Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-25 21:42:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removed main src directory (outdated site docs etc)

Browse Source
This commit is contained in:
Luke Taylor 2009-12-08 21:02:47 +00:00
parent 41368870c9
commit e668898ed3
13 changed files with 0 additions and 1857 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

303
src/docbkx/resources/css/html.css
View File

@ -1,303 +0,0 @@
body {
text-align: justify;
margin-right: 2em;
margin-left: 2em;
}
a,
a[accesskey^="h"],
a[accesskey^="n"],
a[accesskey^="u"],
a[accesskey^="p"] {
font-family: Verdana, Arial, helvetica, sans-serif;
font-size: 12px;
color: #003399;
}
a:active {
color: #003399;
}
a:visited {
color: #888888;
}
p {
font-family: Verdana, Arial, sans-serif;
}
dt {
font-family: Verdana, Arial, sans-serif;
font-size: 12px;
}
p, dl, dt, dd, blockquote {
color: #000000;
margin-bottom: 3px;
margin-top: 3px;
padding-top: 0;
}
ol, ul, p {
margin-top: 6px;
margin-bottom: 6px;
}
p, blockquote {
font-size: 90%;
}
p.releaseinfo {
font-size: 100%;
font-weight: bold;
font-family: Verdana, Arial, helvetica, sans-serif;
padding-top: 10px;
}
p.pubdate {
font-size: 120%;
font-weight: bold;
font-family: Verdana, Arial, helvetica, sans-serif;
}
td {
font-size: 80%;
}
td, th, span {
color: #000000;
}
td[width^="40%"] {
font-family: Verdana, Arial, helvetica, sans-serif;
font-size: 12px;
color: #003399;
}
table[summary^="Navigation header"] tbody tr th[colspan^="3"] {
font-family: Verdana, Arial, helvetica, sans-serif;
}
blockquote {
margin-right: 0;
}
h1, h2, h3, h4, h6 {
color: #000000;
font-weight: 500;
margin-top: 0;
padding-top: 14px;
font-family: Verdana, Arial, helvetica, sans-serif;
margin-bottom: 0;
}
h2.title {
font-weight: 800;
margin-bottom: 8px;
}
h2.subtitle {
font-weight: 800;
margin-bottom: 20px;
}
.firstname, .surname {
font-size: 12px;
font-family: Verdana, Arial, helvetica, sans-serif;
}
table {
border-collapse: collapse;
border-spacing: 0;
border: 1px black;
empty-cells: hide;
margin: 10px 0 30px 50px;
width: 90%;
}
div.table {
margin: 30px 0 10px 0;
border: 1px dashed gray;
padding: 10px;
}
div .table-contents table {
border: 1px solid black;
}
div.table > p.title {
padding-left: 10px;
}
table[summary^="Navigation footer"] {
border-collapse: collapse;
border-spacing: 0;
border: 1px black;
empty-cells: hide;
margin: 0px;
width: 100%;
}
table[summary^="Note"],
table[summary^="Warning"],
table[summary^="Tip"] {
border-collapse: collapse;
border-spacing: 0;
border: 1px black;
empty-cells: hide;
margin: 10px 0px 10px -20px;
width: 100%;
}
td {
padding: 4pt;
font-family: Verdana, Arial, helvetica, sans-serif;
}
div.warning TD {
text-align: justify;
}
h1 {
font-size: 150%;
}
h2 {
font-size: 110%;
}
h3 {
font-size: 100%; font-weight: bold;
}
h4 {
font-size: 90%; font-weight: bold;
}
h5 {
font-size: 90%; font-style: italic;
}
h6 {
font-size: 100%; font-style: italic;
}
tt {
font-size: 110%;
font-family: "Courier New", Courier, monospace;
color: #000000;
}
.navheader, .navfooter {
border: none;
}
div.navfooter table {
border-style: dashed;
border-color: gray;
border-width: 1px 1px 1px 1px;
background-color: #cde48d;
}
pre {
font-size: 110%;
padding: 5px;
border-style: solid;
border-width: 1px;
border-color: #CCCCCC;
background-color: #f3f5e9;
}
ul, ol, li {
list-style: disc;
}
hr {
width: 100%;
height: 1px;
background-color: #CCCCCC;
border-width: 0;
padding: 0;
}
.variablelist {
padding-top: 10px;
padding-bottom: 10px;
margin: 0;
}
.term {
font-weight:bold;
}
.mediaobject {
padding-top: 30px;
padding-bottom: 30px;
}
.legalnotice {
font-family: Verdana, Arial, helvetica, sans-serif;
font-size: 12px;
font-style: italic;
}
.sidebar {
float: right;
margin: 10px 0 10px 30px;
padding: 10px 20px 20px 20px;
width: 33%;
border: 1px solid black;
background-color: #F4F4F4;
font-size: 14px;
}
.property {
font-family: "Courier New", Courier, monospace;
}
a code {
font-family: Verdana, Arial, monospace;
font-size: 12px;
}
td code {
font-size: 110%;
}
div.note * td,
div.tip * td,
div.warning * td,
div.calloutlist * td {
text-align: justify;
font-size: 100%;
}
.programlisting {
clear: both;
}
.programlisting .interfacename,
.programlisting .literal,
.programlisting .classname {
font-size: 95%;
}
.title .interfacename,
.title .literal,
.title .classname {
font-size: 130%;
}
/* everything in a <lineannotation/> is displayed in a coloured, comment-like font */
.programlisting * .lineannotation,
.programlisting * .lineannotation * {
color: green;
}
.question * p {
font-size: 100%;
}
.answer * p {
font-size: 100%;
}

