Added note in namespace chapter clarifying that method security only applies to Spring beans, plus aspectj mode info to appendix.

2010-06-10 22:17:58 +01:00 · 2010-06-10 22:17:58 +01:00 · 1dd4787194
parent 5939f17708
commit 1dd4787194
2 changed files with 20 additions and 3 deletions
--- a/docs/manual/src/docbook/appendix-namespace.xml
+++ b/docs/manual/src/docbook/appendix-namespace.xml
@ -586,9 +586,9 @@
            </section>
        </section>
    </section>
-    <section>
+    <section xml:id="ns-method-security">
        <title>Method Security</title>
-        <section>
+        <section xml:id="nsa-gms">
            <title>The <literal>&lt;global-method-security&gt;</literal> Element</title>
            <para> This element is the primary means of adding support for securing methods on
                Spring Security beans. Methods can be secured by the use of annotations (defined at
@ -609,6 +609,14 @@
                    sure you do this if you are using a custom implementation and want to use these
                    annotations. </para>
            </section>
+            <section xml:id="nsa-gms-mode">
+                <title>The <literal>mode</literal> Attribute</title>
+                <para>This attribute can be set to <quote>aspectj</quote> to specify that
+                    AspectJ should be used instead of the default Spring AOP. Secured methods must
+                    be woven with the <classname>AnnotationSecurityAspect</classname> from the
+                    <literal>spring-security-aspects</literal> module.
+                </para>
+            </section>
            <section>
                <title>Securing Methods using <literal>&lt;protect-pointcut&gt;</literal></title>
                <para> Rather than defining security attributes on an individual method or class
--- a/docs/manual/src/docbook/namespace-config.xml
+++ b/docs/manual/src/docbook/namespace-config.xml
@ -843,7 +843,16 @@ List&lt;OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
                annotations are a good choice if you need to define simple rules that go beyond
                checking the role names against the user's list of authorities. You can enable more
                than one type of annotation in the same application, but you should avoid mixing
-                annotations types in the same interface or class to avoid confusion.</para>
+                annotations types in the same interface or class to avoid confusion.
+            <note>
+                <para>The annotated methods will only be secured for instances which are defined
+                as Spring beans (in the same application context in which method-security
+                is enabled). If you want to secure instances which are not created by Spring
+                (using the <literal>new</literal> operator, for example) then you need to use
+                 AspectJ.
+                </para>
+            </note>
+            </para>
            <section xml:id="ns-protect-pointcut">
                <title>Adding Security Pointcuts using <literal>protect-pointcut</literal></title>
                <para> The use of <literal>protect-pointcut</literal> is particularly powerful, as