From 29a76691017184f9bccef14352a25c7c252420fa Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Fri, 30 Jul 2021 17:02:44 -0500 Subject: [PATCH] rg "xref:\S+?#\S+\[\]" docs/modules -l -g "*.adoc" | while read adoc_file_to_replace; do echo "Replacing $adoc_file_to_replace" for id_file in build/ids/*.id; do id=$(basename $id_file | sed 's/\.id$//') xref_page=$(cat $id_file) if [[ "$adoc_file_to_replace" -ef "./docs/modules/ROOT/pages/$xref_page" ]] then echo " - Skipping same page refid $id " else text_file=$(echo $id_file | sed 's/\.id$/.text/') default_text=$(cat $text_file) sed -i -E "s%xref:${xref_page}#${id}\[\]%xref:${xref_page}#${id}[$default_text]%g" $adoc_file_to_replace fi done done --- .../ROOT/pages/overview/getting-spring-security.adoc | 10 +++++----- docs/modules/ROOT/pages/reactive/exploits/csrf.adoc | 2 +- docs/modules/ROOT/pages/reactive/index.adoc | 2 +- docs/modules/ROOT/pages/reactive/method.adoc | 2 +- docs/modules/ROOT/pages/reactive/test.adoc | 2 +- .../modules/ROOT/pages/servlet/appendix/namespace.adoc | 4 ++-- .../modules/ROOT/pages/servlet/architecture/index.adoc | 4 ++-- .../servlet/authentication/architecture/index.adoc | 2 +- .../ROOT/pages/servlet/authentication/index.adoc | 4 ++-- .../ROOT/pages/servlet/authentication/logout.adoc | 4 ++-- .../ROOT/pages/servlet/authentication/openid.adoc | 2 +- .../ROOT/pages/servlet/authentication/unpwd/basic.adoc | 4 ++-- .../unpwd/dao-authentication-provider.adoc | 2 +- .../ROOT/pages/servlet/authentication/unpwd/form.adoc | 6 +++--- .../ROOT/pages/servlet/authentication/unpwd/index.adoc | 8 ++++---- .../ROOT/pages/servlet/authentication/unpwd/ldap.adoc | 2 +- .../servlet/authorization/authorize-requests.adoc | 4 ++-- docs/modules/ROOT/pages/servlet/exploits/csrf.adoc | 2 +- .../ROOT/pages/servlet/integrations/concurrency.adoc | 4 ++-- .../ROOT/pages/servlet/java-configuration/index.adoc | 2 +- docs/modules/ROOT/pages/servlet/namespace/index.adoc | 2 +- .../pages/servlet/oauth2/oauth2-resourceserver.adoc | 8 ++++---- 22 files changed, 41 insertions(+), 41 deletions(-) diff --git a/docs/modules/ROOT/pages/overview/getting-spring-security.adoc b/docs/modules/ROOT/pages/overview/getting-spring-security.adoc index a9b2eef369..bb5c7b9f1c 100644 --- a/docs/modules/ROOT/pages/overview/getting-spring-security.adoc +++ b/docs/modules/ROOT/pages/overview/getting-spring-security.adoc @@ -2,7 +2,7 @@ = Getting Spring Security This section discusses all you need to know about getting the Spring Security binaries. -See xref:overview/community.adoc#community-source[] for how to obtain the source code. +See xref:overview/community.adoc#community-source[Source Code] for how to obtain the source code. == Release Numbering @@ -72,7 +72,7 @@ You can do so by adding a Maven property, as the following example shows: ---- ==== -If you use additional features (such as LDAP, OpenID, and others), you need to also include the appropriate xref:overview/modules.adoc#modules[]. +If you use additional features (such as LDAP, OpenID, and others), you need to also include the appropriate xref:overview/modules.adoc#modules[Project Modules and Dependencies]. [[getting-maven-no-boot]] === Maven Without Spring Boot @@ -118,7 +118,7 @@ A minimal Spring Security Maven set of dependencies typically looks like the fol ---- ==== -If you use additional features (such as LDAP, OpenID, and others), you need to also include the appropriate xref:overview/modules.adoc#modules[]. +If you use additional features (such as LDAP, OpenID, and others), you need to also include the appropriate xref:overview/modules.adoc#modules[Project Modules and Dependencies]. Spring Security builds against Spring Framework {spring-core-version} but should generally work with any newer version of Spring Framework 5.x. Many users are likely to run afoul of the fact that Spring Security's transitive dependencies resolve Spring Framework {spring-core-version}, which can cause strange classpath problems. @@ -236,7 +236,7 @@ ext['spring.version']='{spring-core-version}' ---- ==== -If you use additional features (such as LDAP, OpenID, and others), you need to also include the appropriate xref:overview/modules.adoc#modules[]. +If you use additional features (such as LDAP, OpenID, and others), you need to also include the appropriate xref:overview/modules.adoc#modules[Project Modules and Dependencies]. === Gradle Without Spring Boot @@ -274,7 +274,7 @@ dependencies { ---- ==== -If you use additional features (such as LDAP, OpenID, and others), you need to also include the appropriate xref:overview/modules.adoc#modules[]. +If you use additional features (such as LDAP, OpenID, and others), you need to also include the appropriate xref:overview/modules.adoc#modules[Project Modules and Dependencies]. Spring Security builds against Spring Framework {spring-core-version} but should generally work with any newer version of Spring Framework 5.x. Many users are likely to run afoul of the fact that Spring Security's transitive dependencies resolve Spring Framework {spring-core-version}, which can cause strange classpath problems. diff --git a/docs/modules/ROOT/pages/reactive/exploits/csrf.adoc b/docs/modules/ROOT/pages/reactive/exploits/csrf.adoc index d596977b40..a626b99554 100644 --- a/docs/modules/ROOT/pages/reactive/exploits/csrf.adoc +++ b/docs/modules/ROOT/pages/reactive/exploits/csrf.adoc @@ -272,7 +272,7 @@ An example of doing this with Thymeleaf is shown below: == CSRF Considerations There are a few special considerations to consider when implementing protection against CSRF attacks. This section discusses those considerations as it pertains to WebFlux environments. -Refer to xref:overview/features/exploits/csrf.adoc#csrf-considerations[] for a more general discussion. +Refer to xref:overview/features/exploits/csrf.adoc#csrf-considerations[CSRF Considerations] for a more general discussion. [[webflux-considerations-csrf-login]] diff --git a/docs/modules/ROOT/pages/reactive/index.adoc b/docs/modules/ROOT/pages/reactive/index.adoc index 8791a47c32..812fa7adef 100644 --- a/docs/modules/ROOT/pages/reactive/index.adoc +++ b/docs/modules/ROOT/pages/reactive/index.adoc @@ -1,4 +1,4 @@ = Reactive Applications -Reactive applications work very differently than xref:servlet/index.adoc#servlet-applications[]. +Reactive applications work very differently than xref:servlet/index.adoc#servlet-applications[Servlet Applications]. This section discusses how Spring Security works with reactive applications which are typically written using Spring's WebFlux. diff --git a/docs/modules/ROOT/pages/reactive/method.adoc b/docs/modules/ROOT/pages/reactive/method.adoc index fbb07d4d7e..46502fe1a3 100644 --- a/docs/modules/ROOT/pages/reactive/method.adoc +++ b/docs/modules/ROOT/pages/reactive/method.adoc @@ -162,7 +162,7 @@ It is important to note that any of the expressions in standard method security However, at this time we only support return type of `Boolean` or `boolean` of the expression. This means that the expression must not block. -When integrating with xref:reactive/webflux.adoc#jc-webflux[], the Reactor Context is automatically established by Spring Security according to the authenticated user. +When integrating with xref:reactive/webflux.adoc#jc-webflux[WebFlux Security], the Reactor Context is automatically established by Spring Security according to the authenticated user. ==== .Java diff --git a/docs/modules/ROOT/pages/reactive/test.adoc b/docs/modules/ROOT/pages/reactive/test.adoc index 632e58e18f..183558b136 100644 --- a/docs/modules/ROOT/pages/reactive/test.adoc +++ b/docs/modules/ROOT/pages/reactive/test.adoc @@ -4,7 +4,7 @@ [[test-erms]] == Testing Reactive Method Security -For example, we can test our example from xref:reactive/method.adoc#jc-erms[] using the same setup and annotations we did in xref:servlet/test/method.adoc#test-method[]. +For example, we can test our example from xref:reactive/method.adoc#jc-erms[EnableReactiveMethodSecurity] using the same setup and annotations we did in xref:servlet/test/method.adoc#test-method[Testing Method Security]. Here is a minimal sample of what we can do: ==== diff --git a/docs/modules/ROOT/pages/servlet/appendix/namespace.adoc b/docs/modules/ROOT/pages/servlet/appendix/namespace.adoc index ec3d417bde..00ef0b7772 100644 --- a/docs/modules/ROOT/pages/servlet/appendix/namespace.adoc +++ b/docs/modules/ROOT/pages/servlet/appendix/namespace.adoc @@ -1616,7 +1616,7 @@ By default, an instance of `PortMapperImpl` will be added to the configuration f This element can optionally be used to override the default mappings which that class defines. Each child `` element defines a pair of HTTP:HTTPS ports. The default mappings are 80:443 and 8080:8443. -An example of overriding these can be found in xref:servlet/exploits/http.adoc#servlet-http-redirect[]. +An example of overriding these can be found in xref:servlet/exploits/http.adoc#servlet-http-redirect[Redirect to