418
src/docbkx/resources/xsl/fopdf.xsl
View File

@ -1,418 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
This is the XSL FO (PDF) stylesheet for the Spring reference
documentation.
Thanks are due to Christian Bauer of the Hibernate project
team for writing the original stylesheet upon which this one
is based.
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fo="http://www.w3.org/1999/XSL/Format"
version="1.0">
<xsl:import href="urn:docbkx:stylesheet"/>
<!--###################################################
Custom Title Page
################################################### -->
<xsl:template name="book.titlepage.recto">
<fo:block>
<fo:table table-layout="fixed" width="175mm">
<fo:table-column column-width="175mm"/>
<fo:table-body>
<fo:table-row>
<fo:table-cell text-align="center">
<fo:block>
<fo:block font-family="Helvetica" font-size="24pt" padding-before="10mm">
<xsl:value-of select="bookinfo/title"/>
</fo:block>
</fo:block>
<fo:block font-family="Helvetica" font-size="22pt" padding-before="10mm">
<xsl:value-of select="bookinfo/subtitle"/>
</fo:block>
<fo:block font-family="Helvetica" font-size="12pt" padding="10mm">
<xsl:value-of select="bookinfo/releaseinfo"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-row>
<fo:table-cell text-align="center">
<fo:block font-family="Helvetica" font-size="14pt" padding="10mm">
<xsl:value-of select="bookinfo/pubdate"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
<fo:table-row>
<fo:table-cell text-align="center">
<fo:block font-family="Helvetica" font-size="12pt" padding="10mm">
<xsl:text>Copyright &#xA9; 2005-2007 </xsl:text>
<xsl:for-each select="bookinfo/authorgroup/author">
<xsl:if test="position() > 1">
<xsl:text>, </xsl:text>
</xsl:if>
<xsl:value-of select="firstname"/>
<xsl:text> </xsl:text>
<xsl:value-of select="surname"/>
</xsl:for-each>
</fo:block>
<fo:block font-family="Helvetica" font-size="10pt" padding="1mm">
<xsl:value-of select="bookinfo/legalnotice"/>
</fo:block>
</fo:table-cell>
</fo:table-row>
</fo:table-body>
</fo:table>
</fo:block>
</xsl:template>
<!-- Prevent blank pages in output -->
<xsl:template name="book.titlepage.before.verso">
</xsl:template>
<xsl:template name="book.titlepage.verso">
</xsl:template>
<xsl:template name="book.titlepage.separator">
</xsl:template>
<!--###################################################
Header
################################################### -->
<!-- More space in the center header for long text -->
<xsl:attribute-set name="header.content.properties">
<xsl:attribute name="font-family">
<xsl:value-of select="$body.font.family"/>
</xsl:attribute>
<xsl:attribute name="margin-left">-5em</xsl:attribute>
<xsl:attribute name="margin-right">-5em</xsl:attribute>
</xsl:attribute-set>
<!--###################################################
Custom Footer
################################################### -->
<xsl:template name="footer.content">
<xsl:param name="pageclass" select="''"/>
<xsl:param name="sequence" select="''"/>
<xsl:param name="position" select="''"/>
<xsl:param name="gentext-key" select="''"/>
<xsl:variable name="Version">
<xsl:if test="//releaseinfo">
<xsl:text>Spring Security (</xsl:text>
<xsl:value-of select="//releaseinfo"/>
<xsl:text>)</xsl:text>
</xsl:if>
</xsl:variable>
<xsl:choose>
<xsl:when test="$sequence='blank'">
<xsl:if test="$position = 'center'">
<xsl:value-of select="$Version"/>
</xsl:if>
</xsl:when>
<!-- for double sided printing, print page numbers on alternating sides (of the page) -->
<xsl:when test="$double.sided != 0">
<xsl:choose>
<xsl:when test="$sequence = 'even' and $position='left'">
<fo:page-number/>
</xsl:when>
<xsl:when test="$sequence = 'odd' and $position='right'">
<fo:page-number/>
</xsl:when>
<xsl:when test="$position='center'">
<xsl:value-of select="$Version"/>
</xsl:when>
</xsl:choose>
</xsl:when>
<!-- for single sided printing, print all page numbers on the right (of the page) -->
<xsl:when test="$double.sided = 0">
<xsl:choose>
<xsl:when test="$position='center'">
<xsl:value-of select="$Version"/>
</xsl:when>
<xsl:when test="$position='right'">
<fo:page-number/>
</xsl:when>
</xsl:choose>
</xsl:when>
</xsl:choose>
</xsl:template>
<!--###################################################
Extensions
################################################### -->
<!-- These extensions are required for table printing and other stuff -->
<xsl:param name="use.extensions">1</xsl:param>
<xsl:param name="tablecolumns.extension">0</xsl:param>
<xsl:param name="callout.extensions">1</xsl:param>
<!-- FOP provide only PDF Bookmarks at the moment -->
<xsl:param name="fop.extensions">1</xsl:param>
<!--###################################################
Table Of Contents
################################################### -->
<!-- Generate the TOCs for named components only -->
<xsl:param name="generate.toc">
book toc
</xsl:param>
<!-- Show only Sections up to level 3 in the TOCs -->
<xsl:param name="toc.section.depth">2</xsl:param>
<!-- Dot and Whitespace as separator in TOC between Label and Title-->
<xsl:param name="autotoc.label.separator" select="'. '"/>
<!--###################################################
Paper & Page Size
################################################### -->
<!-- Paper type, no headers on blank pages, no double sided printing -->
<xsl:param name="paper.type" select="'A4'"/>
<xsl:param name="double.sided">0</xsl:param>
<xsl:param name="headers.on.blank.pages">0</xsl:param>
<xsl:param name="footers.on.blank.pages">0</xsl:param>
<!-- Space between paper border and content (chaotic stuff, don't touch) -->
<xsl:param name="page.margin.top">5mm</xsl:param>
<xsl:param name="region.before.extent">10mm</xsl:param>
<xsl:param name="body.margin.top">10mm</xsl:param>
<xsl:param name="body.margin.bottom">15mm</xsl:param>
<xsl:param name="region.after.extent">10mm</xsl:param>
<xsl:param name="page.margin.bottom">0mm</xsl:param>
<xsl:param name="page.margin.outer">18mm</xsl:param>
<xsl:param name="page.margin.inner">18mm</xsl:param>
<!-- No intendation of Titles -->
<xsl:param name="title.margin.left">0pc</xsl:param>
<!--###################################################
Fonts & Styles
################################################### -->
<!-- Left aligned text and no hyphenation -->
<xsl:param name="alignment">justify</xsl:param>
<xsl:param name="hyphenate">false</xsl:param>
<!-- Default Font size -->
<xsl:param name="body.font.master">11</xsl:param>
<xsl:param name="body.font.small">8</xsl:param>
<!-- Line height in body text -->
<xsl:param name="line-height">1.4</xsl:param>
<!-- Monospaced fonts are smaller than regular text -->
<xsl:attribute-set name="monospace.properties">
<xsl:attribute name="font-family">
<xsl:value-of select="$monospace.font.family"/>
</xsl:attribute>
<xsl:attribute name="font-size">0.8em</xsl:attribute>
</xsl:attribute-set>
<!--###################################################
Tables
################################################### -->
<!-- The table width should be adapted to the paper size -->
<xsl:param name="default.table.width">17.4cm</xsl:param>
<!-- Some padding inside tables -->
<xsl:attribute-set name="table.cell.padding">
<xsl:attribute name="padding-left">4pt</xsl:attribute>
<xsl:attribute name="padding-right">4pt</xsl:attribute>
<xsl:attribute name="padding-top">4pt</xsl:attribute>
<xsl:attribute name="padding-bottom">4pt</xsl:attribute>
