Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-12 13:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Minor corrections to form-authentication.xml

Browse Source
This commit is contained in:
Luke Taylor 2008-04-10 16:50:28 +00:00
parent a7ab048f3b
commit 15c96521fd
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/docbkx/form-authentication.xml
View File

@ -7,19 +7,19 @@
<para>HTTP Form Authentication involves using the <para>HTTP Form Authentication involves using the
<literal>AuthenticationProcessingFilter</literal> to process a login <literal>AuthenticationProcessingFilter</literal> to process a login
form. This is the most common way that application authenticate end form. This is the most common way for an application to authenticate end
users. Form-based authentication is entirely compatible with the DAO users. Form-based authentication is entirely compatible with the DAO
and JAAS authentication providers.</para> and JAAS authentication providers.</para>
</section> </section>
<section xml:id="form-config"><info><title>Configuration</title></info> <section xml:id="form-config">
<info><title>Configuration</title></info>
<para>The login form simply contains <literal>j_username</literal> and <para>The login form simply contains <literal>j_username</literal> and
<literal>j_password</literal> input fields, and posts to a URL that is <literal>j_password</literal> input fields, and posts to a URL that is
monitored by the filter (by default monitored by the filter (by default
<literal>j_spring_security_check</literal>). You should add an <literal>/j_spring_security_check</literal>). You should add an
<literal>AuthenticationProcessingFilter</literal> to you application context: <literal>AuthenticationProcessingFilter</literal> to your application context:
<programlisting><![CDATA[ <programlisting><![CDATA[
<bean id="authenticationProcessingFilter" <bean id="authenticationProcessingFilter"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter"> class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
@ -44,14 +44,13 @@
<literal>SecurityContextHolder</literal>.</para> <literal>SecurityContextHolder</literal>.</para>
<para>Once the <literal>SecurityContextHolder</literal> has been <para>Once the <literal>SecurityContextHolder</literal> has been
updated, the browser will need to be redirected to the target URL. The updated, the browser will need to be redirected to the target URL which
target URL is usually indicated by the <literal>HttpSession</literal> is usually indicated by the <literal>HttpSession</literal> attribute stored under
attribute specified by
<literal>AbstractProcessingFilter.SPRING_SECURITY_TARGET_URL_KEY</literal>. <literal>AbstractProcessingFilter.SPRING_SECURITY_TARGET_URL_KEY</literal>.
This attribute is automatically set by the This attribute is automatically set by the
<literal>ExceptionTranslationFilter</literal> when an <literal>ExceptionTranslationFilter</literal> when an
<literal>AuthenticationException</literal> occurs, so that after login <literal>AuthenticationException</literal> occurs, so that after login
is completed the user can return to what they were trying to access. is completed the user can return to what they were originally trying to access.
If for some reason the <literal>HttpSession</literal> does not If for some reason the <literal>HttpSession</literal> does not
indicate the target URL, the browser will be redirected to the indicate the target URL, the browser will be redirected to the
<literal>defaultTargetUrl</literal> property.</para> <literal>defaultTargetUrl</literal> property.</para>