SEC-696: Updated out of date information in site files and pom. Added aggregation of javadoc and other reports
This commit is contained in:
parent
44f1e751a9
commit
a5ed80248d
42
pom.xml
42
pom.xml
|
@ -48,8 +48,12 @@
|
|||
|
||||
<issueManagement>
|
||||
<system>jira</system>
|
||||
<url>http://opensource.atlassian.com/projects/spring/browse/SEC</url>
|
||||
<url>http://jira.springframework.org/browse/SEC</url>
|
||||
</issueManagement>
|
||||
<ciManagement>
|
||||
<system>bamboo</system>
|
||||
<url>http://build.springframework.org:8085/bamboo/</url>
|
||||
</ciManagement>
|
||||
|
||||
<distributionManagement>
|
||||
<repository>
|
||||
|
@ -88,6 +92,13 @@
|
|||
</repository>
|
||||
</repositories>
|
||||
|
||||
<pluginRepositories>
|
||||
<pluginRepository>
|
||||
<id>Codehaus Snapshots</id>
|
||||
<url>http://snapshots.repository.codehaus.org/</url>
|
||||
</pluginRepository>
|
||||
</pluginRepositories>
|
||||
|
||||
<mailingLists>
|
||||
<mailingList>
|
||||
<name>Acegi Developer List</name>
|
||||
|
@ -118,7 +129,7 @@
|
|||
<id>benalex</id>
|
||||
<email>benalex at users.sourceforge.net</email>
|
||||
<organization>
|
||||
Acegi Technology Pty Limited (http://www.acegi.com.au)
|
||||
SpringSource
|
||||
</organization>
|
||||
<timezone>+10</timezone>
|
||||
</developer>
|
||||
|
@ -138,7 +149,7 @@
|
|||
<id>luke_t</id>
|
||||
<email>luke_t at users.sourceforge.net</email>
|
||||
<organization>
|
||||
Monkey Machine Ltd. (http://monkeymachine.ltd.uk)
|
||||
SpringSource
|
||||
</organization>
|
||||
<timezone>0</timezone>
|
||||
</developer>
|
||||
|
@ -468,10 +479,16 @@
|
|||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-surefire-report-plugin</artifactId>
|
||||
<version>2.3.1</version>
|
||||
<configuration>
|
||||
<aggregate>true</aggregate>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-jxr-plugin</artifactId>
|
||||
<configuration>
|
||||
<aggregate>true</aggregate>
|
||||
</configuration>
|
||||
</plugin>
|
||||
<!--
|
||||
<plugin>
|
||||
|
@ -491,9 +508,14 @@
|
|||
</plugin>
|
||||
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-javadoc-plugin</artifactId>
|
||||
<version>2.3</version>
|
||||
<configuration>
|
||||
<aggregate>true</aggregate>
|
||||
<header>Spring Security Framework</header>
|
||||
<quiet>true</quiet>
|
||||
<excludePackageNames>sample,bigbank</excludePackageNames>
|
||||
<links>
|
||||
<link>
|
||||
http://java.sun.com/j2se/1.5.0/docs/api
|
||||
|
@ -530,6 +552,14 @@
|
|||
</link>
|
||||
</links>
|
||||
</configuration>
|
||||
<reportSets>
|
||||
<reportSet>
|
||||
<reports>
|
||||
<report>javadoc</report>
|
||||
<!-- <report>test-javadoc</report> -->
|
||||
</reports>
|
||||
</reportSet>
|
||||
</reportSets>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.codehaus.mojo</groupId>
|
||||
|
@ -539,6 +569,7 @@
|
|||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-project-info-reports-plugin</artifactId>
|
||||
<version>2.0.1</version>
|
||||
<!--
|
||||
<reportSets>
|
||||
<reportSet>
|
||||
<reports>
|
||||
|
@ -550,7 +581,8 @@
|
|||
</reports>
|
||||
</reportSet>
|
||||
</reportSets>
|
||||
</plugin>
|
||||
-->
|
||||
</plugin>
|
||||
</plugins>
|
||||
</reporting>
|
||||
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
------------------------
|
||||
Building the Project
|
||||
------------------------
|
||||
|
||||
Building the Project
|
||||
|
||||
* Install Maven
|
||||
|
||||
This project uses {{{"http://maven.apache.org/"}Maven}} as a build tool.
