From c95fe8af28d15859e2d476dd708a8476406f137d Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Wed, 28 Apr 2010 20:14:08 +0100 Subject: [PATCH] Adjust section in namespace chapter and increase section depth in manual TOC for easier reference. --- docs/manual/src/docbook/namespace-config.xml | 114 +++++++++---------- docs/manual/src/xsl/html-custom.xsl | 4 +- 2 files changed, 59 insertions(+), 59 deletions(-) diff --git a/docs/manual/src/docbook/namespace-config.xml b/docs/manual/src/docbook/namespace-config.xml index 5f245a48a2..290631f506 100644 --- a/docs/manual/src/docbook/namespace-config.xml +++ b/docs/manual/src/docbook/namespace-config.xml @@ -235,37 +235,38 @@ . They each have attributes which can be used to alter their behaviour. -
- Form and Basic Login Options - You might be wondering where the login form came from when you were prompted - to log in, since we made no mention of any HTML files or JSPs. In fact, since we - didn't explicitly set a URL for the login page, Spring Security generates one - automatically, based on the features that are enabled and using standard values - for the URL which processes the submitted login, the default target URL the user - will be sent to after loggin in and so on. However, the namespace offers plenty - of support to allow you to customize these options. For example, if you want to - supply your own login page, you could use: +
+ Form and Basic Login Options + You might be wondering where the login form came from when you were prompted + to log in, since we made no mention of any HTML files or JSPs. In fact, since we + didn't explicitly set a URL for the login page, Spring Security generates one + automatically, based on the features that are enabled and using standard values + for the URL which processes the submitted login, the default target URL the user + will be sent to after loggin in and so on. However, the namespace offers plenty + of support to allow you to customize these options. For example, if you want to + supply your own login page, you could use: ]]> - Note that you can still use auto-config. The - form-login element just overrides the default settings. Also - note that we've added an extra intercept-url element to say - that any requests for the login page should be available to anonymous users - See the chapter on anonymous - authentication and also the AuthenticatedVoter class for - more details on how the value - IS_AUTHENTICATED_ANONYMOUSLY is processed. - . Otherwise the request would be matched by the pattern - /** and it wouldn't be possible to access the login page - itself! This is a common configuration error and will result in an infinite loop - in the application. Spring Security will emit a warning in the log if your login - page appears to be secured. It is also possible to have all requests matching a - particular pattern bypass the security filter chain completely: Note that you can still use auto-config. The + form-login element just overrides the default settings. Also + note that we've added an extra intercept-url element to say + that any requests for the login page should be available to anonymous users + See the chapter on anonymous + authentication and also the AuthenticatedVoter class for + more details on how the value + IS_AUTHENTICATED_ANONYMOUSLY is processed. + . Otherwise the request would be matched by the pattern + /** and it wouldn't be possible to access the login page + itself! This is a common configuration error and will result in an infinite loop + in the application. Spring Security will emit a warning in the log if your login + page appears to be secured. It is also possible to have all requests matching a + particular pattern bypass the security filter chain completely: @@ -273,34 +274,34 @@ ]]> - It's important to realise that these requests will be completely - oblivious to any further Spring Security web-related configuration or additional - attributes such as requires-channel, so you will not be able - to access information on the current user or call secured methods during the - request. Use access='IS_AUTHENTICATED_ANONYMOUSLY' as an - alternative if you still want the security filter chain to be applied. - If you want to use basic authentication instead of form login, then change the - configuration to It's important to realise that these requests will be completely + oblivious to any further Spring Security web-related configuration or additional + attributes such as requires-channel, so you will not be able + to access information on the current user or call secured methods during the + request. Use access='IS_AUTHENTICATED_ANONYMOUSLY' as an + alternative if you still want the security filter chain to be applied. + If you want to use basic authentication instead of form login, then change the + configuration to ]]> - Basic authentication will then take precedence and will be used to - prompt for a login when a user attempts to access a protected resource. Form - login is still available in this configuration if you wish to use it, for - example through a login form embedded in another web page. -
- Setting a Default Post-Login Destination - If a form login isn't prompted by an attempt to access a protected - resource, the default-target-url option comes into play. - This is the URL the user will be taken to after successfully logging in, and - defaults to "/". You can also configure things so that the user - always ends up at this page (regardless of whether the - login was "on-demand" or they explicitly chose to log in) by setting the - always-use-default-target attribute to "true". This is - useful if your application always requires that the user starts at a "home" - page, for example: Basic authentication will then take precedence and will be used to + prompt for a login when a user attempts to access a protected resource. Form + login is still available in this configuration if you wish to use it, for + example through a login form embedded in another web page. +
+ Setting a Default Post-Login Destination + If a form login isn't prompted by an attempt to access a protected + resource, the default-target-url option comes into play. + This is the URL the user will be taken to after successfully logging in, and + defaults to "/". You can also configure things so that the user + always ends up at this page (regardless of whether the + login was "on-demand" or they explicitly chose to log in) by setting the + always-use-default-target attribute to "true". This is + useful if your application always requires that the user starts at a "home" + page, for example: @@ -308,15 +309,14 @@ always-use-default-target='true' /> ]]> - For even more control over the destination, you can use the - authentication-success-handler-ref attribute as an - alternative to default-target-url. The referenced bean - should be an instance of - AuthenticationSuccessHandler. You'll find - more on this in the Core - Filters chapter and also in the namespace appendix, as well as - information on how to customize the flow when authentication fails. -
+ For even more control over the destination, you can use the + authentication-success-handler-ref attribute as an + alternative to default-target-url. The referenced bean + should be an instance of + AuthenticationSuccessHandler. You'll find + more on this in the Core + Filters chapter and also in the namespace appendix, as well as + information on how to customize the flow when authentication fails.
diff --git a/docs/manual/src/xsl/html-custom.xsl b/docs/manual/src/xsl/html-custom.xsl index abfc5e580d..76e6fb0bbe 100644 --- a/docs/manual/src/xsl/html-custom.xsl +++ b/docs/manual/src/xsl/html-custom.xsl @@ -68,8 +68,8 @@ - - 2 + + 3