HTTPS]. [[nsa-port-mappings-parents]] @@ -2278,7 +2278,7 @@ select username, password, enabled from users where username = ? [[nsa-password-encoder]] === -Authentication providers can optionally be configured to use a password encoder as described in the xref:overview/features/authentication/password-storage.adoc#authentication-password-storage[]. +Authentication providers can optionally be configured to use a password encoder as described in the xref:overview/features/authentication/password-storage.adoc#authentication-password-storage[Password Storage]. This will result in the bean being injected with the appropriate `PasswordEncoder` instance. diff --git a/docs/modules/ROOT/pages/servlet/architecture/index.adoc b/docs/modules/ROOT/pages/servlet/architecture/index.adoc index 61fcb9f401..0ddea5d236 100644 --- a/docs/modules/ROOT/pages/servlet/architecture/index.adoc +++ b/docs/modules/ROOT/pages/servlet/architecture/index.adoc @@ -3,7 +3,7 @@ :figures: servlet/architecture This section discusses Spring Security's high level architecture within Servlet based applications. -We build on this high level understanding within xref:servlet/authentication/index.adoc#servlet-authentication[], xref:servlet/authorization/index.adoc#servlet-authorization[], xref:servlet/exploits/index.adoc#servlet-exploits[] sections of the reference. +We build on this high level understanding within xref:servlet/authentication/index.adoc#servlet-authentication[Authentication], xref:servlet/authorization/index.adoc#servlet-authorization[Authorization], xref:servlet/exploits/index.adoc#servlet-exploits[Protection Against Exploits] sections of the reference. // FIXME: Add links to other sections of architecture [[servlet-filters-review]] @@ -211,7 +211,7 @@ image::{figures}/exceptiontranslationfilter.png[] * image:{icondir}/number_1.png[] First, the `ExceptionTranslationFilter` invokes `FilterChain.doFilter(request, response)` to invoke the rest of the application. * image:{icondir}/number_2.png[] If the user is not authenticated or it is an `AuthenticationException`, then __Start Authentication__. -** The xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[] is cleared out. +** The xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder] is cleared out. ** The `HttpServletRequest` is saved in the {security-api-url}org/springframework/security/web/savedrequest/RequestCache.html[`RequestCache`]. When the user successfully authenticates, the `RequestCache` is used to replay the original request. // FIXME: add link to authentication success diff --git a/docs/modules/ROOT/pages/servlet/authentication/architecture/index.adoc b/docs/modules/ROOT/pages/servlet/authentication/architecture/index.adoc index 07b8afac58..441b21fd74 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/architecture/index.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/architecture/index.adoc @@ -2,7 +2,7 @@ = Servlet Authentication Architecture :figures: servlet/authentication/architecture -This discussion expands on xref:servlet/architecture/index.adoc#servlet-architecture[] to describe the main architectural components of Spring Security's used in Servlet authentication. +This discussion expands on xref:servlet/architecture/index.adoc#servlet-architecture[Servlet Security: The Big Picture] to describe the main architectural components of Spring Security's used in Servlet authentication. If you need concrete flows that explain how these pieces fit together, look at the xref:servlet/authentication/index.adoc#servlet-authentication-mechanisms[Authentication Mechanism] specific sections. * <> - The `SecurityContextHolder` is where Spring Security stores the details of who is xref:overview/features/authentication/index.adoc#authentication[authenticated]. diff --git a/docs/modules/ROOT/pages/servlet/authentication/index.adoc b/docs/modules/ROOT/pages/servlet/authentication/index.adoc index 3d8053ac1d..a51390e95d 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/index.