|
||||
We recommend you to install Maven 2.0.7 or greater before trying
|
||||
the following.
|
||||
|
||||
* Check out the source code
|
||||
|
||||
To checkout Spring Security from SVN, see our {{{"svn-usage.html"}SVN Usage}} page.
|
||||
|
||||
* Building with Maven
|
||||
|
||||
Often people reading this document just want to see if Spring Security will work
|
||||
for their projects. They want to deploy a sample application, and perhaps play around with the
|
||||
configuration a bit to see how it works. Assuming you've already checked out the code from subversion,
|
||||
start up a command prompt and execute the following commands from the directory containing the project source:
|
||||
|
||||
+----------------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
mvn install
|
||||
|
||||
cd samples/contacts
|
||||
|
||||
mvn jetty:run
|
||||
|
||||
+----------------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
This should build the framework library jars, install them to your local Maven repository and run the "contacts"
|
||||
sample application (JDK 1.5 or later is required). You should then be able to point your browser at
|
||||
{{{http://localhost:8080/contacts/}}} to use the application.
|
|
@ -4,207 +4,14 @@
|
|||
|
||||
What is Spring Security?
|
||||
|
||||
Spring Security is a powerful, flexible security solution for enterprise software,
|
||||
with a particular emphasis on applications that use
|
||||
{{{http://www.springframework.org/}Spring}}. Using Spring Security provides your
|
||||
applications with comprehensive authentication, authorization, instance-based access control,
|
||||
channel security and human user detection capabilities.
|
||||
|
||||
Key Features
|
||||
|
||||
* <<Stable and mature:>> Acegi Security 1.0.0 was released in May 2006 after
|
||||
more than two and a half years of use in large production software projects, 70,000+ downloads
|
||||
and hundreds of community contributions.
|
||||
In terms of release numbering, we also use the
|
||||
{{{http://apr.apache.org/versioning.html}Apache APR Project Versioning Guidelines}} so that you can easily identify release compatibility.
|
||||
|
||||
* <<Well documented:>> All APIs are fully documented using
|
||||
{{{http://acegisecurity.org/multiproject/acegi-security/apidocs/index.html}JavaDoc}},
|
||||
with almost 100 pages of
|
||||
{{{./reference.html}Reference Guide}} documentation providing an easy-to-follow
|
||||
introduction. Even more documentation is provided on this web site, as
|
||||
shown in the left hand navigation sidebar.
|
||||
|
||||
* <<Fast results:>> View our {{{./suggested.html}suggested steps}}
|
||||
for the fastest way to develop complex, security-compliant applications.
|
||||
|
||||
* <<Enterprise-wide single sign on:>> Using JA-SIG's open
|
||||
source {{{http://www.ja-sig.org/products/cas/}Central Authentication Service}} (CAS),
|
||||
the Spring Security can participate
|
||||
in an enterprise-wide single sign on environment. You no longer need
|
||||
every web application to have its own authentication database. Nor are
|
||||
you restricted to single sign on across a single web container. Advanced
|
||||
single sign on features like proxy support and forced refresh of logins
|
||||
are supported by both CAS and Spring Security. Several other SSO solutions
|
||||
are also provided by third party projects, including JOSSO and CAS.
|
||||
|
||||
* <<Reuses your Spring expertise:>> We use Spring application
|
||||
contexts for all configuration, which should help Spring developers get
|
||||
up-to-speed nice and quickly.
|
||||
|
||||
* <<Domain object instance security:>> In many applications it's
|
||||
desirable to define Access Control Lists (ACLs) for individual domain
|
||||
object instances. We provide a comprehensive ACL package with features
|
||||
including integer bit masking, permission inheritence (including
|
||||
blocking), a JDBC-backed ACL repository, caching and a pluggable,
|
||||
interface-driven design.
|
||||
|
||||
* <<Non-intrusive setup:>> The entire security system can operate
|
||||
within a single web application using the provided filters. There is no
|
||||
need to make special changes or deploy libraries to your Servlet or EJB
|
||||
container.
