Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 01:02:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Typos.

Browse Source
This commit is contained in:
Ben Alex 2004-12-23 01:30:04 +00:00
parent c8055b57d7
commit 7df43e019e
2 changed files with 10 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/xdocs/articles.html
View File

@ -27,7 +27,7 @@
</head>
<body>
<h1>External Web Articles covering Acegi Security<</h1>
<h1>External Web Articles covering Acegi Security</h1>
<p>Here are some of the external pages mentioning Acegi Security. If you've
found another, please let us know.
<ul>

17
doc/xdocs/faq.html
View File

@ -46,7 +46,7 @@
can be easily supported.</p>
<h2>Why not just use web.xml security?</h2>
<p>Let's assuming you're developing an enterprise application based on Spring.
<p>Let's assume you're developing an enterprise application based on Spring.
There are four security concerns you typically need to address: authentication,
web request security, service layer security (ie your methods that implement
business logic), and domain object instance security (ie different domain objects
@ -102,8 +102,8 @@
so would introduce an additional argument on every services
layer method. A more elegant approach is to use a ThreadLocal
to hold the Principal, although this would likely increase
development time to a point where it would become more e
conomical (on a cost-benefit basis) to simply use a dedicated
development time to a point where it would become more
economical (on a cost-benefit basis) to simply use a dedicated
security framework.</li>
<li><i>Authorisation code quality:</i> It is often said of web
frameworks that they "make it easier to do the right things,
@ -117,7 +117,7 @@
</ol>
</li>
</ol>
For simple applications, servlet specification may just be enough.
For simple applications, servlet specification security may just be enough.
Although when considered within the context of web container portability,
configuration requirements, limited web request security flexibility, and
non-existent services layer and domain object instance security, it becomes
@ -148,9 +148,10 @@
<code>AuthenticationDao</code> implementations that simply don't properly
implement the interface. For example, they return <code>null</code> instead
of the user not found exception, or fail to add in the
<code>GrantedAuthority[]</code>s. We suggest you write the
<code>UserDetails</code> object generated by your <code>AuthenticationDao</code>
to the log and check it looks correct.</p>
<code>GrantedAuthority[]</code>s. Whilst <code>DaoAuthenticationProvider</code>
does its best to check the <code>AuthenticationDao</code>returns a valid
<code>UserDetails</code>, we suggest you write the
<code>UserDetails</code> object to the log and check it looks correct.</p>
<h2>I need some help. What files should I post?</h2>
<p>The most important things to post with any support requests on the
@ -208,7 +209,7 @@
Log4J (instead of JDK logging), Tapestry (instead of JSF), and Velocity/FreeMarker
(instead of JSP). It's important to recognise that many open source projects do
develop into de facto standards, and in doing so play a legitimate and beneficial
role in the software development profession.</p>
role in professional software development.</p>
<h2>Do you welcome contributions?</h2>
<p>Yes. If you've written something and it works well, please feel free to share it.