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/index.adoc @@ -1,7 +1,7 @@ [[servlet-authentication]] = Authentication -Spring Security provides comprehensive support for xref:overview/features/authentication/index.adoc#authentication[]. +Spring Security provides comprehensive support for xref:overview/features/authentication/index.adoc#authentication[Authentication]. We start by discussing the overall xref:servlet/architecture/index.adoc#servlet-architecture[Servlet Authentication Architecture]. As you might expect, this section is more abstract describing the architecture without much discussion on how it applies to concrete flows. @@ -20,5 +20,5 @@ These sections focus on specific ways you may want to authenticate and point bac * xref:servlet/authentication/rememberme.adoc#servlet-rememberme[Remember Me] - how to remember a user past session expiration * xref:servlet/authentication/jaas.adoc#servlet-jaas[JAAS Authentication] - authenticate with JAAS * xref:servlet/authentication/openid.adoc#servlet-openid[OpenID] - OpenID Authentication (not to be confused with OpenID Connect) -* xref:servlet/authentication/preauth.adoc#servlet-preauth[] - authenticate with an external mechanism such as https://www.siteminder.com/[SiteMinder] or Java EE security but still use Spring Security for authorization and protection against common exploits. +* xref:servlet/authentication/preauth.adoc#servlet-preauth[Pre-Authentication Scenarios] - authenticate with an external mechanism such as https://www.siteminder.com/[SiteMinder] or Java EE security but still use Spring Security for authorization and protection against common exploits. * xref:servlet/authentication/x509.adoc#servlet-x509[X509 Authentication] - X509 Authentication diff --git a/docs/modules/ROOT/pages/servlet/authentication/logout.adoc b/docs/modules/ROOT/pages/servlet/authentication/logout.adoc index c529c9afed..db4276e6df 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/logout.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/logout.adoc @@ -108,7 +108,7 @@ Various implementations are provided: - {security-api-url}org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.html[SecurityContextLogoutHandler] - {security-api-url}org/springframework/security/web/authentication/logout/HeaderWriterLogoutHandler.html[HeaderWriterLogoutHandler] -Please see xref:servlet/authentication/rememberme.adoc#remember-me-impls[] for details. +Please see xref:servlet/authentication/rememberme.adoc#remember-me-impls[Remember-Me Interfaces and Implementations] for details. Instead of providing `LogoutHandler` implementations directly, the fluent API also provides shortcuts that provide the respective `LogoutHandler` implementations under the covers. E.g. `deleteCookies()` allows specifying the names of one or more cookies to be removed on logout success. @@ -142,7 +142,7 @@ If not configured a status code 200 will be returned by default. - <> - xref:servlet/test/mockmvc.adoc#test-logout[ Testing Logout] - xref:servlet/integrations/servlet-api.adoc#servletapi-logout[ HttpServletRequest.logout()] -- xref:servlet/authentication/rememberme.adoc#remember-me-impls[] +- xref:servlet/authentication/rememberme.adoc#remember-me-impls[Remember-Me Interfaces and Implementations] - xref:servlet/exploits/csrf.adoc#servlet-considerations-csrf-logout[ Logging Out] in section CSRF Caveats - Section xref:servlet/authentication/cas.adoc#cas-singlelogout[ Single Logout] (CAS protocol) - Documentation for the xref:servlet/appendix/namespace.adoc#nsa-logout[ logout element] in the Spring Security XML Namespace section diff --git a/docs/modules/ROOT/pages/servlet/authentication/openid.adoc b/docs/modules/ROOT/pages/servlet/authentication/openid.adoc index 9ada981dd5..d15acca793 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/openid.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/openid.adoc @@ -53,7 +53,7 @@ OpenIDAuthenticationToken token = List attributes = token.getAttributes(); ---- -We can obtain the `OpenIDAuthenticationToken` from the xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[]. +We can obtain the `OpenIDAuthenticationToken` from the xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder]. The `OpenIDAttribute` contains the attribute type and the retrieved value (or values in the case of multi-valued attributes). You can supply multiple `attribute-exchange` elements, using an `identifier-matcher` attribute on each. This contains a regular expression which will be matched against the OpenID identifier supplied by the user. diff --git a/docs/modules/ROOT/pages/servlet/authentication/unpwd/basic.adoc b/docs/modules/ROOT/pages/servlet/authentication/unpwd/basic.adoc index 098d04672a..1796621b89 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/unpwd/basic.