</xsl:attribute-set>
<!-- Only hairlines as frame and cell borders in tables -->
<xsl:param name="table.frame.border.thickness">0.1pt</xsl:param>
<xsl:param name="table.cell.border.thickness">0.1pt</xsl:param>
<!--###################################################
Labels
################################################### -->
<!-- Label Chapters and Sections (numbering) -->
<xsl:param name="chapter.autolabel">1</xsl:param>
<xsl:param name="section.autolabel" select="1"/>
<xsl:param name="section.label.includes.component.label" select="1"/>
<!--###################################################
Titles
################################################### -->
<!-- Chapter title size -->
<xsl:attribute-set name="chapter.titlepage.recto.style">
<xsl:attribute name="text-align">left</xsl:attribute>
<xsl:attribute name="font-weight">bold</xsl:attribute>
<xsl:attribute name="font-size">
<xsl:value-of select="$body.font.master * 1.8"/>
<xsl:text>pt</xsl:text>
</xsl:attribute>
</xsl:attribute-set>
<!-- Why is the font-size for chapters hardcoded in the XSL FO templates?
Let's remove it, so this sucker can use our attribute-set only... -->
<xsl:template match="title" mode="chapter.titlepage.recto.auto.mode">
<fo:block xmlns:fo="http://www.w3.org/1999/XSL/Format"
xsl:use-attribute-sets="chapter.titlepage.recto.style">
<xsl:call-template name="component.title">
<xsl:with-param name="node" select="ancestor-or-self::chapter[1]"/>
</xsl:call-template>
</fo:block>
</xsl:template>
<!-- Sections 1, 2 and 3 titles have a small bump factor and padding -->
<xsl:attribute-set name="section.title.level1.properties">
<xsl:attribute name="space-before.optimum">0.8em</xsl:attribute>
<xsl:attribute name="space-before.minimum">0.8em</xsl:attribute>
<xsl:attribute name="space-before.maximum">0.8em</xsl:attribute>
<xsl:attribute name="font-size">
<xsl:value-of select="$body.font.master * 1.5"/>
<xsl:text>pt</xsl:text>
</xsl:attribute>
<xsl:attribute name="space-after.optimum">0.1em</xsl:attribute>
<xsl:attribute name="space-after.minimum">0.1em</xsl:attribute>
<xsl:attribute name="space-after.maximum">0.1em</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="section.title.level2.properties">
<xsl:attribute name="space-before.optimum">0.6em</xsl:attribute>
<xsl:attribute name="space-before.minimum">0.6em</xsl:attribute>
<xsl:attribute name="space-before.maximum">0.6em</xsl:attribute>
<xsl:attribute name="font-size">
<xsl:value-of select="$body.font.master * 1.25"/>
<xsl:text>pt</xsl:text>
</xsl:attribute>
<xsl:attribute name="space-after.optimum">0.1em</xsl:attribute>
<xsl:attribute name="space-after.minimum">0.1em</xsl:attribute>
<xsl:attribute name="space-after.maximum">0.1em</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="section.title.level3.properties">
<xsl:attribute name="space-before.optimum">0.4em</xsl:attribute>
<xsl:attribute name="space-before.minimum">0.4em</xsl:attribute>
<xsl:attribute name="space-before.maximum">0.4em</xsl:attribute>
<xsl:attribute name="font-size">
<xsl:value-of select="$body.font.master * 1.0"/>
<xsl:text>pt</xsl:text>
</xsl:attribute>
<xsl:attribute name="space-after.optimum">0.1em</xsl:attribute>
<xsl:attribute name="space-after.minimum">0.1em</xsl:attribute>
<xsl:attribute name="space-after.maximum">0.1em</xsl:attribute>
</xsl:attribute-set>
<!-- Titles of formal objects (tables, examples, ...) -->
<xsl:attribute-set name="formal.title.properties" use-attribute-sets="normal.para.spacing">
<xsl:attribute name="font-weight">bold</xsl:attribute>
<xsl:attribute name="font-size">
<xsl:value-of select="$body.font.master"/>
<xsl:text>pt</xsl:text>
</xsl:attribute>
<xsl:attribute name="hyphenate">false</xsl:attribute>
<xsl:attribute name="space-after.minimum">0.4em</xsl:attribute>
<xsl:attribute name="space-after.optimum">0.6em</xsl:attribute>
<xsl:attribute name="space-after.maximum">0.8em</xsl:attribute>
</xsl:attribute-set>
<!--###################################################
Programlistings
################################################### -->
<!-- Verbatim text formatting (programlistings) -->
<xsl:attribute-set name="monospace.verbatim.properties">
<xsl:attribute name="font-size">
<xsl:value-of select="$body.font.small * 1.0"/>
<xsl:text>pt</xsl:text>
</xsl:attribute>
</xsl:attribute-set>
<xsl:attribute-set name="verbatim.properties">
<xsl:attribute name="space-before.minimum">1em</xsl:attribute>
<xsl:attribute name="space-before.optimum">1em</xsl:attribute>
<xsl:attribute name="space-before.maximum">1em</xsl:attribute>
<xsl:attribute name="border-color">#444444</xsl:attribute>
<xsl:attribute name="border-style">solid</xsl:attribute>
<xsl:attribute name="border-width">0.1pt</xsl:attribute>
<xsl:attribute name="padding-top">0.5em</xsl:attribute>
<xsl:attribute name="padding-left">0.5em</xsl:attribute>
<xsl:attribute name="padding-right">0.5em</xsl:attribute>
<xsl:attribute name="padding-bottom">0.5em</xsl:attribute>
<xsl:attribute name="margin-left">0.5em</xsl:attribute>
<xsl:attribute name="margin-right">0.5em</xsl:attribute>
</xsl:attribute-set>
<!-- Shade (background) programlistings -->
<xsl:param name="shade.verbatim">1</xsl:param>
<xsl:attribute-set name="shade.verbatim.style">
<xsl:attribute name="background-color">#F0F0F0</xsl:attribute>
</xsl:attribute-set>
<!--###################################################
Callouts
################################################### -->
<!-- Use images for callouts instead of (1) (2) (3) -->
<xsl:param name="callout.graphics">0</xsl:param>
<xsl:param name="callout.unicode">1</xsl:param>
<!-- Place callout marks at this column in annotated areas -->
<xsl:param name="callout.defaultcolumn">90</xsl:param>
<!--###################################################
Admonitions
################################################### -->
<!-- Use nice graphics for admonitions -->
<xsl:param name="admon.graphics">'1'</xsl:param>
<!-- <xsl:param name="admon.graphics.path">&admon_gfx_path;</xsl:param> -->
<!--###################################################
Misc
################################################### -->
<!-- Placement of titles -->
<xsl:param name="formal.title.placement">
figure after
example before
equation before
table before
procedure before
</xsl:param>
<!-- Format Variable Lists as Blocks (prevents horizontal overflow) -->
<xsl:param name="variablelist.as.blocks">1</xsl:param>
<!-- The horrible list spacing problems -->
<xsl:attribute-set name="list.block.spacing">
<xsl:attribute name="space-before.optimum">0.8em</xsl:attribute>
<xsl:attribute name="space-before.minimum">0.8em</xsl:attribute>
<xsl:attribute name="space-before.maximum">0.8em</xsl:attribute>
<xsl:attribute name="space-after.optimum">0.1em</xsl:attribute>
<xsl:attribute name="space-after.minimum">0.1em</xsl:attribute>
<xsl:attribute name="space-after.maximum">0.1em</xsl:attribute>
</xsl:attribute-set>
<!--###################################################
colored and hyphenated links
################################################### -->
<xsl:template match="ulink">
<fo:basic-link external-destination="{@url}"
xsl:use-attribute-sets="xref.properties"
text-decoration="underline"
color="blue">
<xsl:choose>
<xsl:when test="count(child::node())=0">
<xsl:value-of select="@url"/>
</xsl:when>
<xsl:otherwise>
<xsl:apply-templates/>
</xsl:otherwise>
</xsl:choose>
</fo:basic-link>
</xsl:template>
</xsl:stylesheet>

