diff --git a/docs/faq/src/docbook/faq.xml b/docs/faq/src/docbook/faq.xml
index 4273847167..7cb61b5248 100644
--- a/docs/faq/src/docbook/faq.xml
+++ b/docs/faq/src/docbook/faq.xml
@@ -213,6 +213,18 @@
It is normal and shouldn't be anything to worry about.
+
+
+ Why can I still see a secured page even after I've logged out of my application?
+
+
+ The most common reason for this is that your browser has cached the page and you are seeing a
+ copy which is being retrieved from the browsers cache. Verify this by checking whether the browser is actually sending
+ the request (check your server access logs, the debug log or use a suitable browser debugging plugin such as Tamper Data
+ for Firefox). This has nothing to do with Spring Security and you should configure your application or server to set the
+ appropriate Cache-Control response headers. Note that SSL requests are never cached.
+
+
I get an exception with the message "An Authentication object was not
@@ -292,6 +304,21 @@
right?).
+
+ I have added Spring Security's <global-method-security> element to my application context but if I add
+ security annotations to my Spring MVC controller beans (Struts actions etc.) then they don't seem to have an effect.
+
+
+ The application context which holds the Spring MVC beans for the dispatcher servlet is a child application context
+ of the main application context which is loaded using the ContextLoaderListener you define in your
+ web.xml. The beans in the child context are not visible in the parent context so you need to either
+ move the <global-method-security> declaration to the web context or moved the beans you want secured into the main
+ application context.
+
+ Generally we would recommend applying method security at the service layer rather than on individual web
+ controllers.
+
+
Spring Security Architecture Questions
@@ -354,7 +381,7 @@
- How do I define the secured URLs withing an application
+ How do I define the secured URLs within an application
dynamically?