From 933a7e8363a39c0b480dc8b1607bf852e41b0a1f Mon Sep 17 00:00:00 2001 From: Johnny Lim Date: Tue, 19 Apr 2016 13:21:20 +0900 Subject: [PATCH] Remove duplicate words Fixes gh-3826 --- .../security/acls/afterinvocation/Filterer.java | 2 +- .../acls/model/PermissionGrantingStrategy.java | 2 +- .../cas/authentication/StatelessTicketCache.java | 2 +- .../AbstractDaoAuthenticationConfigurer.java | 4 ++-- .../config/annotation/web/builders/HttpSecurity.java | 2 +- .../jaas/JaasAuthenticationCallbackHandler.java | 2 +- docs/manual/src/docs/asciidoc/_includes/faq.adoc | 2 +- docs/manual/src/docs/asciidoc/_includes/websocket.adoc | 2 +- docs/manual/src/docs/asciidoc/index.adoc | 10 +++++----- .../security/openid/OpenIDAuthenticationToken.java | 2 +- .../samples/cas/web/ProxyTicketSampleServlet.java | 2 +- .../writers/frameoptions/RegExpAllowFromStrategy.java | 2 +- 12 files changed, 17 insertions(+), 17 deletions(-) diff --git a/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java b/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java index e4a691efa3..973135bcb3 100644 --- a/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java +++ b/acl/src/main/java/org/springframework/security/acls/afterinvocation/Filterer.java @@ -43,7 +43,7 @@ interface Filterer extends Iterable { Iterator iterator(); /** - * Removes the the given object from the resulting list. + * Removes the given object from the resulting list. * * @param object the object to be removed */ diff --git a/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java b/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java index 642189f01f..35dc7d6063 100644 --- a/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java +++ b/acl/src/main/java/org/springframework/security/acls/model/PermissionGrantingStrategy.java @@ -27,7 +27,7 @@ import java.util.List; public interface PermissionGrantingStrategy { /** - * Returns true if the the supplied strategy decides that the supplied {@code Acl} + * Returns true if the supplied strategy decides that the supplied {@code Acl} * grants access based on the supplied list of permissions and sids. */ boolean isGranted(Acl acl, List permission, List sids, diff --git a/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java b/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java index 7c4b4b2fb9..2b412d1cb3 100644 --- a/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java +++ b/cas/src/main/java/org/springframework/security/cas/authentication/StatelessTicketCache.java @@ -91,7 +91,7 @@ public interface StatelessTicketCache { * *

* Implementations should use {@link CasAuthenticationToken#getCredentials()} to - * obtain the ticket and then delegate to to the + * obtain the ticket and then delegate to the * {@link #removeTicketFromCache(String)} method. *

* diff --git a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java index 218042465c..806e002f68 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/userdetails/AbstractDaoAuthenticationConfigurer.java @@ -63,7 +63,7 @@ abstract class AbstractDaoAuthenticationConfigurerExample Configuration diff --git a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java index f94437c3e0..4a273fb168 100644 --- a/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java +++ b/core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationCallbackHandler.java @@ -27,7 +27,7 @@ import javax.security.auth.callback.UnsupportedCallbackException; * The JaasAuthenticationCallbackHandler is similar to the * javax.security.auth.callback.CallbackHandler interface in that it defines a handle * method. The JaasAuthenticationCallbackHandler is only asked to handle one Callback - * instance at at time rather than an array of all Callbacks, as the javax... + * instance at time rather than an array of all Callbacks, as the javax... * CallbackHandler defines. * *

diff --git a/docs/manual/src/docs/asciidoc/_includes/faq.adoc b/docs/manual/src/docs/asciidoc/_includes/faq.adoc index 3690536ffa..d0f0bb189e 100644 --- a/docs/manual/src/docs/asciidoc/_includes/faq.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/faq.adoc @@ -175,7 +175,7 @@ Session management issues are a common source of forum questions. If you are dev [[appendix-faq-concurrent-session-same-browser]] ==== I'm using Spring Security's concurrent session control to prevent users from logging in more than once at a time. When I open another browser window after logging in, it doesn't stop me from logging in again. Why can I log in more than once? -Browsers generally maintain a single session per browser instance. You cannot have two separate sessions at once. So if you log in again in another window or tab you are just reauthenticating in the same session. The server doesn't know anything about tabs, windows or browser instances. All it sees are HTTP requests and it ties those to a particular session according to the value of the the