Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-13 13:53:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEC-2951: Polish

Browse Source
This commit is contained in:
Rob Winch 2015-04-30 09:52:52 -05:00
parent 013177c644
commit a46ad0f446
1 changed files with 202 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
docs/manual/src/docs/asciidoc/index.adoc
View File

@ -1,6 +1,7 @@
= Spring Security Reference = Spring Security Reference
Ben Alex; Luke Taylor; Rob Winch; Gunnar Hillert Ben Alex; Luke Taylor; Rob Winch; Gunnar Hillert
:include-dir: _includes :include-dir: _includes
:security-api-url: http://docs.spring.io/spring-security/site/docs/current/apidocs/
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.
@ -692,7 +693,7 @@ protected void configure(HttpSecurity http) throws Exception {
=== Handling Logouts === Handling Logouts
When using the When using the
`http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html[WebSecurityConfigurerAdapter]`, `{security-api-url}org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.html[WebSecurityConfigurerAdapter]`,
logout capabilities are automatically applied. The default is that accessing the logout capabilities are automatically applied. The default is that accessing the
URL `/logout` will log the user out by: URL `/logout` will log the user out by:
@ -721,10 +722,10 @@ protected void configure(HttpSecurity http) throws Exception {
---- ----
<1> Provides logout support. This is automatically applied when using `WebSecurityConfigurerAdapter`. <1> Provides logout support. This is automatically applied when using `WebSecurityConfigurerAdapter`.
<2> The URL that triggers log out to occur (default is `/logout`). If CSRF protection is enabled (default), then the request must also be a POST. For for information, please consult the http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutUrl(java.lang.String)[JavaDoc]. <2> The URL that triggers log out to occur (default is `/logout`). If CSRF protection is enabled (default), then the request must also be a POST. For for information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutUrl(java.lang.String)[JavaDoc].
<3> The URL to redirect to after logout has occurred. The default is `/login?logout`. For for information, please consult the http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutSuccessUrl(java.lang.String)[JavaDoc]. <3> The URL to redirect to after logout has occurred. The default is `/login?logout`. For for information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutSuccessUrl(java.lang.String)[JavaDoc].
<4> Let's you specify a custom `LogoutSuccessHandler`. If this is specified, `logoutSuccessUrl()` is ignored. For for information, please consult the http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutSuccessHandler(org.springframework.security.web.authentication.logout.LogoutSuccessHandler)[JavaDoc]. <4> Let's you specify a custom `LogoutSuccessHandler`. If this is specified, `logoutSuccessUrl()` is ignored. For for information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutSuccessHandler(org.springframework.security.web.authentication.logout.LogoutSuccessHandler)[JavaDoc].
<5> Specify whether to invalidate the `HttpSession` at the time of logout. This is *true* by default. Configures the `SecurityContextLogoutHandler` under the covers. For for information, please consult the http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#invalidateHttpSession(boolean)[JavaDoc]. <5> Specify whether to invalidate the `HttpSession` at the time of logout. This is *true* by default. Configures the `SecurityContextLogoutHandler` under the covers. For for information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#invalidateHttpSession(boolean)[JavaDoc].
<6> Adds a `LogoutHandler`. `SecurityContextLogoutHandler` is added as the last `LogoutHandler` by default. <6> Adds a `LogoutHandler`. `SecurityContextLogoutHandler` is added as the last `LogoutHandler` by default.
<7> Allows specifying the names of cookies to be removed on logout success. This is a shortcut for adding a `CookieClearingLogoutHandler` explicitly. <7> Allows specifying the names of cookies to be removed on logout success. This is a shortcut for adding a `CookieClearingLogoutHandler` explicitly.
@ -734,25 +735,25 @@ Logouts can of course also be configured using the XML Namespace notation. Pleas
==== ====
Generally, in order to customize logout functionality, you can add Generally, in order to customize logout functionality, you can add
`http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/web/authentication/logout/LogoutHandler.html[LogoutHandler]` `{security-api-url}org/springframework/security/web/authentication/logout/LogoutHandler.html[LogoutHandler]`
and/or and/or
`http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/web/authentication/logout/LogoutSuccessHandler.html[LogoutSuccessHandler]` `{security-api-url}org/springframework/security/web/authentication/logout/LogoutSuccessHandler.html[LogoutSuccessHandler]`
implementations. For many common scenarios, these handlers are applied under the implementations. For many common scenarios, these handlers are applied under the
covers when using the fluent API. covers when using the fluent API.
[[jc-logout-handler]] [[jc-logout-handler]]
==== LogoutHandler ==== LogoutHandler
Generally, `http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/web/authentication/logout/LogoutHandler.html[LogoutHandler]` Generally, `{security-api-url}org/springframework/security/web/authentication/logout/LogoutHandler.html[LogoutHandler]`
implementations indicate classes that are able to participate in logout handling. implementations indicate classes that are able to participate in logout handling.
They are expected to be invoked to perform necessary cleanup. As such they should They are expected to be invoked to perform necessary cleanup. As such they should
not throw exceptions. Various implementations are provided: not throw exceptions. Various implementations are provided:
- http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.html[PersistentTokenBasedRememberMeServices] - {security-api-url}org/springframework/security/web/authentication/rememberme/PersistentTokenBasedRememberMeServices.html[PersistentTokenBasedRememberMeServices]
- http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.html[TokenBasedRememberMeServices] - {security-api-url}org/springframework/security/web/authentication/rememberme/TokenBasedRememberMeServices.html[TokenBasedRememberMeServices]
- http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.html[CookieClearingLogoutHandler] - {security-api-url}org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.html[CookieClearingLogoutHandler]
- http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/web/csrf/CsrfLogoutHandler.html[CsrfLogoutHandler] - {security-api-url}org/springframework/security/web/csrf/CsrfLogoutHandler.html[CsrfLogoutHandler]
- http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.html[SecurityContextLogoutHandler] - {security-api-url}org/springframework/security/web/authentication/logout/SecurityContextLogoutHandler.html[SecurityContextLogoutHandler]
Please see <<remember-me-impls>> for details. Please see <<remember-me-impls>> for details.
@ -771,7 +772,7 @@ interface is almost the same as the `LogoutHandler` but may raise an exception.
The following implementations are provided: The following implementations are provided:
- http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.html[SimpleUrlLogoutSuccessHandler] - {security-api-url}org/springframework/security/web/authentication/logout/SimpleUrlLogoutSuccessHandler.html[SimpleUrlLogoutSuccessHandler]
- HttpStatusReturningLogoutSuccessHandler - HttpStatusReturningLogoutSuccessHandler
As mentioned above, you don't need to specify the `SimpleUrlLogoutSuccessHandler` directly. As mentioned above, you don't need to specify the `SimpleUrlLogoutSuccessHandler` directly.
@ -3368,12 +3369,12 @@ If you really want to use HTTP GET with logout you can do so, but remember this
public class WebSecurityConfig extends public class WebSecurityConfig extends
WebSecurityConfigurerAdapter { WebSecurityConfigurerAdapter {
@Override @Override
protected void configure(HttpSecurity http) throws Exception { protected void configure(HttpSecurity http) throws Exception {
http http
.logout() .logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout")); .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
} }
} }
---- ----