From 11a7c6aa27333f5bd883f9fb76bf86f395b18d74 Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Thu, 16 Sep 2004 06:45:26 +0000 Subject: [PATCH] Documentation improvements contributed by Andrew Petro. --- contributors.txt | 2 ++ docs/reference/src/index.xml | 30 ++++++++++++++++-------------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/contributors.txt b/contributors.txt index 578059e3ce..6ac6e20cd9 100644 --- a/contributors.txt +++ b/contributors.txt @@ -36,6 +36,8 @@ contributions to the Acegi Security System for Spring project: * James Monaghan contributed the AcegiRemoteInvocation support classes. +* Andrew Petro contributed documentation improvements. + * Anyone else I've forgotten (please let me know so I can correct this). Plus of course all the people who use the project and provide feedback, bug diff --git a/docs/reference/src/index.xml b/docs/reference/src/index.xml index ace73552f5..ce9e72eb2a 100644 --- a/docs/reference/src/index.xml +++ b/docs/reference/src/index.xml @@ -670,8 +670,8 @@ list than less specific expressions. This is reflected in our example above, where the more specific /secure/super/ pattern appears higher than the less specific - /super/ pattern. If they were reversed, the - /super/ pattern would always match and the + /secure/ pattern. If they were reversed, the + /secure/ pattern would always match and the /secure/super/ pattern would never be evaluated. @@ -1596,12 +1596,12 @@ public boolean supports(Class clazz); ifNotGranted="ROLE_SUPERVISOR", or you'll be surprised to never see the tag's body. - By requiring all attributes to return true, it allows you to + By requiring all attributes to return true, the authorize tag allows you to create more complex authorization scenarios. For example, you could declare an ifAllGranted="ROLE_SUPERVISOR" and an ifNotGranted="ROLE_NEWBIE_SUPERVISOR" in the same tag, in order to prevent new supervisors from seeing the tag body. - Although it would no doubt be simpler to use + However it would no doubt be simpler to use ifAllGranted="ROLE_EXPERIENCED_SUPERVISOR" rather than inserting NOT conditions into your design. @@ -1632,12 +1632,12 @@ public boolean supports(Class clazz); - Most authorization decision rules can be easily satisfied by - writing an AccessDecisionVoter implementation + Writing an AccessDecisionVoter implementation and using either ConsensusBased, AffirmativeBased or UnanimousBased as the - AccessDecisionManager. + AccessDecisionManager may be the best approach to + implementing your custom access decision rules. @@ -1750,12 +1750,12 @@ public boolean supports(Class clazz); Everything presented so far assumes one thing: the ContextHolder is populated with a valid SecureContext, which in turn contains a valid - Authentication object. Develolpers are free to do + Authentication object. Developers are free to do this in whichever way they like, such as directly calling the relevant objects at runtime. However, several classes have been provided to make this process transparent in many situations. - The net.sf.acegisecurity.ui package is design + The net.sf.acegisecurity.ui package is designed to make interfacing web application user interfaces with the ContextHolder as simple as possible. There are two major steps in doing this: @@ -2453,8 +2453,10 @@ $CATALINA_HOME/bin/startup.sh into some type of backend authentication repository, such as an LDAP server or database. - If you're running an existing CAS server, you will have already - established a PasswordHandler. If you have not, + If you are already running an existing CAS server instance, + you will have already + established a PasswordHandler. If you do not + already have a PasswordHandler, you might prefer to use the Acegi Security System for Spring CasPasswordHandler class. This class delegates through to the standard Acegi Security @@ -2513,8 +2515,8 @@ $CATALINA_HOME/bin/startup.sh redirect the user's browser to the CAS server. It will also indicate a service parameter, which is the callback URL for the Acegi Security service. For example, the URL - the browser is redirected to might be - https://my.company.com/cas/login?service=https://server3.company.com/webapp/j_acegi_cas_security_check. + to which the browser is redirected might be + https://my.company.com/cas/login?service=https%3A%2F%2Fserver3.company.com%2Fwebapp%2Fj_acegi_cas_security_check. @@ -2572,7 +2574,7 @@ $CATALINA_HOME/bin/startup.sh to the CAS server in order to validate the service ticket. The CasProxyTicketValidator may also include a proxy callback URL, which is included in this example: - https://my.company.com/cas/proxyValidate?service=https://server3.company.com/webapp/j_acegi_cas_security_check&ticket=ST-0-ER94xMJmn6pha35CQRoZ&pgtUrl=https://server3.company.com/webapp/casProxy/receptor. + https://my.company.com/cas/proxyValidate?service=https%3A%2F%2Fserver3.company.com%2Fwebapp%2Fj_acegi_cas_security_check&ticket=ST-0-ER94xMJmn6pha35CQRoZ&pgtUrl=https://server3.company.com/webapp/casProxy/receptor.