Fix a few typos in the documentation

This commit is contained in:
Robin Dupret 2020-06-09 13:13:57 +02:00 committed by Rob Winch
parent 1d821a2664
commit bb0fac66d6
8 changed files with 16 additions and 16 deletions

View File

@ -355,7 +355,7 @@ The `Argon2PasswordEncoder` implementation uses the https://en.wikipedia.org/wik
Argon2 is the winner of the https://en.wikipedia.org/wiki/Password_Hashing_Competition[Password Hashing Competition].
In order to defeat password cracking on custom hardware, Argon2 is a deliberately slow algorithm that requires large amounts of memory.
Like other adaptive one-way functions, it should be tuned to take about 1 second to verify a password on your system.
The current implementation if the `Argon2PasswordEncoder` requires BouncyCastle.
The current implementation of the `Argon2PasswordEncoder` requires BouncyCastle.
.Argon2PasswordEncoder
====

View File

@ -72,7 +72,7 @@ Expires: 0
====
In order to be secure by default, Spring Security adds these headers by default.
However, if your application provides it's own cache control headers Spring Security will back out of the way.
However, if your application provides its own cache control headers Spring Security will back out of the way.
This allows for applications to ensure that static resources like CSS and JavaScript can be cached.
@ -119,7 +119,7 @@ Refer to the relevant sections to see how to customize the defaults for both <<s
When you type in your bank's website, do you enter mybank.example.com or do you enter https://mybank.example.com[]?
If you omit the https protocol, you are potentially vulnerable to https://en.wikipedia.org/wiki/Man-in-the-middle_attack[Man in the Middle attacks].
Even if the website performs a redirect to https://mybank.example.com a malicious user could intercept the initial HTTP request and manipulate the response (i.e. redirect to https://mibank.example.com and steal their credentials).
Even if the website performs a redirect to https://mybank.example.com a malicious user could intercept the initial HTTP request and manipulate the response (e.g. redirect to https://mibank.example.com and steal their credentials).
Many users omit the https protocol and this is why https://tools.ietf.org/html/rfc6797[HTTP Strict Transport Security (HSTS)] was created.
Once mybank.example.com is added as a https://tools.ietf.org/html/rfc6797#section-5.1[HSTS host], a browser can know ahead of time that any request to mybank.example.com should be interpreted as https://mybank.example.com.
@ -144,7 +144,7 @@ Strict-Transport-Security: max-age=31536000 ; includeSubDomains ; preload
----
====
The optional `includeSubDomains` directive instructs the browser that subdomains (i.e. secure.mybank.example.com) should also be treated as an HSTS domain.
The optional `includeSubDomains` directive instructs the browser that subdomains (e.g. secure.mybank.example.com) should also be treated as an HSTS domain.
The optional `preload` directive instructs the browser that domain should be preloaded in browser as HSTS domain.
For more details on HSTS preload please see https://hstspreload.org.

View File

@ -23,7 +23,7 @@ In a Servlet container, ``Filter``s are invoked based upon the URL alone.
However, `FilterChainProxy` can determine invocation based upon anything in the `HttpServletRequest` by leveraging the `RequestMatcher` interface.
In fact, `FilterChainProxy` can be used to determine which `SecurityFilterChain` should be used.
This allows providing a totally separate configuration for different _slices_ if your application.
This allows providing a totally separate configuration for different _slices_ of your application.
.Multiple SecurityFilterChain
[[servlet-multi-securityfilterchain-figure]]

View File

@ -6,7 +6,7 @@
`ProviderManager` delegates to a `List` of <<servlet-authentication-authenticationprovider,``AuthenticationProvider``s>>.
// FIXME: link to AuthenticationProvider
Each `AuthenticationProvider` has an opportunity to indicate that authentication should be successful, fail, or indicate it cannot make a decision and allow a downstream `AuthenticationProvider` to decide.
If none of the configured ``AuthenticationProvider``s can authenticate, then authentication will fail with a `ProviderNotFoundException` which is a special `AuthenticationException` that indicates the `ProviderManager` was not configured support the type of `Authentication` that was passed into it.
If none of the configured ``AuthenticationProvider``s can authenticate, then authentication will fail with a `ProviderNotFoundException` which is a special `AuthenticationException` that indicates the `ProviderManager` was not configured to support the type of `Authentication` that was passed into it.
image::{figures}/providermanager.png[]

View File

@ -65,7 +65,7 @@ The samples above store the passwords in a secure format, but leave a lot to be
In the sample below we leverage <<authentication-password-storage-dep-getting-started,User.withDefaultPasswordEncoder>> to ensure that the password stored in memory is protected.
However, it does not protect the password against obtaining the password by decompiling the source code.
However, it does not protect against obtaining the password by decompiling the source code.
For this reason, `User.withDefaultPasswordEncoder` should only be used for "getting started" and is not intended for production.
.InMemoryUserDetailsManager with User.withDefaultPasswordEncoder