JSESSIONID cookie that they contain. When a user authenticates during a session, Spring Security's concurrent session control checks the number of__other authenticated sessions__ that they have. If they are already authenticated with the same session, then re-authenticating will have no effect. +Browsers generally maintain a single session per browser instance. You cannot have two separate sessions at once. So if you log in again in another window or tab you are just reauthenticating in the same session. The server doesn't know anything about tabs, windows or browser instances. All it sees are HTTP requests and it ties those to a particular session according to the value of the JSESSIONID cookie that they contain. When a user authenticates during a session, Spring Security's concurrent session control checks the number of__other authenticated sessions__ that they have. If they are already authenticated with the same session, then re-authenticating will have no effect. [[appendix-faq-new-session-on-authentication]] diff --git a/docs/manual/src/docs/asciidoc/_includes/websocket.adoc b/docs/manual/src/docs/asciidoc/_includes/websocket.adoc index 2180a9700f..ffbeeec6ab 100644 --- a/docs/manual/src/docs/asciidoc/_includes/websocket.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/websocket.adoc @@ -181,7 +181,7 @@ It is important to note that Spring Security only secures the `clientInboundChan Spring Security does not attempt to secure the `clientOutboundChannel`. The most important reason for this is performance. -For every message that goes in, there are typically many many more that go out. +For every message that goes in, there are typically many more that go out. Instead of securing the outbound messages, we encourage securing the subscription to the endpoints. [[websocket-sameorigin]] diff --git a/docs/manual/src/docs/asciidoc/index.adoc b/docs/manual/src/docs/asciidoc/index.adoc index ba6b2987e0..81bd679046 100644 --- a/docs/manual/src/docs/asciidoc/index.adoc +++ b/docs/manual/src/docs/asciidoc/index.adoc @@ -1948,7 +1948,7 @@ This design offers maximum deployment time flexibility, as you can simply copy y [[core-components]] === Core Components -In Spring Security 3.0, the contents of the `spring-security-core` jar were stripped down to the bare minimum. It no longer contains any code related to web-application security, LDAP or namespace configuration. We'll take a look here at some of the Java types that you'll find in the core module. They represent the building blocks of the the framework, so if you ever need to go beyond a simple namespace configuration then it's important that you understand what they are, even if you don't actually need to interact with them directly. +In Spring Security 3.0, the contents of the `spring-security-core` jar were stripped down to the bare minimum. It no longer contains any code related to web-application security, LDAP or namespace configuration. We'll take a look here at some of the Java types that you'll find in the core module. They represent the building blocks of the framework, so if you ever need to go beyond a simple namespace configuration then it's important that you understand what they are, even if you don't actually need to interact with them directly. ==== SecurityContextHolder, SecurityContext and Authentication Objects @@ -2237,7 +2237,7 @@ Only developers contemplating an entirely new way of intercepting and authorizin [[localization]] === Localization -Spring Security supports localization of exception messages that end users are likely to see. If your application is designed for English-speaking users, you don't need to do anything as by default all Security Security messages are in English. If you need to support other locales, everything you need to know is contained in this section. +Spring Security supports localization of exception messages that end users are likely to see. If your application is designed for English-speaking users, you don't need to do anything as by default all Security messages are in English. If you need to support other locales, everything you need to know is contained in this section. All exception messages can be localized, including messages related to authentication failures and access being denied (authorization failures). Exceptions and logging messages that are focused on developers or system deployers (including incorrect attributes, interface contract violations, using incorrect constructors, startup time validation, debug-level logging) are not localized and instead are hard-coded in English within Spring Security's code. @@ -2413,7 +2413,7 @@ Bcrypt automatically generates a random salt value for each password when it is [NOTE] ==== -The legacy approach to handling salt was to inject a `SaltSource` into the `DaoAuthenticationProvider`, which would obtain a salt value for a particular user and pass it to the `PasswordEncoder`. Using