Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Polish Docs 

Issue gh-8005
This commit is contained in:
Rob Winch 2020-02-20 14:57:15 -06:00
parent 7adddb6b30
commit 42d79c684b
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
docs/manual/src/docs/asciidoc/_includes/servlet/architecture/index.adoc
View File

@ -78,14 +78,18 @@ However, Spring typically uses a `ContextLoaderListener` to load the Spring Bean
== FilterChainProxy == FilterChainProxy
Spring Security's Servlet support is contained within `FilterChainProxy`. Spring Security's Servlet support is contained within `FilterChainProxy`.
`FilterChainProxy` is a special `Filter` provided by Spring Security that allows delegating to many `Filter` instances through the `SecurityFilterChain` API. `FilterChainProxy` is a special `Filter` provided by Spring Security that allows delegating to many `Filter` instances through <<servlet-securityfilterchain,`SecurityFilterChain`>>.
// FIXME: link to SecurityFilterChain
Since `FilterChainProxy` is a Bean, it is typically wrapped in a <<servlet-delegatingfilterproxy>>. Since `FilterChainProxy` is a Bean, it is typically wrapped in a <<servlet-delegatingfilterproxy>>.
.FilterChainProxy .FilterChainProxy
[[servlet-filterchainproxy-figure]] [[servlet-filterchainproxy-figure]]
image::{figures}/filterchainproxy.png[] image::{figures}/filterchainproxy.png[]
[[servlet-securityfilterchain]]
== SecurityFilterChain
{security-api-url}org/springframework/security/web/SecurityFilterChain.html[`SecurityFilterChain`] is used by <<servlet-filterchainproxy>> to determine which Spring Security ``Filter``s should be invoked for this request.
The <<servlet-security-filters,Security Filters>> in `SecurityFilterChain` are typically Beans, but they are registered with `FilterChainProxy` instead of <<servlet-delegatingfilterproxy>>. The <<servlet-security-filters,Security Filters>> in `SecurityFilterChain` are typically Beans, but they are registered with `FilterChainProxy` instead of <<servlet-delegatingfilterproxy>>.
`FilterChainProxy` provides a number of advantages to registering directly with the Servlet container or <<servlet-delegatingfilterproxy>>. `FilterChainProxy` provides a number of advantages to registering directly with the Servlet container or <<servlet-delegatingfilterproxy>>.
First, it provides a starting point for all of Spring Security's Servlet support. First, it provides a starting point for all of Spring Security's Servlet support.
@ -97,7 +101,6 @@ For example, it clears out the `SecurityContext` to avoid memory leaks.
It also applies Spring Security's <<servlet-httpfirewall,`HttpFirewall`>> to protect applications against certain types of attacks. It also applies Spring Security's <<servlet-httpfirewall,`HttpFirewall`>> to protect applications against certain types of attacks.
In addition, it provides more flexibility in determining when a `SecurityFilterChain` should be invoked. In addition, it provides more flexibility in determining when a `SecurityFilterChain` should be invoked.
// FIXME: Add link to SecurityFitlerChain
In a Servlet container, ``Filter``s are invoked based upon the URL alone. In a Servlet container, ``Filter``s are invoked based upon the URL alone.
// FIXME: Link to RequestMatcher // FIXME: Link to RequestMatcher
However, `FilterChainProxy` can determine invocation based upon anything in the `HttpServletRequest` by leveraging the `RequestMatcher` interface. However, `FilterChainProxy` can determine invocation based upon anything in the `HttpServletRequest` by leveraging the `RequestMatcher` interface.
@ -125,6 +128,7 @@ In fact, a `SecurityFilterChain` might have zero security ``Filter``s if the app
[[servlet-security-filters]] [[servlet-security-filters]]
== Security Filters == Security Filters
The Security Filters are inserted into the <<servlet-filterchainproxy>> with the <<servlet-securityfilterchain>> API.
The <<servlet-filters-review,order of ``Filter``>>s matters. The <<servlet-filters-review,order of ``Filter``>>s matters.
It is typically not necessary to know the ordering of Spring Security's ``Filter``s. It is typically not necessary to know the ordering of Spring Security's ``Filter``s.
However, there are times that it is beneficial to know the ordering However, there are times that it is beneficial to know the ordering

1
docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/input/form.adoc
View File

@ -95,6 +95,7 @@ fun configure(http: HttpSecurity) {
[[servlet-authentication-form-custom-html]] [[servlet-authentication-form-custom-html]]
When the login page is specified in the Spring Security configuration, you are responsible for rendering the page. When the login page is specified in the Spring Security configuration, you are responsible for rendering the page.
// FIXME: default login page rendered by Spring Security
Below is a https://www.thymeleaf.org/[Thymeleaf] template that produces an HTML login form that complies with a login page of `/login`.: Below is a https://www.thymeleaf.org/[Thymeleaf] template that produces an HTML login form that complies with a login page of `/login`.:
.Log In Form .Log In Form