93
src/docbkx/resources/xsl/html.xsl
View File

@ -1,93 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
This is the XSL HTML configuration file for the Spring
Reference Documentation.
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fo="http://www.w3.org/1999/XSL/Format"
version="1.0">
<xsl:import href="http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl"/>
<!--###################################################
HTML Settings
################################################### -->
<xsl:param name="html.stylesheet">html.css</xsl:param>
<!-- These extensions are required for table printing and other stuff -->
<xsl:param name="use.extensions">1</xsl:param>
<xsl:param name="tablecolumns.extension">0</xsl:param>
<xsl:param name="callout.extensions">1</xsl:param>
<xsl:param name="graphicsize.extension">0</xsl:param>
<!--###################################################
Table Of Contents
################################################### -->
<!-- Generate the TOCs for named components only -->
<xsl:param name="generate.toc">
book toc
</xsl:param>
<!-- Show only Sections up to level 3 in the TOCs -->
<xsl:param name="toc.section.depth">3</xsl:param>
<!--###################################################
Labels
################################################### -->
<!-- Label Chapters and Sections (numbering) -->
<xsl:param name="chapter.autolabel">1</xsl:param>
<xsl:param name="section.autolabel" select="1"/>
<xsl:param name="section.label.includes.component.label" select="1"/>
<!--###################################################
Callouts
################################################### -->
<!-- Use images for callouts instead of (1) (2) (3) -->
<xsl:param name="callout.graphics">0</xsl:param>
<!-- Place callout marks at this column in annotated areas -->
<xsl:param name="callout.defaultcolumn">90</xsl:param>
<!--###################################################
Admonitions
################################################### -->
<!-- Use nice graphics for admonitions -->
<xsl:param name="admon.graphics">0</xsl:param>
<!--###################################################
Misc
################################################### -->
<!-- Placement of titles -->
<xsl:param name="formal.title.placement">
figure after
example before
equation before
table before
procedure before
</xsl:param>
<!--
<xsl:template match="author" mode="titlepage.mode">
<xsl:if test="name(preceding-sibling::*[1]) = 'author'">
<xsl:text>, </xsl:text>
</xsl:if>
<span class="{name(.)}">
<xsl:call-template name="person.name"/>
<xsl:apply-templates mode="titlepage.mode" select="./contrib"/>
<xsl:apply-templates mode="titlepage.mode" select="./affiliation"/>
</span>
</xsl:template>
<xsl:template match="authorgroup" mode="titlepage.mode">
<div class="{name(.)}">
<h2>Authors</h2>
<p/>
<xsl:apply-templates mode="titlepage.mode"/>
</div>
</xsl:template>
-->
</xsl:stylesheet>

208
src/docbkx/resources/xsl/html_chunk.xsl
View File

@ -1,208 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
This is the XSL HTML configuration file for the Spring Reference Documentation.
-->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
xmlns:fo="http://www.w3.org/1999/XSL/Format"
version="1.0">
<xsl:import href="urn:docbkx:stylesheet"/>
<!--###################################################
HTML Settings
################################################### -->
<xsl:param name="chunk.section.depth">'5'</xsl:param>
<xsl:param name="use.id.as.filename">'1'</xsl:param>
<!-- These extensions are required for table printing and other stuff -->
<xsl:param name="use.extensions">1</xsl:param>
<xsl:param name="tablecolumns.extension">0</xsl:param>
<xsl:param name="callout.extensions">1</xsl:param>
<xsl:param name="graphicsize.extension">0</xsl:param>
<!--###################################################
Table Of Contents
################################################### -->
<!-- Generate the TOCs for named components only -->
<xsl:param name="generate.toc">
book toc
</xsl:param>
<!-- Show only Sections up to level 3 in the TOCs -->
<xsl:param name="toc.section.depth">3</xsl:param>
<!--###################################################
Labels
################################################### -->
<!-- Label Chapters and Sections (numbering) -->
<xsl:param name="chapter.autolabel">1</xsl:param>
<xsl:param name="section.autolabel" select="1"/>
<xsl:param name="section.label.includes.component.label" select="1"/>
<!--###################################################
Callouts
################################################### -->
<!-- Place callout marks at this column in annotated areas -->
<xsl:param name="callout.graphics">1</xsl:param>
<xsl:param name="callout.defaultcolumn">90</xsl:param>
<!--###################################################
Misc
################################################### -->
<!-- Placement of titles -->
<xsl:param name="formal.title.placement">
figure after
example before
equation before
table before
procedure before
</xsl:param>
<xsl:template match="author" mode="titlepage.mode">
<xsl:if test="name(preceding-sibling::*[1]) = 'author'">
<xsl:text>, </xsl:text>
</xsl:if>
<span class="{name(.)}">
<xsl:call-template name="person.name"/>
<xsl:apply-templates mode="titlepage.mode" select="./contrib"/>
<xsl:apply-templates mode="titlepage.mode" select="./affiliation"/>
</span>
</xsl:template>
<xsl:template match="authorgroup" mode="titlepage.mode">
<div class="{name(.)}">
<h2>Authors</h2>
<p/>
<xsl:apply-templates mode="titlepage.mode"/>
</div>
</xsl:template>
<!--###################################################
Headers and Footers
################################################### -->
<!-- let's have a Spring and SpringSource banner across the top of each page -->
<xsl:template name="user.header.navigation">
<div style="background-color:white;border:none;height:73px;border:1px solid black;">
<a style="border:none;" href="http://static.springframework.org/spring-security/site/"
title="The Spring Framework - Spring Web Services">
<img style="border:none;" src="images/xdev-spring_logo.jpg"/>
</a>
<a style="border:none;" href="http://www.springsource.com/" title="SpringSource">
<img style="border:none;position:absolute;padding-top:5px;right:42px;" src="images/s2-banner-rhs.png"/>
</a>
</div>
</xsl:template>
<!-- no other header navigation (prev, next, etc.) -->
<xsl:template name="header.navigation"/>
<xsl:param name="navig.showtitles">1</xsl:param>
<!-- let's have a 'Sponsored by SpringSource' strapline (or somesuch) across the bottom of each page -->
<xsl:template name="footer.navigation">
<xsl:param name="prev" select="/foo"/>
<xsl:param name="next" select="/foo"/>
<xsl:param name="nav.context"/>
<xsl:variable name="home" select="/*[1]"/>
<xsl:variable name="up" select="parent::*"/>
<xsl:variable name="row1" select="count($prev) &gt; 0
or count($up) &gt; 0
or count($next) &gt; 0"/>
<xsl:variable name="row2" select="($prev and $navig.showtitles != 0)
or (generate-id($home) != generate-id(.)
or $nav.context = 'toc')
or ($chunk.tocs.and.lots != 0
and $nav.context != 'toc')
or ($next and $navig.showtitles != 0)"/>
<xsl:if test="$suppress.navigation = '0' and $suppress.footer.navigation = '0'">
<div class="navfooter">
<xsl:if test="$footer.rule != 0">
<hr/>
</xsl:if>
<xsl:if test="$row1 or $row2">
<table width="100%" summary="Navigation footer">
<xsl:if test="$row1">
<tr>
<td width="40%" align="left">
<xsl:if test="count($prev)>0">
<a accesskey="p">
<xsl:attribute name="href">
<xsl:call-template name="href.target">
<xsl:with-param name="object" select="$prev"/>
</xsl:call-template>
</xsl:attribute>
<xsl:call-template name="navig.content">
<xsl:with-param name="direction" select="'prev'"/>
</xsl:call-template>
</a>
</xsl:if>
<xsl:text>&#160;</xsl:text>
</td>
<td width="20%" align="center">
<xsl:choose>
<xsl:when test="$home != . or $nav.context = 'toc'">
<a accesskey="h">
<xsl:attribute name="href">
<xsl:call-template name="href.target">
<xsl:with-param name="object" select="$home"/>
</xsl:call-template>
</xsl:attribute>
<xsl:call-template name="navig.content">
<xsl:with-param name="direction" select="'home'"/>
</xsl:call-template>
</a>
<xsl:if test="$chunk.tocs.and.lots != 0 and $nav.context != 'toc'">
<xsl:text>&#160;|&#160;</xsl:text>
</xsl:if>
</xsl:when>
<xsl:otherwise>&#160;</xsl:otherwise>
</xsl:choose>
<xsl:if test="$chunk.tocs.and.lots != 0 and $nav.context != 'toc'">
<a accesskey="t">
<xsl:attribute name="href">
<xsl:apply-templates select="/*[1]" mode="recursive-chunk-filename">
<xsl:with-param name="recursive" select="true()"/>
</xsl:apply-templates>
<xsl:text>-toc</xsl:text>
<xsl:value-of select="$html.ext"/>
</xsl:attribute>
<xsl:call-template name="gentext">
<xsl:with-param name="key" select="'nav-toc'"/>
</xsl:call-template>
</a>
</xsl:if>
</td>
<td width="40%" align="right">
<xsl:text>&#160;</xsl:text>
<xsl:if test="count($next)>0">
<a accesskey="n">
<xsl:attribute name="href">
<xsl:call-template name="href.target">
<xsl:with-param name="object" select="$next"/>
</xsl:call-template>
</xsl:attribute>
<xsl:call-template name="navig.content">
<xsl:with-param name="direction" select="'next'"/>
</xsl:call-template>
</a>
</xsl:if>
</td>
</tr>
</xsl:if>
<xsl:if test="$row2">
<tr>
<td width="40%" align="left" valign="top">
<xsl:if test="$navig.showtitles != 0">
<xsl:apply-templates select="$prev" mode="object.title.markup"/>
</xsl:if>
<xsl:text>&#160;</xsl:text>
</td>
<td width="20%" align="center">
<span style="color:white;font-size:90%;">
<a href="http://www.springsource.com/"
title="SpringSource">Sponsored by SpringSource
</a>
</span>
</td>
<td width="40%" align="right" valign="top">
<xsl:text>&#160;</xsl:text>
<xsl:if test="$navig.showtitles != 0">
<xsl:apply-templates select="$next" mode="object.title.markup"/>
</xsl:if>
</td>
</tr>
</xsl:if>
</table>
</xsl:if>
</div>
</xsl:if>
</xsl:template>
</xsl:stylesheet>