bcrypt means you don't have worry about the details of salt handling (such as where the the value is stored), as it is all done internally. So we'd strongly recommend you use bcrypt unless you already have a system in place which stores the salt separately. +The legacy approach to handling salt was to inject a `SaltSource` into the `DaoAuthenticationProvider`, which would obtain a salt value for a particular user and pass it to the `PasswordEncoder`. Using bcrypt means you don't have worry about the details of salt handling (such as where the value is stored), as it is all done internally. So we'd strongly recommend you use bcrypt unless you already have a system in place which stores the salt separately. ==== ==== Hashing and Authentication @@ -2764,7 +2764,7 @@ It should be noted that it is typically bad practice to perform so much logic th [[servletapi-user-in-role]] ==== HttpServletRequest.isUserInRole(String) -The http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.isUserInRole(String)] will determine if `SecurityContextHolder.getContext().getAuthentication().getAuthorities()` contains a `GrantedAuthority` with the role passed into `isUserInRole(String)`. Typically users should not pass in the "ROLE_" prefix into this method since it is added automatically. For example, if you want to determine if the current user has the authority "ROLE_ADMIN", you could use the the following: +The http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[HttpServletRequest.isUserInRole(String)] will determine if `SecurityContextHolder.getContext().getAuthentication().getAuthorities()` contains a `GrantedAuthority` with the role passed into `isUserInRole(String)`. Typically users should not pass in the "ROLE_" prefix into this method since it is added automatically. For example, if you want to determine if the current user has the authority "ROLE_ADMIN", you could use the following: [source,java] ---- @@ -6079,7 +6079,7 @@ The next step is to update the `CasAuthenticationProvider` to be able to obtain ---- -The last step is to update the `CasAuthenticationFilter` to accept PGT and to store them in the `ProxyGrantingTicketStorage`. It is important the the `proxyReceptorUrl` matches the `proxyCallbackUrl` of the `Cas20ProxyTicketValidator`. An example configuration is shown below. +The last step is to update the `CasAuthenticationFilter` to accept PGT and to store them in the `ProxyGrantingTicketStorage`. It is important the `proxyReceptorUrl` matches the `proxyCallbackUrl` of the `Cas20ProxyTicketValidator`. An example configuration is shown below. [source,xml] ---- diff --git a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java index e5f2d4364b..6f4cadef75 100644 --- a/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java +++ b/openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java @@ -58,7 +58,7 @@ public class OpenIDAuthenticationToken extends AbstractAuthenticationToken { /** * Created by the OpenIDAuthenticationProvider on successful authentication. * - * @param principal usually the UserDetails returned by the the configured + * @param principal usually the UserDetails returned by the configured * UserDetailsService used by the OpenIDAuthenticationProvider. * */ diff --git a/samples/xml/cas/cassample/src/main/java/org/springframework/security/samples/cas/web/ProxyTicketSampleServlet.java b/samples/xml/cas/cassample/src/main/java/org/springframework/security/samples/cas/web/ProxyTicketSampleServlet.java index 8109e85e36..039df2b02b 100644 --- a/samples/xml/cas/cassample/src/main/java/org/springframework/security/samples/cas/web/ProxyTicketSampleServlet.java +++ b/samples/xml/cas/cassample/src/main/java/org/springframework/security/samples/cas/web/ProxyTicketSampleServlet.java @@ -50,7 +50,7 @@ public final class ProxyTicketSampleServlet extends HttpServlet { // SecurityContextHolder.getContext().getAuthentication() final CasAuthenticationToken token = (CasAuthenticationToken) request .getUserPrincipal(); - // proxyTicket could be reused to make calls to to the CAS service even if the + // proxyTicket could be reused to make calls to the CAS service even if the // target url differs final String proxyTicket = token.getAssertion().getPrincipal() .getProxyTicketFor(targetUrl); diff --git a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java index 72089eb1af..35bc9ee495 100644 --- a/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java +++ b/web/src/main/java/org/springframework/security/web/header/writers/frameoptions/RegExpAllowFromStrategy.java @@ -21,7 +21,7 @@ import java.util.regex.Pattern; /** * Implementation which uses a regular expression to validate the supplied origin. If the - * value of the HTTP parameter matches the pattern, then the the result will be ALLOW-FROM + * value of the HTTP parameter matches the pattern, then the result will be ALLOW-FROM * <paramter-value>. * * @author Marten Deinum