diff --git a/src/docbkx/resources/css/html.css b/src/docbkx/resources/css/html.css deleted file mode 100644 index 4669bbd337..0000000000 --- a/src/docbkx/resources/css/html.css +++ /dev/null @@ -1,303 +0,0 @@ -body { - text-align: justify; - margin-right: 2em; - margin-left: 2em; -} - -a, -a[accesskey^="h"], -a[accesskey^="n"], -a[accesskey^="u"], -a[accesskey^="p"] { - font-family: Verdana, Arial, helvetica, sans-serif; - font-size: 12px; - color: #003399; -} - -a:active { - color: #003399; -} - -a:visited { - color: #888888; -} - -p { - font-family: Verdana, Arial, sans-serif; -} - -dt { - font-family: Verdana, Arial, sans-serif; - font-size: 12px; -} - -p, dl, dt, dd, blockquote { - color: #000000; - margin-bottom: 3px; - margin-top: 3px; - padding-top: 0; -} - -ol, ul, p { - margin-top: 6px; - margin-bottom: 6px; -} - -p, blockquote { - font-size: 90%; -} - -p.releaseinfo { - font-size: 100%; - font-weight: bold; - font-family: Verdana, Arial, helvetica, sans-serif; - padding-top: 10px; -} - -p.pubdate { - font-size: 120%; - font-weight: bold; - font-family: Verdana, Arial, helvetica, sans-serif; -} - -td { - font-size: 80%; -} - -td, th, span { - color: #000000; -} - -td[width^="40%"] { - font-family: Verdana, Arial, helvetica, sans-serif; - font-size: 12px; - color: #003399; -} - -table[summary^="Navigation header"] tbody tr th[colspan^="3"] { - font-family: Verdana, Arial, helvetica, sans-serif; -} - -blockquote { - margin-right: 0; -} - -h1, h2, h3, h4, h6 { - color: #000000; - font-weight: 500; - margin-top: 0; - padding-top: 14px; - font-family: Verdana, Arial, helvetica, sans-serif; - margin-bottom: 0; -} - -h2.title { - font-weight: 800; - margin-bottom: 8px; -} - -h2.subtitle { - font-weight: 800; - margin-bottom: 20px; -} - -.firstname, .surname { - font-size: 12px; - font-family: Verdana, Arial, helvetica, sans-serif; -} - -table { - border-collapse: collapse; - border-spacing: 0; - border: 1px black; - empty-cells: hide; - margin: 10px 0 30px 50px; - width: 90%; -} - -div.table { - margin: 30px 0 10px 0; - border: 1px dashed gray; - padding: 10px; -} - -div .table-contents table { - border: 1px solid black; -} - -div.table > p.title { - padding-left: 10px; -} - -table[summary^="Navigation footer"] { - border-collapse: collapse; - border-spacing: 0; - border: 1px black; - empty-cells: hide; - margin: 0px; - width: 100%; -} - -table[summary^="Note"], -table[summary^="Warning"], -table[summary^="Tip"] { - border-collapse: collapse; - border-spacing: 0; - border: 1px black; - empty-cells: hide; - margin: 10px 0px 10px -20px; - width: 100%; -} - -td { - padding: 4pt; - font-family: Verdana, Arial, helvetica, sans-serif; -} - -div.warning TD { - text-align: justify; -} - -h1 { - font-size: 150%; -} - -h2 { - font-size: 110%; -} - -h3 { - font-size: 100%; font-weight: bold; -} - -h4 { - font-size: 90%; font-weight: bold; -} - -h5 { - font-size: 90%; font-style: italic; -} - -h6 { - font-size: 100%; font-style: italic; -} - -tt { - font-size: 110%; - font-family: "Courier New", Courier, monospace; - color: #000000; -} - -.navheader, .navfooter { - border: none; -} - -div.navfooter table { - border-style: dashed; - border-color: gray; - border-width: 1px 1px 1px 1px; - background-color: #cde48d; -} - -pre { - font-size: 110%; - padding: 5px; - border-style: solid; - border-width: 1px; - border-color: #CCCCCC; - background-color: #f3f5e9; -} - -ul, ol, li { - list-style: disc; -} - -hr { - width: 100%; - height: 1px; - background-color: #CCCCCC; - border-width: 0; - padding: 0; -} - -.variablelist { - padding-top: 10px; - padding-bottom: 10px; - margin: 0; -} - -.term { - font-weight:bold; -} - -.mediaobject { - padding-top: 30px; - padding-bottom: 30px; -} - -.legalnotice { - font-family: Verdana, Arial, helvetica, sans-serif; - font-size: 12px; - font-style: italic; -} - -.sidebar { - float: right; - margin: 10px 0 10px 30px; - padding: 10px 20px 20px 20px; - width: 33%; - border: 1px solid black; - background-color: #F4F4F4; - font-size: 14px; -} - -.property { - font-family: "Courier New", Courier, monospace; -} - -a code { - font-family: Verdana, Arial, monospace; - font-size: 12px; -} - -td code { - font-size: 110%; -} - -div.note * td, -div.tip * td, -div.warning * td, -div.calloutlist * td { - text-align: justify; - font-size: 100%; -} - -.programlisting { - clear: both; -} - -.programlisting .interfacename, -.programlisting .literal, -.programlisting .classname { - font-size: 95%; -} - -.title .interfacename, -.title .literal, -.title .classname { - font-size: 130%; -} - -/* everything in a is displayed in a coloured, comment-like font */ -.programlisting * .lineannotation, -.programlisting * .lineannotation * { - color: green; -} - -.question * p { - font-size: 100%; -} - -.answer * p { - font-size: 100%; -} diff --git a/src/docbkx/resources/xsl/fopdf.xsl b/src/docbkx/resources/xsl/fopdf.xsl deleted file mode 100644 index 48d251ea9f..0000000000 --- a/src/docbkx/resources/xsl/fopdf.xsl +++ /dev/null @@ -1,418 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Copyright © 2005-2007 - - - , - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -5em - -5em - - - - - - - - - - - Spring Security ( - - ) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1 - 0 - 1 - - 1 - - - - - - book toc - - - - 2 - - - - - - - - - - 0 - 0 - 0 - - - 5mm - 10mm - 10mm - - 15mm - 10mm - 0mm - - 18mm - 18mm - - - 0pc - - - - - justify - false - - - 11 - 8 - - - 1.4 - - - - - - - 0.8em - - - - - - 17.4cm - - - - 4pt - 4pt - 4pt - 4pt - - - - 0.1pt - 0.1pt - - - - - 1 - - - - - - - - left - bold - - - pt - - - - - - - - - - - - - - - 0.8em - 0.8em - 0.8em - - - pt - - 0.1em - 0.1em - 0.1em - - - 0.6em - 0.6em - 0.6em - - - pt - - 0.1em - 0.1em - 0.1em - - - 0.4em - 0.4em - 0.4em - - - pt - - 0.1em - 0.1em - 0.1em - - - - - bold - - - pt - - false - 0.4em - 0.6em - 0.8em - - - - - - - - - pt - - - - - 1em - 1em - 1em - #444444 - solid - 0.1pt - 0.5em - 0.5em - 0.5em - 0.5em - 0.5em - 0.5em - - - - 1 - - #F0F0F0 - - - - - - 0 - 1 - - - 90 - - - - - '1' - - - - - - - figure after - example before - equation before - table before - procedure before - - - - 1 - - - - 0.8em - 0.8em - 0.8em - 0.1em - 0.1em - 0.1em - - - - - - - - - - - - - - - - - diff --git a/src/docbkx/resources/xsl/html.xsl b/src/docbkx/resources/xsl/html.xsl deleted file mode 100644 index 30b845c01e..0000000000 --- a/src/docbkx/resources/xsl/html.xsl +++ /dev/null @@ -1,93 +0,0 @@ - - - - - - - - - html.css - - - 1 - 0 - 1 - 0 - - - - - - book toc - - - - 3 - - - - - 1 - - - - - - - 0 - - - 90 - - - - - 0 - - - - - figure after - example before - equation before - table before - procedure before - - - diff --git a/src/docbkx/resources/xsl/html_chunk.xsl b/src/docbkx/resources/xsl/html_chunk.xsl deleted file mode 100644 index 351ddddd03..0000000000 --- a/src/docbkx/resources/xsl/html_chunk.xsl +++ /dev/null @@ -1,208 +0,0 @@ - - - - - - - '5' - '1' - - 1 - 0 - 1 - 0 - - - - book toc - - - 3 - - - 1 - - - - - 1 - 90 - - - - figure after - example before - equation before - table before - procedure before - - - - , - - - - - - - - -
-

Authors

-

- -

- - - - - - - - - 1 - - - - - - - - - - -
- -
- - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - -   - - - - - - - - - - - - - - -  |  - - -   - - - - - - - - -toc - - - - - - - - -   - - - - - - - - - - - - -
- - - -   - - - Sponsored by SpringSource - - - -   - - - -
- -
- - - diff --git a/src/site/apt/building.apt b/src/site/apt/building.apt deleted file mode 100644 index fe94e9eb8a..0000000000 --- a/src/site/apt/building.apt +++ /dev/null @@ -1,36 +0,0 @@ - ------------------------ - Building the Project - ------------------------ - -Building the Project - -* Install Maven - - This project uses {{{http://maven.apache.org/}Maven}} as a build tool. - We recommend you to install Maven 2.0.8 or greater before trying - the following. - -* Check out the source code - - To checkout Spring Security from SVN, see our {{{svn-usage.html}SVN Usage}} page. - -* Building with Maven - - Often people reading this document just want to see if Spring Security will work - for their projects. They want to deploy a sample application, and perhaps play around with the - configuration a bit to see how it works. Assuming you've already checked out the code from subversion, - start up a command prompt and execute the following commands from the directory containing the project source: - -+----------------------------------------------------------------------------------------------------------------------+ - - mvn install - - cd samples/contacts - - mvn jetty:run - -+----------------------------------------------------------------------------------------------------------------------+ - - This should build the framework library jars, install them to your local Maven repository and run the "contacts" - sample application (JDK 1.5 or later is required). You should then be able to point your browser at - {{{http://localhost:8080/contacts/}}} to use the application. \ No newline at end of file diff --git a/src/site/apt/index.apt b/src/site/apt/index.apt deleted file mode 100644 index 4b60fc80ca..0000000000 --- a/src/site/apt/index.apt +++ /dev/null @@ -1,60 +0,0 @@ - -------------------------------- - Spring Security - -------------------------------- - -Spring Security - - Formerly the Acegi Security System for Spring, Spring Security provides powerful and - flexible security solutions for enterprise applications developed using the Spring Framework. - It is a stable and mature product - Acegi Security 1.0.0 was released in May 2006 after more than two and a half - years of use in large production software projects and adopted as an official Spring sub-project on its release. - - Spring Security 2.0.0 builds on Acegi Security's solid foundations, adding many new features: - - * Simplified namespace-based configuration syntax. Old configurations - could require hundreds of lines of XML but our new convention over configuration - approach ensures that many deployments will now require less than 10 lines. - - * OpenID integration, which is the web's emerging single sign on - standard (supported by Google, IBM, Sun, Yahoo and others) - - * Windows NTLM support, providing easy enterprise-wide single sign on - against Windows corporate networks - - * Support for JSR 250 ("EJB 3") security annotations, delivering a - standards-based model for authorization metadata - - * AspectJ pointcut expression language support, allowing developers to - apply cross-cutting security logic across their Spring managed objects - - * Substantial improvements to the high-performance domain object - instance security ("ACL") capabilities - - * Comprehensive support for RESTful web request authorization, which - works well with Spring 2.5's @MVC model for building RESTful systems - - * Long-requested support for groups, hierarchical roles and a user - management API, which all combine to reduce development time and - significantly improve system administration - - * An improved, database-backed "remember me" implementation - - * Support for portlet authentication out-of-the-box - - * Support for additional languages - - * Numerous other general improvements, documentation and new samples - - * New support for web state and flow transition authorization through - the Spring Web Flow 2.0 release - - * New support for visualizing secured methods, plus configuration - auto-completion support in Spring IDE - - * Enhanced WSS (formerly WS-Security) support through the Spring Web - Services 1.5 release - - * Updated support for CAS single sign-on (CAS 3 is now supported). - - - ~~ TODO: Expand based on original Acegi page to supply full feature set. \ No newline at end of file diff --git a/src/site/apt/namespaces.apt b/src/site/apt/namespaces.apt deleted file mode 100644 index 014fe800fb..0000000000 --- a/src/site/apt/namespaces.apt +++ /dev/null @@ -1,237 +0,0 @@ - ---------------------------------------- - Security Namespace Configuration - ---------------------------------------- - ------------------------ - (2007-11-7 draft) - ------------------------ - - -Overview - - -* Summary - - Spring Security will make use of Spring 2.0 namespace-based configuration features to allow much more concise - configuration. This document outlines the current state of development and the features that have been - implemented so far and raises points for discussion. The features are still largely experimental and subject to - change. - - The {{{http://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk/core/src/main/resources/org/springframework/security/config/}schema files}} - can be found in the core package. For simplicity, a relax NG compact schema (the rnc file) has been used as it is - easier to work with. This is then coverted into a W3C schema using trang. - -* Design - - The initial aim is to provide a relatively small set of namespace configuration options which capture the most - common uses of framework, especially