36
src/site/apt/building.apt
View File

@ -1,36 +0,0 @@
------------------------
Building the Project
------------------------
Building the Project
* Install Maven
This project uses {{{http://maven.apache.org/}Maven}} as a build tool.
We recommend you to install Maven 2.0.8 or greater before trying
the following.
* Check out the source code
To checkout Spring Security from SVN, see our {{{svn-usage.html}SVN Usage}} page.
* Building with Maven
Often people reading this document just want to see if Spring Security will work
for their projects. They want to deploy a sample application, and perhaps play around with the
configuration a bit to see how it works. Assuming you've already checked out the code from subversion,
start up a command prompt and execute the following commands from the directory containing the project source:
+----------------------------------------------------------------------------------------------------------------------+
mvn install
cd samples/contacts
mvn jetty:run
+----------------------------------------------------------------------------------------------------------------------+
This should build the framework library jars, install them to your local Maven repository and run the "contacts"
sample application (JDK 1.5 or later is required). You should then be able to point your browser at
{{{http://localhost:8080/contacts/}}} to use the application.

60
src/site/apt/index.apt
View File

@ -1,60 +0,0 @@
--------------------------------
Spring Security
--------------------------------
Spring Security
Formerly the Acegi Security System for Spring, Spring Security provides powerful and
flexible security solutions for enterprise applications developed using the Spring Framework.
It is a stable and mature product - Acegi Security 1.0.0 was released in May 2006 after more than two and a half
years of use in large production software projects and adopted as an official Spring sub-project on its release.
Spring Security 2.0.0 builds on Acegi Security's solid foundations, adding many new features:
* Simplified namespace-based configuration syntax. Old configurations
could require hundreds of lines of XML but our new convention over configuration
approach ensures that many deployments will now require less than 10 lines.
* OpenID integration, which is the web's emerging single sign on
standard (supported by Google, IBM, Sun, Yahoo and others)
* Windows NTLM support, providing easy enterprise-wide single sign on
against Windows corporate networks
* Support for JSR 250 ("EJB 3") security annotations, delivering a
standards-based model for authorization metadata
* AspectJ pointcut expression language support, allowing developers to
apply cross-cutting security logic across their Spring managed objects
* Substantial improvements to the high-performance domain object
instance security ("ACL") capabilities
* Comprehensive support for RESTful web request authorization, which
works well with Spring 2.5's @MVC model for building RESTful systems
* Long-requested support for groups, hierarchical roles and a user
management API, which all combine to reduce development time and
significantly improve system administration
* An improved, database-backed "remember me" implementation
* Support for portlet authentication out-of-the-box
* Support for additional languages
* Numerous other general improvements, documentation and new samples
* New support for web state and flow transition authorization through
the Spring Web Flow 2.0 release
* New support for visualizing secured methods, plus configuration
auto-completion support in Spring IDE
* Enhanced WSS (formerly WS-Security) support through the Spring Web
Services 1.5 release
* Updated support for CAS single sign-on (CAS 3 is now supported).
~~ TODO: Expand based on original Acegi page to supply full feature set.