|
||||
|
||||
* <<Full (but optional) container integration:>> The credential
|
||||
collection and authorization capabilities of your Servlet or EJB
|
||||
container can be fully utilised via included "container adapters". We
|
||||
currently support Catalina (Tomcat), Jetty, JBoss and Resin, with
|
||||
additional containers easily added.
|
||||
|
||||
* <<Keeps your objects free of security code:>> Many applications
|
||||
need to secure data at the bean level based on any combination of
|
||||
parameters (user, time of day, authorities held, method being invoked,
|
||||
parameter on method being invoked....). This package gives you this
|
||||
flexibility without adding security code to your Spring business
|
||||
objects.
|
||||
|
||||
* <<After invocation security:>> Spring Security can not only protect
|
||||
methods from being invoked in the first place, but it can also
|
||||
deal with the objects returned from the methods. Included implementations
|
||||
of after invocation security can throw an exception or mutate the returned
|
||||
object based on ACLs.
|
||||
|
||||
* <<Secures your HTTP requests as well:>> In addition to securing
|
||||
your beans, the project also secures your HTTP requests. No longer is it
|
||||
necessary to rely on web.xml security constraints. Best of all, your
|
||||
HTTP requests can now be secured by your choice of regular expressions
|
||||
or Apache Ant paths, along with pluggable authentication, authorization
|
||||
and run-as replacement managers.
|
||||
|
||||
* <<Channel security:>> Spring Security can
|
||||
automatically redirect requests across an appropriate transport channel.
|
||||
Whilst flexible enough to support any of your "channel" requirements (eg
|
||||
the remote user is a human, not a robot), a common channel security
|
||||
feature is to ensure your secure pages will only be available over
|
||||
HTTPS, and your public pages only over HTTP. Spring Security also
|
||||
supports unusual port combinations (including if accessed via an
|
||||
intermediate server like Apache) and pluggable transport decision
|
||||
managers.
|
||||
|
||||
* <<Supports HTTP BASIC authentication:>> Perfect for remoting
|
||||
protocols or those web applications that prefer a simple browser pop-up
|
||||
(rather than a form login), Spring Security can directly process HTTP
|
||||
BASIC authentication requests as per RFC 1945.
|
||||
|
||||
* <<Supports HTTP Digest authentication:>> For greater security than
|
||||
offered by BASIC authentcation, Spring Security also supports Digest Authentication
|
||||
(which never sends the user's password across the wire). Digest Authentication
|
||||
is widely supported by modern browsers. Spring Security's implementation complies
|
||||
with both RFC 2617 and RFC 2069.
|
||||
|
||||
* <<Computer Associates Siteminder support:>> Authentication can be
|
||||
delegated through to CA's Siteminder solution, which is common in large
|
||||
corporate environments.
|
||||
|
||||
* <<X509 (Certificate) support:>> Spring Security can easily read
|
||||
client-side X509 certificates for authenticating users.
|
||||
|
||||
* <<LDAP Support:>> Do you have an LDAP directory? Spring Security can
|
||||
happily authenticate against it.
|
||||
|
||||
* <<Tag library support:>> Your JSP files can use our taglib
|
||||
to ensure that protected content like links and messages are only
|
||||
displayed to users holding the appropriate granted authorities. The taglib
|
||||
also fully integrates with Spring Security's ACL services, and
|
||||
obtaining extra information about the logged-in principal.
|
||||
|
||||
* <<Configuration via IoC XML, Commons Attributes, or JDK 5 Annotations:>> You
|
||||
select the method used to configure your security environment. The
|
||||
project supports configuration via Spring application contexts, as well
|
||||
as Jakarta Commons Attributes and Java 5's annotations feature. Some users
|
||||
(such as those building content management systems) pull configuration data
|
||||
from a database, which exemplifies Spring Security's flexible configuration
|
||||
metadata system.
|
||||
|
||||
* <<Various authentication backends:>> We include the ability to
|
||||
retrieve your user and granted authority definitions from an XML
|
||||
file, JDBC datasource or Properties file. Alternatively, you can implement the
|
||||
single-method UserDetailsService interface and obtain authentication details from
|
||||
anywhere you like.