for inexperienced users who don't require much in the way of customization. - The focus should be mainly on providing high-level components which logically match the different aspects of - securing an application. While it is also useful to have namespace options for simplifying the configuration of - existing framework beans, this is a somewhat orthogonal requirement, with different target users and will be dealt - with separately. Only the most obvious customizations will be implemented to start with. It should also be possible - to add new features without affecting the existing design. - - Keeping these aims in mind, the design is largely based around the large-scale dependencies within the framework. - It can be divided up into the following areas: - - * <> - this is by far the largest and most complex area, consisting of - - * Filter chain proxy - - * HttpSessionContextIntegrationFilter - special filter which is of key importance. - - * The filters which are responsible for most of Spring Security's web application features. - - * ExceptionTranslationFilter and FilterSecurityInterceptor - other special filters. - - * Authentication entry point(s). - - * Concurrent session support (optional). - - * Remember-me service (optional). - - The only inward dependency here is that the AuthenticationManager must be made aware of the - ConcurrentSessionController (if configured). Apart from this, the other areas of the framework are unaware of - web-related functionality. - - * <> - This is currently implemented using a bean decorator within the - business object bean, which is a relatively simple syntax. - - * <> - this is the main dependency of other parts of the framework. The namespace - configuration creates an instance of ProviderManager as required and registers it under a known name. It assumes - that this will be used by all the configured beans. This currently happens automatically. It might be worth - introducing a - ---- - ---- - - element just to allow users to explicitly configure an authentication manager which they can use in other beans. - The additional name could be registered as an alias. - - * <> - The security interceptors (both for method and http security) require access to - an access decision manager. At the moment a default one is created and used by both, but they should additionally - support the use of an independently configured access manager, based on Id. The standard bean syntax should be - sufficient for the moment. - - * <> - these can be created individually and register themselves with the authentication - manager. Current namespace options are limited but each provider should be pretty much self-contained and hence - relatively simple to implement. There may be multiple providers within an application so some means of ordering will - be required. - - * <> - Closely related to the authentication providers, but often also required by other beans. - Again the implementations should be relatively straightforward. There may be multiple implementations within the - application. - - -* Http Security - - Probably the best starting point here is to look at the {{{http://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk/samples/tutorial/src/main/webapp/WEB-INF/applicationContext-security-ns.xml}namespace configuration file}} - which is in use in the tutorial sample application: - -+-------------------------------------------------------------------------------------------------------------------- - - - - - - - - - - - - - - - - - - - - - - - - - - - -+-------------------------------------------------------------------------------------------------------------------- - -** \ - - This element groups the other http-specific elements together and has attributes which allow the - session creation strategy to be set. It also allows you to specify the type of pattern that will be used for URL - definitions within the block. This defaults to ``ant'' since this is what users almost always use in practice. - - The {{{./spring-security-core/xref/org/springframework/security/config/HttpSecurityBeanDefinitionParser.html}HttpSecurityBeanDefinitionParser}} - class is responsible for handling the contents. It creates a FilterChainProxy - instance, HttpSessionContextIntegrationFilter, FilterSecurityInterceptor and ExceptionTranslationFilter