Merge branch '6.0.x'

2023-02-16 10:58:02 -03:00 · 2023-02-16 10:58:02 -03:00 · 4bb944e7e5
parent 78c70d8c9b 5ccf414f02
commit 4bb944e7e5
1 changed files with 2 additions and 2 deletions
--- a/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/session-management.adoc
@ -48,7 +48,7 @@ The latter is also used when configuring an invalid session URL through the name
 [[moving-away-from-sessionmanagementfilter]]
 ==== Moving Away From `SessionManagementFilter`

-In Spring Security 5, the default configuration relies on `SessionManagementFilter` to detect if a user just authenticated and invoke <<_the_sessionauthenticationstrategy,the `SessionAuthenticationStrategy`>>.
+In Spring Security 5, the default configuration relies on `SessionManagementFilter` to detect if a user just authenticated and invoke {security-api-url}org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.html[the `SessionAuthenticationStrategy`].
 The problem with this is that it means that in a typical setup, the `HttpSession` must be read for every request.

 In Spring Security 6, the default is that authentication mechanisms themselves must invoke the `SessionAuthenticationStrategy`.
@ -77,7 +77,7 @@ If you try to use any of these methods, an exception will be thrown.
 [[customizing-where-authentication-is-stored]]
 == Customizing Where the Authentication Is Stored

-By default, Spring Security stores the security context for you in the HTTP session (link to earlier description). However, here are several reasons you may want to customize that:
+By default, Spring Security stores the security context for you in the HTTP session. However, here are several reasons you may want to customize that:

 * You may want call individual setters on the `HttpSessionSecurityContextRepository` instance
 * You may want to store the security context in a cache or database to enable horizontal scaling