From 057ea4fb1705d4ba44bfd09b15082a5086fc4c66 Mon Sep 17 00:00:00 2001 From: "Ryan W. Moore" Date: Sat, 28 May 2016 19:27:56 -0400 Subject: [PATCH 1/5] Docs: Make 'Getting Started' a level 1 section heading This fixes the following build error: asciidoctor: ERROR: index.adoc: line 26: invalid part, must have at least one section (e.g., chapter, appendix, etc.) --- docs/manual/src/docs/asciidoc/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/src/docs/asciidoc/index.adoc b/docs/manual/src/docs/asciidoc/index.adoc index 7dec6ac04e..a945dca9c4 100644 --- a/docs/manual/src/docs/asciidoc/index.adoc +++ b/docs/manual/src/docs/asciidoc/index.adoc @@ -23,7 +23,7 @@ Finally, welcome to the Spring Security <>. [[getting-started]] -= Getting Started +== Getting Started The later parts of this guide provide an in-depth discussion of the framework architecture and implementation classes, which you need to understand if you want to do any serious customization. In this part, we'll introduce Spring Security 4.0, give a brief overview of the project's history and take a slightly gentler look at how to get started using the framework. In particular, we'll look at namespace configuration which provides a much simpler way of securing your application compared to the traditional Spring bean approach where you have to wire up all the implementation classes individually. We'll also take a look at the sample applications that are available. It's worth trying to run these and experimenting with them a bit even before you read the later sections - you can dip back into them as your understanding of the framework increases. Please also check out the http://spring.io/spring-security[project website] as it has useful information on building the project, plus links to articles, videos and tutorials. From cdb04c50e826eec293dffb4fbf3d150d566525be Mon Sep 17 00:00:00 2001 From: "Ryan W. Moore" Date: Sat, 28 May 2016 20:05:47 -0400 Subject: [PATCH 2/5] Docs: Fix broken link to websocket security info --- docs/manual/src/docs/asciidoc/_includes/websocket.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/manual/src/docs/asciidoc/_includes/websocket.adoc b/docs/manual/src/docs/asciidoc/_includes/websocket.adoc index ffbeeec6ab..7b4b5db09a 100644 --- a/docs/manual/src/docs/asciidoc/_includes/websocket.adoc +++ b/docs/manual/src/docs/asciidoc/_includes/websocket.adoc @@ -39,7 +39,7 @@ This will ensure that: <2> The SecurityContextHolder is populated with the user within the simpUser header attribute for any inbound request. <3> Our messages require the proper authorization. Specifically, any inbound message that starts with "/user/" will require ROLE_USER. Additional details on authorization can be found in <> -Spring Security also provides <> support for securing WebSockets. +Spring Security also provides <> support for securing WebSockets. A comparable XML based configuration looks like the following: [source,xml] @@ -100,7 +100,7 @@ This will ensure that: <5> Any other message of type MESSAGE or SUBSCRIBE is rejected. Due to 6 we do not need this step, but it illustrates how one can match on specific message types. <6> Any other Message is rejected. This is a good idea to ensure that you do not miss any messages. -Spring Security also provides <> support for securing WebSockets. +Spring Security also provides <> support for securing WebSockets. A comparable XML based configuration looks like the following: [source,xml] From 38e9f6a85107c3cb5d72d0b9a4dbd64c25ad1805 Mon Sep 17 00:00:00 2001 From: "Ryan W. Moore" Date: Sat, 28 May 2016 20:07:59 -0400 Subject: [PATCH 3/5] Docs: Fix broken link to csrfInput tag info ID names are case sensitive. --- docs/manual/src/docs/asciidoc/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/src/docs/asciidoc/index.adoc b/docs/manual/src/docs/asciidoc/index.adoc index a945dca9c4..a7d1218f00 100644 --- a/docs/manual/src/docs/asciidoc/index.adoc +++ b/docs/manual/src/docs/asciidoc/index.adoc @@ -3328,7 +3328,7 @@ The last step is to ensure that you include the CSRF token in all PATCH, POST, P ---- -An easier approach is to use <> from the Spring Security JSP tag library. +An easier approach is to use <> from the Spring Security JSP tag library. [NOTE] ==== From fd65652bbeee8bee6c5d378b42d54cec8050ed51 Mon Sep 17 00:00:00 2001 From: "Ryan W. Moore" Date: Sat, 28 May 2016 20:38:02 -0400 Subject: [PATCH 4/5] Docs: Fix broken link to security database schema --- docs/manual/src/docs/asciidoc/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/src/docs/asciidoc/index.adoc b/docs/manual/src/docs/asciidoc/index.adoc index a7d1218f00..07b92a317e 100644 --- a/docs/manual/src/docs/asciidoc/index.adoc +++ b/docs/manual/src/docs/asciidoc/index.adoc @@ -1357,7 +1357,7 @@ If you want to use a database, then you can use ---- -Where "securityDataSource" is the name of a `DataSource` bean in the application context, pointing at a database containing the standard Spring Security <>. Alternatively, you could configure a Spring Security `JdbcDaoImpl` bean and point at that using the `user-service-ref` attribute: +Where "securityDataSource" is the name of a `DataSource` bean in the application context, pointing at a database containing the standard Spring Security <>. Alternatively, you could configure a Spring Security `JdbcDaoImpl` bean and point at that using the `user-service-ref` attribute: [source,xml] ---- From 8aea83011de3ee7f19d04e3d78229dd1d0cb2162 Mon Sep 17 00:00:00 2001 From: "Ryan W. Moore" Date: Sat, 28 May 2016 21:06:30 -0400 Subject: [PATCH 5/5] Docs: Remove broken link I think the originally intended destination no longer exists in the documentation. --- docs/manual/src/docs/asciidoc/index.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/manual/src/docs/asciidoc/index.adoc b/docs/manual/src/docs/asciidoc/index.adoc index 07b92a317e..ace15047cd 100644 --- a/docs/manual/src/docs/asciidoc/index.adoc +++ b/docs/manual/src/docs/asciidoc/index.adoc @@ -7597,7 +7597,7 @@ If disabled, the X-Frame-Options header will not be included. Default false. * **policy** ** `DENY` The page cannot be displayed in a frame, regardless of the site attempting to do so. This is the default when frame-options-policy is specified. ** `SAMEORIGIN` The page can only be displayed in a frame on the same origin as the page itself -** `ALLOW-FROM` <> The page can only be displayed in a frame on the specified origin. +** `ALLOW-FROM origin` The page can only be displayed in a frame on the specified origin. +