Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 17:22:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '6.1.x'

Browse Source
This commit is contained in:
Marcus Hert Da Coregio 2023-11-07 10:54:02 -03:00
commit 6ab9cc6ff7
2 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
docs/modules/ROOT/pages/servlet/architecture.adoc
View File

@ -171,8 +171,10 @@ However, there are times that it is beneficial to know the ordering, if you want
To exemplify the above paragraph, let's consider the following security configuration: To exemplify the above paragraph, let's consider the following security configuration:
==== [tabs]
.Java ======
Java::
+
[source,java,role="primary"] [source,java,role="primary"]
---- ----
@Configuration @Configuration
@ -193,7 +195,9 @@ public class SecurityConfig {
} }
---- ----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"] [source,kotlin,role="secondary"]
---- ----
import org.springframework.security.config.web.servlet.invoke import org.springframework.security.config.web.servlet.invoke
@ -217,7 +221,7 @@ class SecurityConfig {
} }
---- ----
==== ======
The above configuration will result in the following `Filter` ordering: The above configuration will result in the following `Filter` ordering:
@ -333,8 +337,9 @@ Instead of implementing `Filter`, you can extend from {spring-framework-api-url}
Now, we need to add the filter to the security filter chain. Now, we need to add the filter to the security filter chain.
==== ======
.Java Java::
+
[source,java,role="primary"] [source,java,role="primary"]
---- ----
@Bean @Bean
@ -345,7 +350,9 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http.build(); return http.build();
} }
---- ----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"] [source,kotlin,role="secondary"]
---- ----
@Bean @Bean
@ -356,7 +363,7 @@ fun filterChain(http: HttpSecurity): SecurityFilterChain {
return http.build() return http.build()
} }
---- ----
==== ======
<1> Use `HttpSecurity#addFilterBefore` to add the `TenantFilter` before the `AuthorizationFilter`. <1> Use `HttpSecurity#addFilterBefore` to add the `TenantFilter` before the `AuthorizationFilter`.

4
docs/modules/ROOT/pages/servlet/authentication/architecture.adoc
View File

@ -31,7 +31,7 @@ If it contains a value, it is used as the currently authenticated user.
The simplest way to indicate a user is authenticated is to set the `SecurityContextHolder` directly: The simplest way to indicate a user is authenticated is to set the `SecurityContextHolder` directly:
.Setting `SecurityContextHolder` .Setting `SecurityContextHolder`
====
[tabs] [tabs]
====== ======
Java:: Java::
@ -66,7 +66,7 @@ Here, we use `TestingAuthenticationToken`, because it is very simple.
A more common production scenario is `UsernamePasswordAuthenticationToken(userDetails, password, authorities)`. A more common production scenario is `UsernamePasswordAuthenticationToken(userDetails, password, authorities)`.
<3> Finally, we set the `SecurityContext` on the `SecurityContextHolder`. <3> Finally, we set the `SecurityContext` on the `SecurityContextHolder`.
Spring Security uses this information for xref:servlet/authorization/index.adoc#servlet-authorization[authorization]. Spring Security uses this information for xref:servlet/authorization/index.adoc#servlet-authorization[authorization].
====
To obtain information about the authenticated principal, access the `SecurityContextHolder`. To obtain information about the authenticated principal, access the `SecurityContextHolder`.