Fix images

- Move images into assets/
- Remove figures form antora.yml
- Add :figures: to each page that uses it

docs/antora.yml

@@ -8,7 +8,6 @@ asciidoc:
     idprefix: ''
     idseparator: '-'
     apacheds-core-version: 1.5.5
-    figures: servlet/architecture
     gh-old-samples-url: https://github.com/spring-projects/spring-security/tree/5.4.x/samples
     gh-samples-url: https://github.com/spring-projects/spring-security-samples/tree/main
     gh-url: https://github.com/spring-projects/spring-security/tree/main

docs/modules/ROOT/pages/servlet/architecture/index.adoc

@@ -1,7 +1,6 @@
 [[servlet-architecture]]
 = Servlet Security: The Big Picture
-:figures: images/servlet/architecture
-:icondir: images/icons
+:figures: servlet/architecture
 
 This section discusses Spring Security's high level architecture within Servlet based applications.
 We build on this high level understanding within <<servlet-authentication>>, <<servlet-authorization>>, <<servlet-exploits>> sections of the reference.

docs/modules/ROOT/pages/servlet/authentication/architecture/index.adoc

@@ -1,7 +1,6 @@
 [[servlet-authentication-architecture]]
 = Servlet Authentication Architecture
-:figures: images/servlet/authentication/architecture
-:icondir: images/icons
+:figures: servlet/authentication/architecture
 
 This discussion expands on <<servlet-architecture>> to describe the main architectural components of Spring Security's used in Servlet authentication.
 If you need concrete flows that explain how these pieces fit together, look at the <<servlet-authentication-mechanisms,Authentication Mechanism>> specific sections.
@@ -20,6 +19,7 @@ This also gives a good idea of the high level flow of authentication and how pie
 [[servlet-authentication-securitycontextholder]]
 == SecurityContextHolder
 
+Hi {figures} there
 
 At the heart of Spring Security's authentication model is the `SecurityContextHolder`.
 It contains the <<servlet-authentication-securitycontext>>.

docs/modules/ROOT/pages/servlet/authentication/unpwd/basic.adoc

@@ -1,5 +1,6 @@
 [[servlet-authentication-basic]]
 = Basic Authentication
+:figures: servlet/authentication/unpwd
 
 This section provides details on how Spring Security provides support for https://tools.ietf.org/html/rfc7617[Basic HTTP Authentication] for servlet based applications.
 // FIXME: describe authenticationentrypoint, authenticationfailurehandler, authenticationsuccesshandler

docs/modules/ROOT/pages/servlet/authentication/unpwd/dao-authentication-provider.adoc

@@ -1,5 +1,6 @@
 [[servlet-authentication-daoauthenticationprovider]]
 = DaoAuthenticationProvider
+:figures: servlet/authentication/unpwd
 
 {security-api-url}org/springframework/security/authentication/dao/DaoAuthenticationProvider.html[`DaoAuthenticationProvider`] is an <<servlet-authentication-authenticationprovider,`AuthenticationProvider`>> implementation that leverages a <<servlet-authentication-userdetailsservice,`UserDetailsService`>> and <<servlet-authentication-password-storage,`PasswordEncoder`>> to authenticate a username and password.
 

docs/modules/ROOT/pages/servlet/authentication/unpwd/form.adoc

@@ -1,5 +1,6 @@
 [[servlet-authentication-form]]
 = Form Login
+:figures: servlet/authentication/unpwd
 
 Spring Security provides support for username and password being provided through an html form.
 This section provides details on how form based authentication works within Spring Security.

docs/modules/ROOT/pages/servlet/authorization/architecture.adoc

@@ -2,7 +2,7 @@
 
 [[authz-arch]]
 = Authorization Architecture
-
+:figures: servlet/authorization
 
 [[authz-authorities]]
 == Authorities
@@ -70,7 +70,7 @@ Whilst users can implement their own `AccessDecisionManager` to control all aspe
 
 [[authz-access-voting]]
 .Voting Decision Manager
-image::images/access-decision-voting.png[]
+image::{figures}/access-decision-voting.png[]
 
 
 
@@ -140,7 +140,7 @@ Whilst you could easily implement your own AOP concern to achieve this, Spring S
 
 [[authz-after-invocation]]
 .After Invocation Implementation
-image::images/after-invocation.png[]
+image::{figures}/after-invocation.png[]
 
 Like many other parts of Spring Security, `AfterInvocationManager` has a single concrete implementation, `AfterInvocationProviderManager`, which polls a list of ``AfterInvocationProvider``s.
 Each `AfterInvocationProvider` is allowed to modify the return object or throw an `AccessDeniedException`.

docs/modules/ROOT/pages/servlet/authorization/authorize-requests.adoc

@@ -1,7 +1,6 @@
 [[servlet-authorization-filtersecurityinterceptor]]
 = Authorize HttpServletRequest with FilterSecurityInterceptor
-:figures: images/servlet/authorization
-:icondir: images/icons
+:figures: servlet/authorization
 
 This section builds on <<servlet-architecture,Servlet Architecture and Implementation>> by digging deeper into how <<servlet-authorization,authorization>> works within Servlet based applications.
 

docs/modules/ROOT/pages/servlet/oauth2/oauth2-resourceserver.adoc

@@ -1,7 +1,6 @@
 [[oauth2resourceserver]]
 = OAuth 2.0 Resource Server
-:figures: images/servlet/oauth2
-:icondir: images/icons
+:figures: servlet/oauth2
 
 Spring Security supports protecting endpoints using two forms of OAuth 2.0 https://tools.ietf.org/html/rfc6750.html[Bearer Tokens]:
 

docs/modules/ROOT/pages/servlet/saml2/index.adoc

@@ -1,13 +1,12 @@
 [[servlet-saml2]]
 = SAML2
+:figures: servlet/saml2
 
 Spring Security provides comprehensive SAML 2 support.
 This section discusses how to integrate SAML 2 into your servlet based application.
 
 [[servlet-saml2login]]
 == SAML 2.0 Login
-:figures: images/servlet/saml2
-:icondir: images/icons
 
 The SAML 2.0 Login feature provides an application with the capability to act as a SAML 2.0 Relying Party, having users https://wiki.shibboleth.net/confluence/display/CONCEPT/FlowsAndConfig[log in] to the application by using their existing account at a SAML 2.0 Asserting Party (Okta, ADFS, etc).