Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixes for Documentation 

Fixes for the Documentation
This commit is contained in:
Rob Winch 2016-05-31 21:40:21 -05:00
parent 503828c994 8aea83011d
commit cf78793f8f
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/manual/src/docs/asciidoc/_includes/websocket.adoc
View File

@ -39,7 +39,7 @@ This will ensure that:
<2> The SecurityContextHolder is populated with the user within the simpUser header attribute for any inbound request.
<3> Our messages require the proper authorization. Specifically, any inbound message that starts with "/user/" will require ROLE_USER. Additional details on authorization can be found in <<websocket-authorization>>
Spring Security also provides <<nsa-websocket,XML Namespace>> support for securing WebSockets.
Spring Security also provides <<nsa-websocket-security,XML Namespace>> support for securing WebSockets.
A comparable XML based configuration looks like the following:
[source,xml]
@ -100,7 +100,7 @@ This will ensure that:
<5> Any other message of type MESSAGE or SUBSCRIBE is rejected. Due to 6 we do not need this step, but it illustrates how one can match on specific message types.
<6> Any other Message is rejected. This is a good idea to ensure that you do not miss any messages.
Spring Security also provides <<nsa-websocket,XML Namespace>> support for securing WebSockets.
Spring Security also provides <<nsa-websocket-security,XML Namespace>> support for securing WebSockets.
A comparable XML based configuration looks like the following:
[source,xml]

8
docs/manual/src/docs/asciidoc/index.adoc
View File

@ -23,7 +23,7 @@ Finally, welcome to the Spring Security <<community,community>>.
[[getting-started]]
= Getting Started
== Getting Started
The later parts of this guide provide an in-depth discussion of the framework architecture and implementation classes, which you need to understand if you want to do any serious customization. In this part, we'll introduce Spring Security 4.0, give a brief overview of the project's history and take a slightly gentler look at how to get started using the framework. In particular, we'll look at namespace configuration which provides a much simpler way of securing your application compared to the traditional Spring bean approach where you have to wire up all the implementation classes individually.
We'll also take a look at the sample applications that are available. It's worth trying to run these and experimenting with them a bit even before you read the later sections - you can dip back into them as your understanding of the framework increases. Please also check out the http://spring.io/spring-security[project website] as it has useful information on building the project, plus links to articles, videos and tutorials.
@ -1357,7 +1357,7 @@ If you want to use a database, then you can use
</authentication-manager>
----
Where "securityDataSource" is the name of a `DataSource` bean in the application context, pointing at a database containing the standard Spring Security <<db_schema_users_authorities,user data tables>>. Alternatively, you could configure a Spring Security `JdbcDaoImpl` bean and point at that using the `user-service-ref` attribute:
Where "securityDataSource" is the name of a `DataSource` bean in the application context, pointing at a database containing the standard Spring Security <<user-schema,user data tables>>. Alternatively, you could configure a Spring Security `JdbcDaoImpl` bean and point at that using the `user-service-ref` attribute:
[source,xml]
----
@ -3328,7 +3328,7 @@ The last step is to ensure that you include the CSRF token in all PATCH, POST, P
</form>
----
An easier approach is to use <<the-csrfInput-tag,the csrfInput tag>> from the Spring Security JSP tag library.
An easier approach is to use <<the-csrfinput-tag,the csrfInput tag>> from the Spring Security JSP tag library.
[NOTE]
====
@ -7597,7 +7597,7 @@ If disabled, the X-Frame-Options header will not be included. Default false.
* **policy**
** `DENY` The page cannot be displayed in a frame, regardless of the site attempting to do so. This is the default when frame-options-policy is specified.
** `SAMEORIGIN` The page can only be displayed in a frame on the same origin as the page itself
** `ALLOW-FROM` <<nsa-frame-options-origin,origin>> The page can only be displayed in a frame on the specified origin.
** `ALLOW-FROM origin` The page can only be displayed in a frame on the specified origin.
+