|
||||
|
||||
* <<Event support:>> Building upon Spring's
|
||||
<<<ApplicationEvent>>> services, you can write your own listeners
|
||||
for authentication-related events, along with authorisation-related events.
|
||||
This enables you to implement account lockout and audit log systems, with
|
||||
complete decoupling from Spring Security code.
|
||||
|
||||
* <<Easy integration with existing databases:>> Our implementations
|
||||
have been designed to make it very easy to use your existing
|
||||
authentication schema and data (without modification). Of course,
|
||||
you can also provide your own Data Access Object if you wish.
|
||||
|
||||
* <<Caching:>> Spring Security integrates with Spring's {{{http://ehcache.sourceforge.net}EHCACHE}} factory.
|
||||
This flexibility means your database (or other authentication
|
||||
repository) is not repeatedly queried for authentication
|
||||
information.
|
||||
|
||||
* <<Pluggable architecture:>> Every critical aspect of the package
|
||||
has been modelled using high cohesion, loose coupling, interface-driven
|
||||
design principles. You can easily replace, customise or extend parts of
|
||||
the package.
|
||||
|
||||
* <<Startup-time validation:>> Every critical object dependency and
|
||||
configuration parameter is validated at application context startup
|
||||
time. Security configuration errors are therefore detected early and
|
||||
corrected quickly.
|
||||
|
||||
* <<Remoting support:>> Does your project use a rich client? Not a
|
||||
problem. Spring Security integrates with standard Spring remoting
|
||||
protocols, because it automatically processes the HTTP BASIC
|
||||
authentication headers they present. Add our BASIC authentication filter
|
||||
to your web.xml and you're done. You can also easily use RMI or Digest
|
||||
authentication for your rich clients with a simple configuration statement.
|
||||
|
||||
* <<Advanced password encoding:>> Of course, passwords in your
|
||||
authentication repository need not be in plain text. We support both SHA
|
||||
and MD5 encoding, and also pluggable "salt" providers to maximise
|
||||
password security. Spring Security doesn't even need to see the password
|
||||
if your backend can use a bind-based strategy for authentication (such as
|
||||
an LDAP directory, or a database login).
|
||||
|
||||
* <<Run-as replacement:>> The system fully supports
|
||||
temporarily replacing the authenticated principal for the duration of the web
|
||||
request or bean invocation. This enables you to build public-facing
|
||||
object tiers with different security configurations than your backend
|
||||
objects.
|
||||
|
||||
* <<Transparent security propagation:>> Spring Security can automatically
|
||||
transfer its core authentication information from one machine to another,
|
||||
using a variety of protocols including RMI and Spring's HttpInvoker.
|
||||
|
||||
* <<Compatible with HttpServletRequest's security methods:>> Even though
|
||||
Spring Security can deliver authentication using a range of pluggable mechanisms
|
||||
(most of which require no web container configuration), we allow you to access
|
||||
the resulting Authentication object via the getRemoteUser() and other
|
||||
security methods on HttpServletRequest.
|
||||
|
||||
* <<Unit tests:>> A must-have of any quality security project, unit
|
||||
tests are included. Our unit test coverage is very high, as shown in the
|
||||
{{{acegi-security/cobertura/index.html}coverage report}}.
|
||||
|
||||
* <<Built by Maven:>> This assists you in effectively reusing the Acegi
|
||||
Security artifacts in your own Maven-based projects.
|
||||
|
||||
* <<Supports your own unit tests:>> We provide a number of classes
|
||||
that assist with your own unit testing of secured business objects. For
|
||||
example, you can change the authentication identity and its associated
|
||||
granted authorities directly within your test methods.
|
||||
|
||||
* <<Peer reviewed:>> Whilst nothing is ever completely secure,
|
||||
using an open source security package leverages the continuous design
|
||||
and code quality improvements that emerge from peer review.
|
||||
|
||||
* <<Community:>> Well-known for its supportive community, Spring Security
|
||||
has an active group of developers and users. Visit our project resources (below)
|
||||
to access these services.
