From c4a1f1b4a8738593076d1dbfecf0dc79f92bc4be Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 16 Jul 2015 15:26:43 -0500 Subject: [PATCH] SEC-2965: Fix invalid formatted links in reference documentation --- docs/manual/src/asciidoc/index.adoc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/manual/src/asciidoc/index.adoc b/docs/manual/src/asciidoc/index.adoc index dd9d7616e6..be1cdc46be 100644 --- a/docs/manual/src/asciidoc/index.adoc +++ b/docs/manual/src/asciidoc/index.adoc @@ -3569,7 +3569,7 @@ public class WebSecurityConfig extends [[headers-frame-options]] ==== X-Frame-Options -Allowing your website to be added to a frame can be a security issue. For example, using clever CSS styling users could be tricked into clicking on something that they were not intending (http://www.youtube.com/watch?v=3mk0RySeNsU[video demo]). For example, a user that is logged into their bank might click a button that grants access to other users. This sort of attack is known ashttp://en.wikipedia.org/wiki/Clickjacking[Clickjacking]. +Allowing your website to be added to a frame can be a security issue. For example, using clever CSS styling users could be tricked into clicking on something that they were not intending (http://www.youtube.com/watch?v=3mk0RySeNsU[video demo]). For example, a user that is logged into their bank might click a button that grants access to other users. This sort of attack is known as http://en.wikipedia.org/wiki/Clickjacking[Clickjacking]. [NOTE] ==== @@ -4860,7 +4860,7 @@ Often a more complicated strategy than simple DN-matching is required to locate [[ldap-searchobjects-filter]] ===== FilterBasedLdapUserSearch -This bean uses an LDAP filter to match the user object in the directory. The process is explained in the Javadoc for the corresponding search method on thehttp://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html#search(javax.naming.Name,%20java.lang.String,%20java.lang.Object[],%20javax.naming.directory.SearchControls)[JDK DirContext class]. As explained there, the search filter can be supplied with parameters. For this class, the only valid parameter is `{0}` which will be replaced with the user's login name. +This bean uses an LDAP filter to match the user object in the directory. The process is explained in the Javadoc for the corresponding search method on the http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html#search(javax.naming.Name,%20java.lang.String,%20java.lang.Object[],%20javax.naming.directory.SearchControls)[JDK DirContext class]. As explained there, the search filter can be supplied with parameters. For this class, the only valid parameter is `{0}` which will be replaced with the user's login name. [[ldap-authorities]] @@ -6064,7 +6064,9 @@ public Callable processUpload(final MultipartFile file) { More technically speaking, Spring Security integrates with `WebAsyncManager`. The `SecurityContext` that is used to process the `Callable` is the `SecurityContext` that exists on the `SecurityContextHolder` at the time `startCallableProcessing` is invoked. ==== -There is no automatic integration with a `DeferredResult` that is returned by controllers. This is because `DeferredResult` is processed by the users and thus there is no way of automatically integrating with it. However, you can still use <> to provide transparent integration with Spring Security. +There is no automatic integration with a `DeferredResult` that is returned by controllers. +This is because `DeferredResult` is processed by the users and thus there is no way of automatically integrating with it. +However, you can still use <> to provide transparent integration with Spring Security. [[mvc-csrf]] === Spring MVC and CSRF Integration