsService. For example, to use the username property, you would use - + When using hashed passwords, it's also a good idea to use a salt value to protect against dictionary attacks and Spring Security supports this too. + Ideally you would want to use a randomly generated salt value for each user, but you can use any property of the UserDetails + object which is loaded by your UserDetailsService. For example, to use the username property, you would use + ]]> - You can use a custom password ecoder bean by using the ref attribute of password-encoder. This should - contain the name of a bean in the application context which is an instance of Spring Security's PasswordEncoder - interface. - -
+ You can use a custom password encoder bean by using the ref attribute of password-encoder. This should + contain the name of a bean in the application context which is an instance of Spring Security's PasswordEncoder + interface. +
-
\ No newline at end of file diff --git a/src/docbkx/springsecurity.xml b/src/docbkx/springsecurity.xml index c8a74dfb72..2480735610 100644 --- a/src/docbkx/springsecurity.xml +++ b/src/docbkx/springsecurity.xml @@ -84,16 +84,18 @@ Getting Started - The remaining parts of this guide provide an in-depth discussion of the + The later parts of this guide provide an in-depth discussion of the framework architecture and implementation classes, an understanding of which is important if you need to do any serious customization. In this part, we take a slightly gentler look at how to get started using some of the features of Spring Security 2.0. - The use of namespace configuration provides a much simpler path to securing + In particular, the use of namespace configuration provides a much simpler path to securing your application with little or no knowledge of the classes involved, unlike the traditional Spring bean approach which required you to configure large numbers of beans. + + @@ -109,8 +111,6 @@ are necessary to successfully planning and executing a Spring Security integration. - - diff --git a/src/docbkx/technical-overview.xml b/src/docbkx/technical-overview.xml index 24996ce863..088aa3207f 100644 --- a/src/docbkx/technical-overview.xml +++ b/src/docbkx/technical-overview.xml @@ -1,8 +1,8 @@ -Technical Overview + + Technical Overview - -
Runtime Environment - +
+ Runtime Environment Spring Security is written to execute within a standard Java 1.4 Runtime Environment. It also supports Java 5.0, although the Java @@ -477,11 +477,9 @@ String username = obj.toString(); - - + - Figure 1: The key "secure object" model