|
||||
|
||||
* <<Apache license.>> You can confidently use Spring Security in your project.
|
||||
Spring Security is the renamed Acegi Security System for Spring, which became an official Spring
|
||||
Portfolio project towards the end of 2007. It is the portolio's security offering, focused on providing a powerful and
|
||||
flexible security solution for enterprise applications developed using the Spring Framework.
|
||||
It is a stable and mature product - Acegi Security 1.0.0 was released in May 2006 after more than two and a half
|
||||
years of use in large production software projects.
|
||||
|
||||
Spring Security 2.0 builds on Acegi Security's solid foundations, adding new features such as a simplified
|
||||
namespace configuration syntax.
|
||||
|
||||
|
||||
~~ TODO: Expand based on original Acegi page.
|
|
@ -0,0 +1,92 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<faqs title="Frequently Asked Questions" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xsi:noNamespaceSchemaLocation="http://maven.apache.org/maven-1.x/plugins/faq/faq.xsd">
|
||||
|
||||
<part id="general">
|
||||
<title>General</title>
|
||||
<faq id="web-xml">
|
||||
<question>Why not just use web.xml security?</question>
|
||||
<answer>
|
||||
|
||||
<p>Let's assume you're developing an enterprise application based on Spring.
|
||||
There are four security concerns you typically need to address: authentication,
|
||||
web request security, service layer security (i.e. your methods that implement
|
||||
business logic), and domain object instance security (i.e. different domain objects
|
||||
have different permissions). With these typical requirements in mind:
|
||||
<ol>
|
||||
<li><b>Authentication</b>: The servlet specification provides an approach
|
||||
to authentication. However, you will need to configure the container
|
||||
to perform authentication which typically requires editing of
|
||||
container-specific "realm" settings. This makes a non-portable
|
||||
configuration, and if you need to write an actual Java class to implement
|
||||
the container's authentication interface, it becomes even more non-portable.
|
||||
With Spring Security you achieve complete portability - right down to the
|
||||
WAR level. Also, Spring Security offers a choice of production-proven
|
||||
authentication providers and mechanisms, meaning you can switch your
|
||||
authentication approaches at deployment time. This is particularly
|
||||
valuable for software vendors writing products that need to work in
|
||||
an unknown target environment.<br></br><br></br></li>
|
||||
<li><b>Web request security:</b> The servlet specification provides an
|
||||
approach to secure your request URIs. However, these URIs can only be
|
||||
expressed in the servlet specification's own limited URI path format.
|
||||
Spring Security provides a far more comprehensive approach. For instance,
|
||||
you can use Ant paths or regular expressions, you can consider parts of the
|
||||
URI other than simply the requested page (eg you can consider HTTP GET
|
||||
parameters), and you can implement your own runtime source of configuration
|
||||
data. This means your web request security can be dynamically changed during
|
||||
the actual execution of your webapp.<br></br><br></br></li>
|
||||
<li><b>Service layer and domain object security:</b> The absence of support
|
||||
in the servlet specification for services layer security or domain object
|
||||
instance security represent serious limitations for multi-tiered
|
||||
applications. Typically developers either ignore these requirements, or
|
||||
implement security logic within their MVC controller code (or even worse,
|
||||
inside the views). There are serious disadvantages with this approach:<br/><br/>
|
||||
<ol>
|
||||
<li><i>Separation of concerns:</i> Authorization is a
|
||||
crosscutting concern and should be implemented as such.