237
src/site/apt/namespaces.apt
View File

@ -1,237 +0,0 @@
----------------------------------------
Security Namespace Configuration
----------------------------------------
------------------------
(2007-11-7 draft)
------------------------
Overview
* Summary
Spring Security will make use of Spring 2.0 namespace-based configuration features to allow much more concise
configuration. This document outlines the current state of development and the features that have been
implemented so far and raises points for discussion. The features are still largely experimental and subject to
change.
The {{{http://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk/core/src/main/resources/org/springframework/security/config/}schema files}}
can be found in the core package. For simplicity, a relax NG compact schema (the rnc file) has been used as it is
easier to work with. This is then coverted into a W3C schema using trang.
* Design
The initial aim is to provide a relatively small set of namespace configuration options which capture the most
common uses of framework, especially for inexperienced users who don't require much in the way of customization.
The focus should be mainly on providing high-level components which logically match the different aspects of
securing an application. While it is also useful to have namespace options for simplifying the configuration of
existing framework beans, this is a somewhat orthogonal requirement, with different target users and will be dealt
with separately. Only the most obvious customizations will be implemented to start with. It should also be possible
to add new features without affecting the existing design.
Keeping these aims in mind, the design is largely based around the large-scale dependencies within the framework.
It can be divided up into the following areas:
* <<Web/HTTP Security>> - this is by far the largest and most complex area, consisting of
* Filter chain proxy
* HttpSessionContextIntegrationFilter - special filter which is of key importance.
* The filters which are responsible for most of Spring Security's web application features.
* ExceptionTranslationFilter and FilterSecurityInterceptor - other special filters.
* Authentication entry point(s).
* Concurrent session support (optional).
* Remember-me service (optional).
The only inward dependency here is that the AuthenticationManager must be made aware of the
ConcurrentSessionController (if configured). Apart from this, the other areas of the framework are unaware of
web-related functionality.
* <<Business Object (Method) Security>> - This is currently implemented using a bean decorator within the
business object bean, which is a relatively simple syntax.
* <<AuthenticationManager>> - this is the main dependency of other parts of the framework. The namespace
configuration creates an instance of ProviderManager as required and registers it under a known name. It assumes
that this will be used by all the configured beans. This currently happens automatically. It might be worth
introducing a
---
<security:authentication-manager id="othername"/>
---
element just to allow users to explicitly configure an authentication manager which they can use in other beans.
The additional name could be registered as an alias.
* <<AccessDecisionManager>> - The security interceptors (both for method and http security) require access to
an access decision manager. At the moment a default one is created and used by both, but they should additionally
support the use of an independently configured access manager, based on Id. The standard bean syntax should be
sufficient for the moment.
* <<AuthenticationProviders>> - these can be created individually and register themselves with the authentication
manager. Current namespace options are limited but each provider should be pretty much self-contained and hence
relatively simple to implement. There may be multiple providers within an application so some means of ordering will
be required.
* <<UserDetailsService>> - Closely related to the authentication providers, but often also required by other beans.
Again the implementations should be relatively straightforward. There may be multiple implementations within the
application.
* Http Security
Probably the best starting point here is to look at the {{{http://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security-ns.xml}namespace configuration file}}
which is in use in the tutorial sample application:
+--------------------------------------------------------------------------------------------------------------------
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<security:http>
<security:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<security:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:form-login />
<security:http-basic realm="SpringSecurityTutorialApp" />
<security:logout />
<security:concurrent-session-control maxSessions="1" exceptionIfMaximumExceeded="true"/>
<security:remember-me tokenRepository="tokenRepo"/>
</security:http>
<bean name="tokenRepo" class="org.springframework.security.ui.rememberme.InMemoryTokenRepositoryImpl"/>
<security:authentication-provider>
<security:user-service>
<security:user name="bob" password="bobspassword" authorities="ROLE_SUPERVISOR" />
<security:user name="bill" password="billspassword" authorities="ROLE_A,ROLE_B" />
</security:user-service>
</security:authentication-provider>
</beans>
+--------------------------------------------------------------------------------------------------------------------
** \<security:http /\>
This element groups the other http-specific elements together and has attributes which allow the
session creation strategy to be set. It also allows you to specify the type of pattern that will be used for URL
definitions within the block. This defaults to ``ant'' since this is what users almost always use in practice.
The {{{./spring-security-core/xref/org/springframework/security/config/HttpSecurityBeanDefinitionParser.html}HttpSecurityBeanDefinitionParser}}
class is responsible for handling the contents. It creates a FilterChainProxy
instance, HttpSessionContextIntegrationFilter, FilterSecurityInterceptor and ExceptionTranslationFilter and parses
the child intercept-url elements (see below). It then delegates to separate parsers to handle the contents of other
child elements. These encapsulate the functionality of separate web application concerns which are implemented
by Spring Security and will typically each create a filter and possibly one or more other beans.
Finally a post processor (HttpSecurityConfigPostProcessor) is registered to handle things which can't be done
until the application context has been completed. This includes assembling and ordering the filter chain
and the strategy for selecting which authentication entry point should be used to trigger login. The core
filters now implement Ordered and a standard ordering has been established for them. Other filters in the
context must also implement Ordered to be considered, so it may be necessary to provide an element which can be
used to decorate filter beans to achieve this, if the user can't (or doesn't want to) make their code implement
Ordered explicitly.
** \<security:intercept-url /\>
In a traditional, bean-configured setup, there are several beans which require the use of URL patterns -
FilterChainProxy, FilterSecurityInterceptor and ChannelProcessingFilter. These can now be specified using a
single construct and the appropriate beans created and assembled by the parser. This allows options to be combined
in a more logical fashion without duplication. The user picks the important URLs for their application, defines the
patterns for them and then specifies which filters should be used, what access configuration attributes
the FilterSecurityInterceptor should enforce and if any channel restrictions apply. Only the access decision part
has been implemented. The only option for filters is currently "none", which will omit the URL from the security
filter chain entirely. It's not clear how or if additional filter order customization should be implemented (other
than by allowing Ids to be set on the various child elements). Channel security should be straightforward.
* Method Security
An example use of the \<security:intercept-methods /\> decorator is:
+-----------------------------------------------------------------------------------------------------------------------
<bean id="target" class="org.springframework.security.config.TestBusinessBeanImpl">
<security:intercept-methods>
<security:protect method="org.springframework.security.config.TestBusinessBean.set*" access="ROLE_ADMIN" />
<security:protect method="org.springframework.security.config.TestBusinessBean.get*" access="ROLE_ADMIN,ROLE_USER" />
<security:protect method="org.springframework.security.config.TestBusinessBean.doSomething" access="ROLE_USER" />
</security:intercept-methods>
</bean>
+-----------------------------------------------------------------------------------------------------------------------
Spring's AbstractInterceptorDrivenBeanDefinitionDecorator is used to add a MethodSecurityInterceptor to the bean.
Ideally we would just have the method names here rather than fully-qualified names (any ideas??).
* Authentication Manager and Providers
At least one authentication provider must be defined for things to work. No providers defined as
beans will currently be added to the authentication manager, but this could be done with a post
processor. Alternatively, \<security:authentication-provider /\> could be used round a bean declaration, or
supplied with a reference to a provider bean.
* Configuration of Specific Beans
As mentioned above, it is also useful to be able to use namespaces to simplify the configuration of existing beans,
especially where the existing configuration is complicated. This would typically be done with bean decorators.
An example of this is the simplification of FilterChainProxy configuration.
** FilterChainProxy Configuration
The \<security:filter-chain-map /\> decorator sets the configuration map of paths to filter lists for FilterChainProxy. The
syntax is similar to that described above for the HTTP security features.
+-----------------------------------------------------------------------------------------------------------------------
<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
<sec:filter-chain-map pathType="ant">
<sec:filter-chain pattern="/foo/**" filters="mockFilter"/>
<sec:filter-chain pattern="/some/other/path/**" filters="httpSessionFilter,mockFilter,mockFilter2"/>
<sec:filter-chain pattern="/do/not/filter" filters="none"/>
<sec:filter-chain pattern="/**" filters="sif,apf,mockFilter"/>
</sec:filter-chain-map>
</bean>
+-----------------------------------------------------------------------------------------------------------------------
This kind of functionality can be added as requested/required without having an impact on other areas, so it is of
lower priority than the design of "higher-level" namespace components.
* LDAP Configuration Example
As an example of what is possible in terms of reducing configuration requirements, the \<security:ldap /\>
element is an excellent example of the use of high-level namespace components. It can be used to set up a complete
LDAP authentication provider with or without an external server.
The optional <<<url>>> attribute specifies the URL of an external LDAP server. Without this, it will create
an embedded Apache Directory server instance and attempt to load any ldif files found on the classpath. Doing this
with Spring beans would involve potentially hundreds of lines of configuration and is a difficult task for an
inexperienced user (or indeed any user). Ultimately the user should be able to configure authentication and group
membership strategy, server details (e.g. port number) and the structure of the directory.
{{{http://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk/core/src/main/java/org/springframework/security/config/LdapBeanDefinitionParser.java}LdapBeanDefinitionParser}}
does the parsing work here and there are currently no child elements.

