From 3469bcb82297d9e0e20e0a7f8135ef4734a1f4f6 Mon Sep 17 00:00:00 2001 From: Josh Cummings Date: Wed, 10 May 2023 15:51:49 -0600 Subject: [PATCH] Address Antora Warnings --- .../pages/reactive/oauth2/login/advanced.adoc | 4 ++-- .../pages/servlet/authentication/persistence.adoc | 15 +++++++++------ .../ROOT/pages/servlet/oauth2/login/advanced.adoc | 2 +- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc b/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc index f2116565b8..ee917f8ba0 100644 --- a/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc +++ b/docs/modules/ROOT/pages/reactive/oauth2/login/advanced.adoc @@ -207,7 +207,7 @@ The Redirection Endpoint is used by the Authorization Server for returning the A OAuth 2.0 Login leverages the Authorization Code Grant. Therefore, the authorization credential is the authorization code. -The default Authorization Response redirection endpoint is `/login/oauth2/code/{registrationId}`. +The default Authorization Response redirection endpoint is `+/login/oauth2/code/{registrationId}+`. If you would like to customize the Authorization Response redirection endpoint, configure it as shown in the following example: @@ -739,5 +739,5 @@ class OAuth2LoginSecurityConfig { ---- ==== -NOTE: `OidcClientInitiatedServerLogoutSuccessHandler` supports the `{baseUrl}` placeholder. +NOTE: `OidcClientInitiatedServerLogoutSuccessHandler` supports the `+{baseUrl}+` placeholder. If used, the application's base URL, like `https://app.example.org`, will replace it at request time. diff --git a/docs/modules/ROOT/pages/servlet/authentication/persistence.adoc b/docs/modules/ROOT/pages/servlet/authentication/persistence.adoc index 6d88332634..b35a910d5b 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/persistence.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/persistence.adoc @@ -122,9 +122,11 @@ The {security-api-url}org/springframework/security/web/context/SecurityContextPe image::{figures}/securitycontextpersistencefilter.png[] -<1> Before running the rest of the application, `SecurityContextPersistenceFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`. -<2> Next, the application is ran. -<3> Finally, if the `SecurityContext` has changed, we save the `SecurityContext` using the `SecurityContextPersistenceRepository`. +image:{icondir}/number_1.png[] Before running the rest of the application, `SecurityContextPersistenceFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`. + +image:{icondir}/number_2.png[] Next, the application is ran. + +image:{icondir}/number_3.png[] Finally, if the `SecurityContext` has changed, we save the `SecurityContext` using the `SecurityContextPersistenceRepository`. This means that when using `SecurityContextPersistenceFilter`, just setting the `SecurityContextHolder` will ensure that the `SecurityContext` is persisted using `SecurityContextRepository`. In some cases a response is committed and written to the client before the `SecurityContextPersisteneFilter` method completes. @@ -141,8 +143,9 @@ The {security-api-url}org/springframework/security/web/context/SecurityContextHo image::{figures}/securitycontextholderfilter.png[] -<1> Before running the rest of the application, `SecurityContextHolderFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`. -<2> Next, the application is ran. +image:{icondir}/number_1.png[] Before running the rest of the application, `SecurityContextHolderFilter` loads the `SecurityContext` from the `SecurityContextRepository` and sets it on the `SecurityContextHolder`. + +image:{icondir}/number_2.png[] Next, the application is ran. Unlike, xref:servlet/authentication/persistence.adoc#securitycontextpersistencefilter[`SecurityContextPersisteneFilter`], `SecurityContextHolderFilter` only loads the `SecurityContext` it does not save the `SecurityContext`. This means that when using `SecurityContextHolderFilter`, it is required that the `SecurityContext` is explicitly saved. @@ -169,4 +172,4 @@ public SecurityFilterChain filterChain(HttpSecurity http) { ---- -==== \ No newline at end of file +==== diff --git a/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc b/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc index 81f368ea34..221a9c15ea 100644 --- a/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc +++ b/docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc @@ -958,5 +958,5 @@ class OAuth2LoginSecurityConfig { ---- ==== -NOTE: `OidcClientInitiatedLogoutSuccessHandler` supports the `{baseUrl}` placeholder. +NOTE: `OidcClientInitiatedLogoutSuccessHandler` supports the `+{baseUrl}+` placeholder. If used, the application's base URL, like `https://app.example.org`, will replace it at request time.