|
||||
MVC controllers or views implementing authorization code
|
||||
makes it more difficult to test both the controller and
|
||||
authorization logic, more difficult to debug, and will
|
||||
often lead to code duplication.</li>
|
||||
<li><i>Support for rich clients and web services:</i> If an
|
||||
additional client type must ultimately be supported, any
|
||||
authorization code embedded within the web layer is
|
||||
non-reusable. It should be considered that Spring remoting
|
||||
exporters only export service layer beans (not MVC
|
||||
controllers). As such authorization logic needs to be
|
||||
located in the services layer to support a multitude of
|
||||
client types.</li>
|
||||
<li><i>Layering issues:</i> An MVC controller or view is simply
|
||||
the incorrect architectural layer to implement authorization
|
||||
decisions concerning services layer methods or domain object
|
||||
instances. Whilst the Principal may be passed to the services
|
||||
layer to enable it to make the authorization decision, doing
|
||||
so would introduce an additional argument on every services
|
||||
layer method. A more elegant approach is to use a ThreadLocal
|
||||
to hold the Principal, although this would likely increase
|
||||
development time to a point where it would become more
|
||||
economical (on a cost-benefit basis) to simply use a dedicated
|
||||
security framework.</li>
|
||||
<li><i>Authorisation code quality:</i> It is often said of web
|
||||
frameworks that they "make it easier to do the right things,
|
||||
and harder to do the wrong things". Security frameworks are
|
||||
the same, because they are designed in an abstract manner for
|
||||
a wide range of purposes. Writing your own authorization code
|
||||
from scratch does not provide the "design check" a framework
|
||||
would offer, and in-house authorization code will typically
|
||||
lack the improvements that emerge from widespread deployment,
|
||||
peer review and new versions.
|
||||
</li></ol>
|
||||
</li>
|
||||
</ol>
|
||||
For simple applications, servlet specification security may just be enough.
|
||||
Although when considered within the context of web container portability,
|
||||
configuration requirements, limited web request security flexibility, and
|
||||
non-existent services layer and domain object instance security, it becomes
|
||||
clear why developers often look to alternative solutions.
|
||||
</p>
|
||||
</answer>
|
||||
|
||||
</faq>
|
||||
</part>
|
||||
</faqs>
|
|
@ -1,76 +1,42 @@
|
|||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
|
||||
<!--
|
||||
* ========================================================================
|
||||
*
|
||||
* Copyright 2004, 2005 Acegi Technology Pty Limited
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*
|
||||
* ========================================================================
|
||||
-->
|
||||
|
||||
<project name="Spring Security">
|
||||
<bannerLeft>
|
||||
<name>Spring Security on Sourceforge</name>
|
||||
<src>http://sourceforge.net/sflogo.php?group_id=104215&type=5</src>
|
||||
<href>http://sourceforge.net/projects/acegisecurity</href>
|
||||
</bannerLeft>
|
||||
<bannerRight>
|
||||
<name>Spring Security</name>
|
||||
<src>images/logo.gif</src>
|
||||
<href>http://acegisecurity.org/</href>
|
||||
</bannerRight>
|
||||
|
||||
<skin>
|
||||
<groupId>org.springframework.maven.skins</groupId>
|
||||
<artifactId>maven-spring-skin</artifactId>
|
||||
<version>1.0.4</version>
|
||||
</skin>
|
||||
<publishDate position="left" format="d MMM yyyy"/>
|
||||
<bannerLeft>
|
||||
<name>Spring Security</name>
|
||||
<src>http://www.springframework.org/files/logo.jpg
|
||||
</src>
|
||||
<href>http://static.springframework.org/spring-security/
|
||||
</href>
|
||||
</bannerLeft>
|
||||
<body>
|
||||
<!--
|
||||
<links>
|
||||
<item name="Spring Security on Sourceforge" href="http://sourceforge.net/projects/acegisecurity" />
|
||||
</links>
|
||||
|
||||
-->
|
||||
<menu name="Overview">
|
||||
<item name="Home" href="index.html"/>
|
||||
<item name="Building with Maven" href="building.html"/>
|
||||
<item name="Downloads" href="downloads.html"/>
|
||||
