Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-01 09:42:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Minor rewording of "child web context" FAQ.

Browse Source
This commit is contained in:
Luke Taylor 2011-03-13 20:45:22 +00:00
parent bb3b8e4683
commit 3a3b2df1c5
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docs/faq/src/docbook/faq.xml
View File

@ -326,14 +326,23 @@
element to my application context but if I add security annotations to my element to my application context but if I add security annotations to my
Spring MVC controller beans (Struts actions etc.) then they don't seem to Spring MVC controller beans (Struts actions etc.) then they don't seem to
have an effect.</para></question> have an effect.</para></question>
<answer><para> The application context which holds the Spring MVC beans for the <answer><para> In a Spring web application, the application context which
dispatcher servlet is a child application context of the main application holds the Spring MVC beans for the dispatcher servlet is often separate from the main
context which is loaded using the application context. It is often defined in a file called
<classname>ContextLoaderListener</classname> you define in your <literal>myapp-servlet.xml</literal>, where <quote>myapp</quote> is the name
<filename>web.xml</filename>. The beans in the child context are not assigned to the Spring <classname>DispatcherServlet</classname> in <filename>web.xml</filename>.
visible in the parent context so you need to either move the An application can have multiple <classname>DispatcherServlet</classname>s, each with its own
&lt;global-method-security&gt; declaration to the web context or moved the isolated application context. The beans in these <quote>child</quote> contexts are not
beans you want secured into the main application context. visible to the rest of the application. The <quote>parent</quote> application context is
loaded by the <classname>ContextLoaderListener</classname> you define in your
<filename>web.xml</filename> and is visible to all the child contexts. This parent context is
usually where you define your security configuration, including the
<literal>&lt;global-method-security&gt;</literal> element). As a result
any security constraints applied to methods in these web beans will not be enforced,
since the beans cannot be seen from the <classname>DispatcherServlet</classname> context.
You need to either move the <literal>&lt;global-method-security&gt;</literal>
declaration to the web context or moved the beans you want secured into the main
application context.
</para><para>Generally we would recommend applying method security at the </para><para>Generally we would recommend applying method security at the
service layer rather than on individual web controllers.</para></answer> service layer rather than on individual web controllers.</para></answer>
</qandaentry> </qandaentry>