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/unpwd/basic.adoc @@ -38,7 +38,7 @@ The details of what `AuthenticationManager` looks like depend on how the xref:se image:{icondir}/number_3.png[] If authentication fails, then __Failure__ -* The xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[] is cleared out. +* The xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder] is cleared out. * `RememberMeServices.loginFail` is invoked. If remember me is not configured, this is a no-op. // FIXME: link to rememberme @@ -46,7 +46,7 @@ If remember me is not configured, this is a no-op. image:{icondir}/number_4.png[] If authentication is successful, then __Success__. -* The xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authentication[] is set on the xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[]. +* The xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authentication[Authentication] is set on the xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder]. * `RememberMeServices.loginSuccess` is invoked. If remember me is not configured, this is a no-op. // FIXME: link to rememberme diff --git a/docs/modules/ROOT/pages/servlet/authentication/unpwd/dao-authentication-provider.adoc b/docs/modules/ROOT/pages/servlet/authentication/unpwd/dao-authentication-provider.adoc index 3d716d14c2..c25bf6c8e7 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/unpwd/dao-authentication-provider.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/unpwd/dao-authentication-provider.adoc @@ -12,7 +12,7 @@ image::{figures}/daoauthenticationprovider.png[] image:{icondir}/number_1.png[] The authentication `Filter` from xref:servlet/authentication/unpwd/index.adoc#servlet-authentication-unpwd-input[Reading the Username & Password] passes a `UsernamePasswordAuthenticationToken` to the `AuthenticationManager` which is implemented by xref:servlet/authentication/architecture/index.adoc#servlet-authentication-providermanager[`ProviderManager`]. -image:{icondir}/number_2.png[] The `ProviderManager` is configured to use an xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authenticationprovider[] of type `DaoAuthenticationProvider`. +image:{icondir}/number_2.png[] The `ProviderManager` is configured to use an xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authenticationprovider[AuthenticationProvider] of type `DaoAuthenticationProvider`. image:{icondir}/number_3.png[] `DaoAuthenticationProvider` looks up the `UserDetails` from the `UserDetailsService`. diff --git a/docs/modules/ROOT/pages/servlet/authentication/unpwd/form.adoc b/docs/modules/ROOT/pages/servlet/authentication/unpwd/form.adoc index 8ecd652912..368187c13f 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/unpwd/form.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/unpwd/form.adoc @@ -27,7 +27,7 @@ image:{icondir}/number_5.png[] Something within the application, must <] support to secure one of your services. You can now easily transfer the `SecurityContext` of the current `Thread` to the `Thread` that invokes the secured service. An example of how you might do this can be found below: diff --git a/docs/modules/ROOT/pages/servlet/java-configuration/index.adoc b/docs/modules/ROOT/pages/servlet/java-configuration/index.adoc index 54cf54aa74..711ae532a9 100644 --- a/docs/modules/ROOT/pages/servlet/java-configuration/index.adoc +++ b/docs/modules/ROOT/pages/servlet/java-configuration/index.adoc @@ -5,7 +5,7 @@ General support for https://docs.spring.io/spring/docs/3.1.x/spring-framework-reference/html/beans.html#beans-java[Java Configuration] was added to Spring Framework in Spring 3.1. Since Spring Security 3.2 there has been Spring Security Java Configuration support which enables users to easily configure Spring Security without the use of any XML. -If you are familiar with the xref:servlet/namespace/index.adoc#ns-config[] then you should find quite a few similarities between it and the Security Java Configuration support. +If you are familiar with the xref:servlet/namespace/index.adoc#ns-config[Security Namespace Configuration] then you should find quite a few similarities between it and the Security Java Configuration support. NOTE: Spring Security provides https://github.com/spring-projects/spring-security-samples/tree/main/servlet/java-configuration[lots of sample applications] which demonstrate the use of Spring Security Java Configuration. diff --git a/docs/modules/ROOT/pages/servlet/namespace/index.adoc b/docs/modules/ROOT/pages/servlet/namespace/index.adoc index 488c3743c7..e11eebde48 100644 --- a/docs/modules/ROOT/pages/servlet/namespace/index.adoc +++ b/docs/modules/ROOT/pages/servlet/namespace/index.adoc @@ -18,7 +18,7 @@ For example, adding the following element from the security namespace to an appl This is much simpler than wiring up the equivalent Apache Directory Server beans. The most common alternative configuration requirements are supported by attributes on the `ldap-server` element and the user is isolated from worrying about which beans they need to create and what the bean property names are. -footnote:[You can find out more about the use of the `ldap-server` element in the chapter on pass:specialcharacters,macros[xref:servlet/authentication/unpwd/ldap.adoc#servlet-authentication-ldap[]].]