Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-03-01 10:59:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish java.adoc

Browse Source 
Issue gh-14384
This commit is contained in:
Steve Riesenberg 2023-12-29 10:55:36 -06:00
parent e11ed2d313
commit 63556b6636
No known key found for this signature in database
GPG Key ID: 3D0169B18AB8F0A9
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/modules/ROOT/pages/servlet/configuration/java.adoc
View File

@ -112,7 +112,7 @@ public class SecurityWebApplicationInitializer
}
----
This onlys register the `springSecurityFilterChain` for every URL in your application.
This only registers the `springSecurityFilterChain` for every URL in your application.
After that, we need to ensure that `WebSecurityConfig` was loaded in our existing `ApplicationInitializer`.
For example, if we use Spring MVC it is added in the `getServletConfigClasses()`:
@ -131,7 +131,7 @@ public class MvcWebApplicationInitializer extends
}
----
The reason for this is that Spring Security needs to be able to inspect some Spring MVC configuration in order to appropriately configure xref:servlet/authorization/authorize-http-requests.adoc#_request_matchers[underlying request matchers], so they need to be in the same application context.
The reason for this is that Spring Security needs to be able to inspect some Spring MVC configuration in order to appropriately configure xref:servlet/authorization/authorize-http-requests.adoc#authorizing-endpoints[underlying request matchers], so they need to be in the same application context.
Placing Spring Security in `getRootConfigClasses` places it into a parent application context that may not be able to find Spring MVC's `HandlerMappingIntrospector`.
==== Configuring for Multiple Spring MVC Dispatchers
@ -203,7 +203,7 @@ Note that this configuration is parallels the XML Namespace configuration:
We can configure multiple `HttpSecurity` instances just as we can have multiple `<http>` blocks in XML.
The key is to register multiple `SecurityFilterChain` ``@Bean``s.
The following example has a different configuration for URL's that start with `/api/`.
The following example has a different configuration for URLs that start with `/api/`.
[source,java]
----
@ -224,7 +224,7 @@ public class MultiHttpSecurityConfig {
@Order(1) <2>
public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
http
.securityMatcher("/api/**") <3>
.securityMatcher("/api/**") <3>
.authorizeHttpRequests(authorize -> authorize
.anyRequest().hasRole("ADMIN")
)