View File

@ -72,7 +72,7 @@ Columns include the ID, a foreign key to the ACL_CLASS table, a unique identifie
We have a single row for every domain object instance we're storing ACL permissions for.
* Finally, ACL_ENTRY stores the individual permissions assigned to each recipient.
Columns include a foreign key to the ACL_OBJECT_IDENTITY, the recipient (ie a foreign key to ACL_SID), whether we'll be auditing or not, and the integer bit mask that represents the actual permission being granted or denied.
Columns include a foreign key to the ACL_OBJECT_IDENTITY, the recipient (i.e. a foreign key to ACL_SID), whether we'll be auditing or not, and the integer bit mask that represents the actual permission being granted or denied.
We have a single row for every recipient that receives a permission to work with a domain object.
@ -113,7 +113,7 @@ The default implementation is called `ObjectIdentityImpl`.
* `AclService`: Retrieves the `Acl` applicable for a given `ObjectIdentity`.
In the included implementation (`JdbcAclService`), retrieval operations are delegated to a `LookupStrategy`.
The `LookupStrategy` provides a highly optimized strategy for retrieving ACL information, using batched retrievals `(BasicLookupStrategy`) and supporting custom implementations that leverage materialized views, hierarchical queries and similar performance-centric, non-ANSI SQL capabilities.
The `LookupStrategy` provides a highly optimized strategy for retrieving ACL information, using batched retrievals (`BasicLookupStrategy`) and supporting custom implementations that leverage materialized views, hierarchical queries and similar performance-centric, non-ANSI SQL capabilities.
* `MutableAclService`: Allows a modified `Acl` to be presented for persistence.
It is not essential to use this interface if you do not wish.
@ -141,7 +141,7 @@ You'll also need to populate the database with the four ACL-specific tables list
Once you've created the required schema and instantiated `JdbcMutableAclService`, you'll next need to ensure your domain model supports interoperability with the Spring Security ACL package.
Hopefully `ObjectIdentityImpl` will prove sufficient, as it provides a large number of ways in which it can be used.
Most people will have domain objects that contain a `public Serializable getId()` method.
If the return type is long, or compatible with long (eg an int), you will find you need not give further consideration to `ObjectIdentity` issues.
If the return type is long, or compatible with long (e.g. an int), you will find you need not give further consideration to `ObjectIdentity` issues.
Many parts of the ACL module rely on long identifiers.
If you're not using long (or an int, byte etc), there is a very good chance you'll need to reimplement a number of classes.
We do not intend to support non-long identifiers in Spring Security's ACL module, as longs are already compatible with all database sequences, the most common identifier data type, and are of sufficient length to accommodate all common usage scenarios.

View File

@ -103,7 +103,7 @@ For example:
Here we have defined that the "admin" area of an application (defined by the URL pattern) should only be available to users who have the granted authority "admin" and whose IP address matches a local subnet.
We've already seen the built-in `hasRole` expression in the previous section.
The expression `hasIpAddress` is an additional built-in expression which is specific to web security.
It is defined by the `WebSecurityExpressionRoot` class, an instance of which is used as the expression root object when evaluation web-access expressions.
It is defined by the `WebSecurityExpressionRoot` class, an instance of which is used as the expression root object when evaluating web-access expressions.
This object also directly exposed the `HttpServletRequest` object under the name `request` so you can invoke the request directly in an expression.
If expressions are being used, a `WebExpressionVoter` will be added to the `AccessDecisionManager` which is used by the namespace.
So if you aren't using the namespace and want to use expressions, you will have to add one of these to your configuration.
@ -207,7 +207,7 @@ Their use is enabled through the `global-method-security` namespace element:
===== Access Control using @PreAuthorize and @PostAuthorize
The most obviously useful annotation is `@PreAuthorize` which decides whether a method can actually be invoked or not.
For example (from the"Contacts" sample application)
For example (from the "Contacts" sample application)
[source,java]
----
@ -226,7 +226,7 @@ public void deletePermission(Contact contact, Sid recipient, Permission permissi
----
Here we're actually using a method argument as part of the expression to decide whether the current user has the "admin"permission for the given contact.
The built-in `hasPermission()` expression is linked into the Spring Security ACL module through the application context, as we'll<<el-permission-evaluator,see below>>.
The built-in `hasPermission()` expression is linked into the Spring Security ACL module through the application context, as we'll <<el-permission-evaluator,see below>>.
You can access any of the method arguments by name as expression variables.
There are a number of ways in which Spring Security can resolve the method arguments.
@ -251,7 +251,7 @@ public void doSomething(@P("c") Contact contact);
+
Behind the scenes this use implemented using `AnnotationParameterNameDiscoverer` which can be customized to support the value attribute of any specified annotation.
Behind the scenes this is implemented using `AnnotationParameterNameDiscoverer` which can be customized to support the value attribute of any specified annotation.
* If Spring Data's `@Param` annotation is present on at least one parameter for the method, the value will be used.
This is useful for interfaces compiled with a JDK prior to JDK 8 which do not contain any information about the parameter names.
@ -271,7 +271,7 @@ Contact findContactByName(@Param("n") String name);
+
Behind the scenes this use implemented using `AnnotationParameterNameDiscoverer` which can be customized to support the value attribute of any specified annotation.
Behind the scenes this is implemented using `AnnotationParameterNameDiscoverer` which can be customized to support the value attribute of any specified annotation.
* If JDK 8 was used to compile the source with the -parameters argument and Spring 4+ is being used, then the standard JDK reflection API is used to discover the parameter names.
This works on both classes and interfaces.

View File

@ -140,4 +140,4 @@ A bean declaration which achieves this is shown below:
That's it!
Now you can create your beans from anywhere within your application, using whatever means you think fit (eg `new Person();`) and they will have the security interceptor applied.
Now you can create your beans from anywhere within your application, using whatever means you think fit (e.g. `new Person();`) and they will have the security interceptor applied.