<item name="Building from Source" href="building.html"/>
|
||||
<item name="Downloads" href="http://www.springframework.org/download/"/>
|
||||
</menu>
|
||||
|
||||
<menu name="Documentation">
|
||||
<item name="Suggested Steps" href="suggested.html"/>
|
||||
<item name="Reference Guide" href="reference.html"/>
|
||||
<item name="Sample SQL Schema" href="dbinit.txt"/>
|
||||
<item name="FAQ" href="faq.html"/>
|
||||
<item name="Petclinic Tutorial" href="petclinic-tutorial.html"/>
|
||||
<item name="External Web Articles" href="articles.html"/>
|
||||
<item name="Products using Spring Security" href="powering.html"/>
|
||||
<item name="Use without Spring" href="standalone.html"/>
|
||||
<item name="Upgrading to 1.0.0" href="upgrade/upgrade-090-100.html"/>
|
||||
<item name="Upgrading to 0.9.0" href="upgrade/upgrade-080-090.html"/>
|
||||
<item name="Upgrading to 0.8.0" href="upgrade/upgrade-070-080.html"/>
|
||||
<item name="Core JavaDocs" href="spring-security-core/apidocs/index.html" target="_blank"/>
|
||||
<item name="Contacts HTTPS" href="spring-security-samples/spring-security-samples-contacts/sslhowto.txt"/>
|
||||
<item name="Project Policies" href="policies.html"/>
|
||||
<item name="Spring Security JIRA" href="http://opensource.atlassian.com/projects/spring/secure/BrowseProject.jspa?id=10040"/>
|
||||
<item name="JIRA Issue tracker" href="http://jira.springframework.org/browse/SEC"/>
|
||||
<item name="Road Map" href="http://jira.springframework.org/browse/SEC?report=com.atlassian.jira.plugin.system.project:roadmap-panel"/>
|
||||
<item name="Community Forum" href="http://forum.springframework.org/forumdisplay.php?f=33"/>
|
||||
<item name="Core Reports" href="spring-security-core/project-reports.html"/>
|
||||
</menu>
|
||||
|
||||
<menu ref="reports" name="Reports"/>
|
||||
|
||||
<menu name="Links" type="footer">
|
||||
<item name="Spring Framework" href="http://www.springframework.org/" img="http://www.springframework.org/buttons/spring_white.png"/>
|
||||
<item name="Interface21" href="http://www.interface21.com/" />
|
||||
</menu>
|
||||
<!--
|
||||
<poweredBy>
|
||||
<logo name="Spring" href="http://docs.codehaus.org/display/JETTY/Jetty+Powered" img="./images/small_powered_by.gif"/>
|
||||
</poweredBy>
|
||||
-->
|
||||
</body>
|
||||
</project>
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
<?xml version="1.0" encoding="ISO-8859-1"?>
|
||||
<document>
|
||||
<properties><title>Building</title></properties>
|
||||
<body>
|
||||
<section name="Building Spring Security">
|
||||
|
||||
<subsection name="Checking Out from Subversion (SVN)">
|
||||
|
||||
<p>This project uses <a href="http://maven.apache.org/">Maven</a> as project manager
|
||||
and build tool. We recommend you to install Maven 2.0.5 or greater before trying
|
||||
the following.</p><p>To checkout Spring Security from SVN, see our
|
||||
<a href="svn-usage.html">SVN Usage</a> page.</p>
|
||||
|
||||
</subsection>
|
||||
|
||||
<subsection name="Quick Build"><p>Often people reading this document just want to see if Spring Security will work
|
||||
for their projects. They want to deploy a sample application, and that's about it
|
||||
(after all, all the reference documentation can be read online at
|
||||
<a href="http://acegisecurity.org/">http://acegisecurity.org</a>).
|
||||
Assuming you've already checked out the code from subversion, start up a command prompt and
|
||||
execute the following commands from the directory containing the project source:</p>
|
||||
<ol>
|
||||
<pre>mvn install</pre>
|
||||
<pre>cd samples/contacts</pre>
|
||||
<pre>mvn jetty:run</pre>
|
||||
</ol>
|
||||
|
||||
<p>This should build the framework lirary jars, install them to your local maven repository and run the "contacts"
|
||||
sample application using the maven jetty plugin (JDK 1.5 or later is required to run the Jetty plugin).
|
||||
You should then be able to point your browser at
|
||||
<a href="http://localhost:8080/contacts/">http://localhost:8080/contacts/</a> to use the application.
|
||||
</p>
|
||||
|
||||
</subsection>
|
||||
|
||||
</section>
|
||||
|
||||
</body>
|
||||
|
||||
</document>
|
Loading…
Reference in New Issue