240
src/site/apt/petclinic-tutorial.apt
View File

@ -1,240 +0,0 @@
---------------------------------------------
Tutorial: Adding Security to Spring Petclinic
---------------------------------------------
Tutorial: Adding Security to Spring Petclinic
* Preparation
To complete this tutorial, you will require a servlet container (such as Tomcat)
and a general understanding of using Spring without Spring Security. The Petclinic
sample itself is part of Spring and should help you learn Spring. We suggest you
only try to learn one thing at a time, and start with Spring/Petclinic before
Spring Security.
You will also need to download:
* {{{http://www.springframework.org/download}Spring 2.5.6 with dependencies ZIP file}}
* {{{http://www.springframework.org/download}Spring Security 2.0.4}}
Unzip both files. After unzipping Spring Security, you'll need to unzip the
spring-security-sample-tutorial-2.0.4.war file, because we need some files that are
included within it. After unzipping the war file, you will see a folder called
spring-security-samples-tutorial-2.0.4.
In the code below, we'll refer to the respective unzipped
locations as %spring% and %spring-sec-tutorial% (with the later variable
referring to the unzipped WAR, not the original ZIP). There is no need to setup
any environment variables to complete the tutorial.
* 1st part: Run the Petclinic application without Spring Security
In order to make sure that you work in a stable environment, we will first
set up the Petclinic application, without Spring Security.
** Start Petclinic's database
Start the Hypersonic server:
+------------------------------------------------------
cd %spring%\samples\petclinic\db\hsqldb
server
+------------------------------------------------------
Insert some data:
+------------------------------------------------------
cd %spring%\samples\petclinic
ant setupDB
+------------------------------------------------------
** Build and deploy the Petclinic WAR file
Use Petclinic's Ant build script and deploy to your servlet container:
+------------------------------------------------------
cd %spring%\samples\petclinic
build warfile
copy dist\petclinic.war %TOMCAT_HOME%\webapps
+------------------------------------------------------
Finally, start your container and try to visit the petclinic home page.
You are now able to browse the whole application without any authentication needed
* Second part: set up Spring security
** Add required Spring Security files to Petclinic
We now need to put some extra files into Petclinic.
The following example is based on Windows MS-DOS. It only involves file copy.
We believe you can adapt it easily on any operating system.
+------------------------------------------------------
copy %spring-sec-tutorial%\WEB-INF\applicationContext-security.xml %spring%\samples\petclinic\war\WEB-INF
copy %spring-sec-tutorial%\WEB-INF\lib\spring-security-core-2.0.4.jar %spring%\samples\petclinic\war\WEB-INF\lib
copy %spring-sec-tutorial%\WEB-INF\lib\spring-security-core-tiger-2.0.4.jar %spring%\samples\petclinic\war\WEB-INF\lib
copy %spring-sec-tutorial%\WEB-INF\lib\spring-security-acl-2.0.4.jar %spring%\samples\petclinic\war\WEB-INF\lib
copy %spring-sec-tutorial%\WEB-INF\lib\spring-security-taglibs-2.0.4.jar %spring%\samples\petclinic\war\WEB-INF\lib
copy %spring-sec-tutorial%\WEB-INF\lib\commons-codec-1.3.jar %spring%\samples\petclinic\war\WEB-INF\lib
+------------------------------------------------------
** Configure Petclinic's files
Edit %spring%\samples\petclinic\war\WEB-INF\web.xml. The "contextConfigLocation" specifies Spring configuration files that should be used
by the petclinic application. Locate the "contextConfigLocation" parameter and add a new line into
the existing param-value. Now that we are using Spring Security, It should also declare
applicationContext-security.xml (Spring config file for Spring Security).
The resulting block will look like this:
+------------------------------------------------------
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-jdbc.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
+------------------------------------------------------
Still inside web.xml, insert the following block of code.
It should be inserted right after the </context-param> end-tag.
+------------------------------------------------------
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+------------------------------------------------------
Our last step is to specify which URLs require authorization and which do not. Let's
edit %spring%\samples\petclinic\war\WEB-INF\applicationContext-security.xml.
All URLs ending with '.do' will be protected.
+------------------------------------------------------
<http auto-config="true">
<intercept-url pattern="/*.do" access="ROLE_USER" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</http>
+------------------------------------------------------
** Test
Redeploy your web application. Use the earlier process to do that. Be careful to
ensure that the old Petclinic WAR is replaced by the new Petclinic WAR in your
servlet container.
Finally, start your container and try to visit the home page.
Your request should be intercepted and you will be forced to login.
You can now log in using the usernames and passwords that are documented at the end
of applicationContext-security.xml file.
** Log out
To make it easier to experiment with the application, users should be able to log out of the application.
Edit %spring%\samples\petclinic\war\WEB-INF\jsp\footer.jsp. Add a new "logout" link, as shown:
+------------------------------------------------------
<table class="footer">
<tr>
<td><a href="<c:url value="/welcome.do"/>">Home</a></td>
<td style="text-align:right;color:silver">PetClinic :: a Spring Framework demonstration</td>
<td align="right"><img src="<c:url value="/images/springsource-logo.png"/>"/></td>
<td align="right"><a href="<c:url value="/j_spring_security_logout"/>">Logout</a></td>
</tr>
</table>
+------------------------------------------------------
* Optional Bonus: Securing the Middle Tier
Whilst you've now secured your web requests, you might want to stop users
from being able to add clinic visits unless authorized. We'll make it so
you need to hold ROLE_SUPERVISOR to add a clinic visit.
** protect-pointcut
Finally, we need to declare a protect-pointcut that will hold the security restriction.
Inside %spring%\samples\petclinic\war\WEB-INF\applicationContext-security.xml, update
the global-method-security tag as follows:
+------------------------------------------------------
<global-method-security secured-annotations="enabled">
<protect-pointcut expression="execution(* org.springframework.samples.petclinic.Clinic.storeVisit(..))"
access="ROLE_SUPERVISOR"/>
</global-method-security>
+------------------------------------------------------
Redeploy your web application.
Login as "peter" that does not have the "ROLE_SUPERVISOR" role.
* Click on "Find owners"
* Keep the "last name" field blank and validate
* Select one owner in the list
* Click on "add visit"
* Add a description and validate
Access should be denied.
Now log out and try "rod", who has ROLE_SUPERVISOR. It should be working.
** The "sec" tag-library
To clean things up a bit, you might want to wrap up by hiding the "add visit" link
unless you are authorized to use it. Spring Security provides a tag library to help
you do that. Edit %spring%\samples\petclinic\war\WEB-INF\jsp\owner.jsp (please
make sure that you are opening owner.jsp, not owners.jsp !!). Add
the following line to the top of the file:
+------------------------------------------------------
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
+------------------------------------------------------
Next, scroll down and find the link to "add visit". Modify it as follows:
+------------------------------------------------------
<sec:authorize ifAllGranted="ROLE_SUPERVISOR">
<form method="GET" action="<c:url value="/addVisit.do"/>" name="formVisitPet${pet.id}">
<input type="hidden" name="petId" value="${pet.id}"/>
<p class="submit"><input type="submit" value="Add Visit"/></p>
</form>
</sec:authorize>
+------------------------------------------------------
* What now?
These steps can be applied to your own application. We suggest that you review
the "Suggested Steps" for getting started with Spring
Security on the web site. The suggested steps are optimized for learning Spring Security quickly
and applying it to your own projects. This section also includes realistic time estimates
for each step so you can plan your integration activities.

