From 1dd478719487f3d8b9e9312a2a717a19a513bbbc Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Thu, 10 Jun 2010 22:17:58 +0100 Subject: [PATCH] Added note in namespace chapter clarifying that method security only applies to Spring beans, plus aspectj mode info to appendix. --- docs/manual/src/docbook/appendix-namespace.xml | 12 ++++++++++-- docs/manual/src/docbook/namespace-config.xml | 11 ++++++++++- 2 files changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/manual/src/docbook/appendix-namespace.xml b/docs/manual/src/docbook/appendix-namespace.xml index e1b472b4b0..9eeed1bee4 100644 --- a/docs/manual/src/docbook/appendix-namespace.xml +++ b/docs/manual/src/docbook/appendix-namespace.xml @@ -586,9 +586,9 @@ -
+
Method Security -
+
The <literal><global-method-security></literal> Element This element is the primary means of adding support for securing methods on Spring Security beans. Methods can be secured by the use of annotations (defined at @@ -609,6 +609,14 @@ sure you do this if you are using a custom implementation and want to use these annotations.
+
+ The <literal>mode</literal> Attribute + This attribute can be set to aspectj to specify that + AspectJ should be used instead of the default Spring AOP. Secured methods must + be woven with the AnnotationSecurityAspect from the + spring-security-aspects module. + +
Securing Methods using <literal><protect-pointcut></literal> Rather than defining security attributes on an individual method or class diff --git a/docs/manual/src/docbook/namespace-config.xml b/docs/manual/src/docbook/namespace-config.xml index 24ebff704e..abf128c91a 100644 --- a/docs/manual/src/docbook/namespace-config.xml +++ b/docs/manual/src/docbook/namespace-config.xml @@ -843,7 +843,16 @@ List<OpenIDAttribute> attributes = token.getAttributes();The annotations are a good choice if you need to define simple rules that go beyond checking the role names against the user's list of authorities. You can enable more than one type of annotation in the same application, but you should avoid mixing - annotations types in the same interface or class to avoid confusion. + annotations types in the same interface or class to avoid confusion. + + The annotated methods will only be secured for instances which are defined + as Spring beans (in the same application context in which method-security + is enabled). If you want to secure instances which are not created by Spring + (using the new operator, for example) then you need to use + AspectJ. + + +
Adding Security Pointcuts using <literal>protect-pointcut</literal> The use of protect-pointcut is particularly powerful, as