From 1d916c35d122a1fca0f614c23a0192068a287844 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 00:25:08 +0000 Subject: [PATCH 1/2] Bump @antora/collector-extension in /docs --- updated-dependencies: - dependency-name: "@antora/collector-extension" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- docs/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/package.json b/docs/package.json index 2054ec1c59..e63fe5321d 100644 --- a/docs/package.json +++ b/docs/package.json @@ -2,7 +2,7 @@ "dependencies": { "antora": "3.2.0-alpha.6", "@antora/atlas-extension": "1.0.0-alpha.2", - "@antora/collector-extension": "1.0.0-beta.5", + "@antora/collector-extension": "1.0.0-rc.1", "@asciidoctor/tabs": "1.0.0-beta.6", "@springio/antora-extensions": "1.14.2", "@springio/asciidoctor-extensions": "1.0.0-alpha.14" From 68d91916e2d9ddf792cb37a9fdfd1ebbe4d42cff Mon Sep 17 00:00:00 2001 From: Harpreet Singh Date: Sun, 24 Nov 2024 00:52:13 +0530 Subject: [PATCH 2/2] Polish Dark Mode for CSRF and Method Security diagrams Closes gh-16151 --- .../ROOT/pages/servlet/authorization/method-security.adoc | 1 + docs/modules/ROOT/pages/servlet/exploits/csrf.adoc | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc index 23dcbc5a2d..36b4a94b7f 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/method-security.adoc @@ -114,6 +114,7 @@ open class MyCustomerService { A given invocation to `MyCustomerService#readCustomer` may look something like this when Method Security <>: +[.invert-dark] image::{figures}/methodsecurity.png[] 1. Spring AOP invokes its proxy method for `readCustomer`. Among the proxy's other advisors, it invokes an {security-api-url}org/springframework/security/authorization/method/AuthorizationManagerBeforeMethodInterceptor.html[`AuthorizationManagerBeforeMethodInterceptor`] that matches <> diff --git a/docs/modules/ROOT/pages/servlet/exploits/csrf.adoc b/docs/modules/ROOT/pages/servlet/exploits/csrf.adoc index 645803e296..df4fa3363e 100644 --- a/docs/modules/ROOT/pages/servlet/exploits/csrf.adoc +++ b/docs/modules/ROOT/pages/servlet/exploits/csrf.adoc @@ -82,6 +82,7 @@ To learn more about CSRF protection for your application, consider the following CSRF protection is provided by several components that are composed within the {security-api-url}org/springframework/security/web/csrf/CsrfFilter.html[`CsrfFilter`]: .`CsrfFilter` Components +[.invert-dark] image::{figures}/csrf.png[] CSRF protection is divided into two parts: @@ -90,6 +91,7 @@ CSRF protection is divided into two parts: 2. Determine if the request requires CSRF protection, load and validate the token, and <>. .`CsrfFilter` Processing +[.invert-dark] image::{figures}/csrf-processing.png[] * image:{icondir}/number_1.png[] First, the {security-api-url}org/springframework/security/web/csrf/DeferredCsrfToken.html[`DeferredCsrfToken`] is loaded, which holds a reference to the <> so that the persisted `CsrfToken` can be loaded later (in image:{icondir}/number_4.png[]).