. +footnote:[You can find out more about the use of the `ldap-server` element in the chapter on pass:specialcharacters,macros[xref:servlet/authentication/unpwd/ldap.adoc#servlet-authentication-ldap[LDAP Authentication]].]. Use of a good XML editor while editing the application context file should provide information on the attributes and elements that are available. We would recommend that you try out the https://spring.io/tools[Eclipse IDE with Spring Tools] as it has special features for working with standard Spring namespaces. diff --git a/docs/modules/ROOT/pages/servlet/oauth2/oauth2-resourceserver.adoc b/docs/modules/ROOT/pages/servlet/oauth2/oauth2-resourceserver.adoc index c9e00338ec..e05e4402b6 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/oauth2-resourceserver.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/oauth2-resourceserver.adoc @@ -49,12 +49,12 @@ The details of what `AuthenticationManager` looks like depends on whether you're image:{icondir}/number_3.png[] If authentication fails, then __Failure__ -* The xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[] is cleared out. +* The xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder] is cleared out. * The `AuthenticationEntryPoint` is invoked to trigger the WWW-Authenticate header to be sent again. image:{icondir}/number_4.png[] If authentication is successful, then __Success__. -* The xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authentication[] is set on the xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[]. +* The xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authentication[Authentication] is set on the xref:servlet/authentication/architecture/index.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder]. * The `BearerTokenAuthenticationFilter` invokes `FilterChain.doFilter(request,response)` to continue with the rest of the application logic. [[oauth2resourceserver-jwt-minimaldependencies]] @@ -152,7 +152,7 @@ image::{figures}/jwtauthenticationprovider.png[] image:{icondir}/number_1.png[] The authentication `Filter` from <> passes a `BearerTokenAuthenticationToken` to the `AuthenticationManager` which is implemented by xref:servlet/authentication/architecture/index.adoc#servlet-authentication-providermanager[`ProviderManager`]. -image:{icondir}/number_2.png[] The `ProviderManager` is configured to use an xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authenticationprovider[] of type `JwtAuthenticationProvider`. +image:{icondir}/number_2.png[] The `ProviderManager` is configured to use an xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authenticationprovider[AuthenticationProvider] of type `JwtAuthenticationProvider`. [[oauth2resourceserver-jwt-architecture-jwtdecoder]] image:{icondir}/number_3.png[] `JwtAuthenticationProvider` decodes, verifies, and validates the `Jwt` using a <>. @@ -1523,7 +1523,7 @@ image::{figures}/opaquetokenauthenticationprovider.png[] image:{icondir}/number_1.png[] The authentication `Filter` from <> passes a `BearerTokenAuthenticationToken` to the `AuthenticationManager` which is implemented by xref:servlet/authentication/architecture/index.adoc#servlet-authentication-providermanager[`ProviderManager`]. -image:{icondir}/number_2.png[] The `ProviderManager` is configured to use an xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authenticationprovider[] of type `OpaqueTokenAuthenticationProvider`. +image:{icondir}/number_2.png[] The `ProviderManager` is configured to use an xref:servlet/authentication/architecture/index.adoc#servlet-authentication-authenticationprovider[AuthenticationProvider] of type `OpaqueTokenAuthenticationProvider`. [[oauth2resourceserver-opaque-architecture-introspector]] image:{icondir}/number_3.png[] `OpaqueTokenAuthenticationProvider` introspects the opaque token and adds granted authorities using an <>.