Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch '6.1.x'

This commit is contained in:
Marcus Hert Da Coregio 2023-11-07 10:54:02 -03:00
parent 9eee9887b9 2158d262bc
commit 6ab9cc6ff7
2 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
docs/modules/ROOT/pages/servlet/architecture.adoc
View File

@ -171,8 +171,10 @@ However, there are times that it is beneficial to know the ordering, if you want
To exemplify the above paragraph, let's consider the following security configuration:
====
.Java
[tabs]
======
Java::
+
[source,java,role="primary"]
----
@Configuration
@ -193,7 +195,9 @@ public class SecurityConfig {
}
----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
import org.springframework.security.config.web.servlet.invoke
@ -217,7 +221,7 @@ class SecurityConfig {
}
----
====
======
The above configuration will result in the following `Filter` ordering:
@ -333,8 +337,9 @@ Instead of implementing `Filter`, you can extend from {spring-framework-api-url}
Now, we need to add the filter to the security filter chain.
====
.Java
======
Java::
+
[source,java,role="primary"]
----
@Bean
@ -345,7 +350,9 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http.build();
}
----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
@Bean
@ -356,7 +363,7 @@ fun filterChain(http: HttpSecurity): SecurityFilterChain {
return http.build()
}
----
====
======
<1> Use `HttpSecurity#addFilterBefore` to add the `TenantFilter` before the `AuthorizationFilter`.

4
docs/modules/ROOT/pages/servlet/authentication/architecture.adoc
View File

@ -31,7 +31,7 @@ If it contains a value, it is used as the currently authenticated user.
The simplest way to indicate a user is authenticated is to set the `SecurityContextHolder` directly:
.Setting `SecurityContextHolder`
====
[tabs]
======
Java::
@ -66,7 +66,7 @@ Here, we use `TestingAuthenticationToken`, because it is very simple.
A more common production scenario is `UsernamePasswordAuthenticationToken(userDetails, password, authorities)`.
<3> Finally, we set the `SecurityContext` on the `SecurityContextHolder`.
Spring Security uses this information for xref:servlet/authorization/index.adoc#servlet-authorization[authorization].
====
To obtain information about the authenticated principal, access the `SecurityContextHolder`.