102
src/site/apt/suggested.apt
View File

@ -1,102 +0,0 @@
--------------------------------
Spring Security Suggested Steps
--------------------------------
Suggested Steps
Presented below are the steps we encourage you to take in order to gain the most
out of Spring Security in a realistic timeframe.
[[1]] First of all, deploy the "Tutorial Sample", which is included in the main distribution
ZIP file. The sample doesn't do a great deal, but it does give you a template that can
be quickly and easily used to integrate into your own project.
Estimated time: 30 minutes.
[[2]] Next, follow the {{{petclinic-tutorial.html}Petclinic Tutorial}}, which
covers how to add Spring Security to the commonly-used Petclinic sample application
that ships with Spring. This will give you a hands-on approach to integrating
Spring Security into your own application.
Estimated time: 1 hour.
[[3]] Next, review the {{{reference.html}Reference Guide}}, and in particular
Part I. It has been designed to give you a solid overview. Go through the beans
defined in the "Tutorial Sample" and understand their main purpose within the overall
framework. Once you understand this, you'll have no difficulty moving on to more
complex examples. You can also experiment in the Petclinic tutorial that you
implemented in the last step.
Estimated time: 1 day.
[[4]] If you have relatively simple security needs, you can probably start to integrate
Spring Security into your application at this point. Just use the "Tutorial Sample"
as your basis (now that you understand how it works). Those with more complicated
requirements should review the "Contacts Sample" application.
This will probably involve deploying <<<spring-security-sample-contacts-filter.war>>>,
which is also included in the release ZIP file.
The purpose of understanding the "Contacts Sample" is to get a better feel for how method
security is implemented, particularly with domain object access control lists. This will
really round-out the rest of the framework for you.
The actual java code
is a completely standard Spring application, except <<<ContactManagerBackend>>>
which shows how we create and delete ACL permissions. The rest of the Java code has no
security awareness, with all security services being declared in the XML files
(don't worry, there aren't any new XML formats to learn: they're all standard Spring IoC container
declarations or the stock-standard <<<web.xml>>>).
~~ The main X ML files to review are TODO: SVN Links:
~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/applicationContext-acegi-security.xml?view=auto">applicationContext-acegi-security.xml</a> (from the filter webapp),
~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-authorization.xml?view=auto">applicationContext-common-authorization.xml</a>,
~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/common/WEB-INF/applicationContext-common-business.xml?view=auto">applicationContext-common-business.xml</a> (just note we add <<<contactManagerSecurity>>> to the services layer target bean), and
~~ <a target="_blank" class="newWindow" href="http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/samples/contacts/src/main/webapp/filter/WEB-INF/web.xml?view=auto">web.xml</a> (from the filter webapp).
The XML definitions are comprehensively discussed in the
{{{reference.html}Reference Guide}}.
Please note the release ZIP files do not include the sample application Java source code. You
will need to download from SVN if you would like to access the Java sources.
Estimated time: 1-2 days.
[[5]]By now you will have a good grasp on how Spring Security works, and all that is left to
do is design your own application's implementation.
We strongly recommend that you start your actual integration with the "Tutorial Sample".
Don't start by integrating with the "Contacts Sample", even if you have complex needs.
Most people reporting problems on the forums do so because of a configuration problem,
as they're trying to make far too many changes at once without really knowing what
they're doing. Instead, make changes one at a time, starting from the bare bones configuration
provided by the "Tutorial Sample".
If you've followed the steps above, and refer back to the
{{{reference.html}Reference Guide}},
{{{http://www.springframework.org}forums}}, and
{{{faq.html}FAQ}}
for help, you'll find it pretty easy to implement Spring Security in your application.
Most importantly, you'll be using a security framework that offers you complete container
portability, flexibility, and community support - without needing to write and maintain your
own code.
Estimated time: 1-5 days.
Please note the time estimates are just that: estimates. They will vary considerably depending
on how much experience you have, particularly with Java and Spring. They will also vary depending
on how complex your intended security-enabled application will be. Some people need to push the domain
object instance access control list capabilities to the maximum, whilst others don't even need anything
beyond web request security. The good thing is Spring Security will either directly support your future
needs, or provide a clearly-defined extension point for addressing them.
We welcome your feedback about how long it has actually taken you to complete each step, so we
can update this page and help new users better assess their project timetables in the future.
Any other tips on what you found helpful in learning Spring Security are also very welcome.

45
src/site/apt/svn-usage.apt
View File

@ -1,45 +0,0 @@
----------------
Subversion Usage
----------------
Subversion Usage
* Web Access
You can browse the Subversion repository at
{{{https://src.springframework.org/svn/spring-security/}}}
* Subversion Access
The code can be checked out anonymously using the subversion command-line client:
+----------------------------------------------------------------------------------------------------------------------+
svn co https://src.springframework.org/svn/spring-security/trunk/ spring-security
+----------------------------------------------------------------------------------------------------------------------+
Note that the above command checks out the trunk source which is the least likely to be stable (although it should
always build correctly with no failing unit tests). If you are a beginner, or are looking for the source for a
specific stable version, you can use a different URL. For example, the following command would check out the 2.0
branch of the code which should only contain bugfixes and minor updates so should be very stable:
+----------------------------------------------------------------------------------------------------------------------+
svn co https://src.springframework.org/svn/spring-security/branches/2.0.x-branch/
+----------------------------------------------------------------------------------------------------------------------+
Specific tagged releases can be checked out from the URL
{{{https://src.springframework.org/svn/spring-security/tags/}}}.
* Nightly Snapshots
If you'd prefer not to use the subversion client directly, please see our
{{{http://s3browse.com/explore/maven.springframework.org/snapshot/org/springframework/security/}downloads page}} for
nightly snapshots. Note that these are taken from the trunk and may not be suitable for new users.

16
src/site/resources/css/site.css
View File

@ -1,16 +0,0 @@
body {
background-color: white;
color: black;
}
.poweredBy {
visibility: hidden;
}
#breadcrumbs {
padding: 3px 10px;
}
#footer {
padding: 3px 10px;
}

42
src/site/site.xml
View File

@ -1,42 +0,0 @@
<?xml version="1.0" encoding="ISO-8859-1"?>
<project name="Spring Security">
<skin>
<groupId>org.springframework.maven.skins</groupId>
<artifactId>maven-spring-skin</artifactId>
<version>1.0.4</version>
</skin>
<publishDate position="left" format="d MMM yyyy"/>
<bannerLeft>
<name>Spring Security</name>
<src>http://www.springframework.org/files/logo.jpg
</src>
<href>http://static.springframework.org/spring-security/
</href>
</bannerLeft>
<body>
<links>
<item name="Spring Framework" href="http://www.springframework.org/"/>
<item name="OWASP" href="http://www.owasp.org/"/>
</links>
<menu name="Overview">
<item name="Home" href="index.html"/>
<item name="Building from Source" href="building.html"/>
<item name="Downloads" href="http://www.springframework.org/download/"/>
</menu>
<menu name="Documentation">
<item name="Suggested Steps" href="suggested.html"/>
<item name="Reference Guide" href="reference.html"/>
<item name="Javadoc API" href="apidocs/index.html"/>
<item name="FAQ" href="faq.html"/>
<item name="JIRA Issue tracker" href="http://jira.springframework.org/browse/SEC"/>
<item name="Road Map" href="http://jira.springframework.org/browse/SEC?report=com.atlassian.jira.plugin.system.project:roadmap-panel"/>
<item name="Community Forum" href="http://forum.springframework.org/forumdisplay.php?f=33"/>
</menu>
<menu ref="reports" name="Reports"/>
</body>
</project>

57
src/site/xdoc/reference.xml
View File

@ -1,57 +0,0 @@
<?xml version="1.0"?>
<!--
* ========================================================================
*
* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* ========================================================================
-->
<document>
<properties>
<title>Reference Documentation</title>
</properties>
<body>
<section name="Reference Documentation">
<subsection name="Overview of the Reference Documentation">
<table>
<tr><th>Document</th><th>Description</th></tr>
<tr>
<td>
<a href="reference/html/springsecurity.html">Reference Guide as HTML</a>
</td>
<td>
The reference guide in a HTML.
</td>
</tr>
<tr>
<td>
<a href="reference/pdf/springsecurity.pdf">Reference Guide PDF</a>
</td>
<td>
The PDF version of the reference guide.
</td>
</tr>
</table>
</subsection>
</section>
</body>
</document>