and parses - the child intercept-url elements (see below). It then delegates to separate parsers to handle the contents of other - child elements. These encapsulate the functionality of separate web application concerns which are implemented - by Spring Security and will typically each create a filter and possibly one or more other beans. - - Finally a post processor (HttpSecurityConfigPostProcessor) is registered to handle things which can't be done - until the application context has been completed. This includes assembling and ordering the filter chain - and the strategy for selecting which authentication entry point should be used to trigger login. The core - filters now implement Ordered and a standard ordering has been established for them. Other filters in the - context must also implement Ordered to be considered, so it may be necessary to provide an element which can be - used to decorate filter beans to achieve this, if the user can't (or doesn't want to) make their code implement - Ordered explicitly. - - -** \ - - In a traditional, bean-configured setup, there are several beans which require the use of URL patterns - - FilterChainProxy, FilterSecurityInterceptor and ChannelProcessingFilter. These can now be specified using a - single construct and the appropriate beans created and assembled by the parser. This allows options to be combined - in a more logical fashion without duplication. The user picks the important URLs for their application, defines the - patterns for them and then specifies which filters should be used, what access configuration attributes - the FilterSecurityInterceptor should enforce and if any channel restrictions apply. Only the access decision part - has been implemented. The only option for filters is currently "none", which will omit the URL from the security - filter chain entirely. It's not clear how or if additional filter order customization should be implemented (other - than by allowing Ids to be set on the various child elements). Channel security should be straightforward. - - -* Method Security - - An example use of the \ decorator is: - -+----------------------------------------------------------------------------------------------------------------------- - - - - - - - - - -+----------------------------------------------------------------------------------------------------------------------- - - Spring's AbstractInterceptorDrivenBeanDefinitionDecorator is used to add a MethodSecurityInterceptor to the bean. - Ideally we would just have the method names here rather than fully-qualified names (any ideas??). - - -* Authentication Manager and Providers - - At least one authentication provider must be defined for things to work. No providers defined as - beans will currently be added to the authentication manager, but this could be done with a post - processor. Alternatively, \ could be used round a bean declaration, or - supplied with a reference to a provider bean. - -* Configuration of Specific Beans - - As mentioned above, it is also useful to be able to use namespaces to simplify the configuration of existing beans, - especially where the existing configuration is complicated. This would typically be done with bean decorators. - An example of this is the simplification of FilterChainProxy configuration. - -** FilterChainProxy Configuration - - The \ decorator sets the configuration map of paths to filter lists for FilterChainProxy. The - syntax is similar to that described above for the HTTP security features. - -+----------------------------------------------------------------------------------------------------------------------- - - - - - - - - - - -+----------------------------------------------------------------------------------------------------------------------- - - This kind of functionality can be added as requested/required without having an impact on other areas, so it is of - lower priority than the design of "higher-level" namespace components. - - - - -* LDAP Configuration Example - - As an example of what is possible in terms of reducing configuration requirements, the \ - element is an excellent example of the use of high-level namespace components. It can be used to set up a complete - LDAP authentication provider with or without an external server. - The optional <<>> attribute specifies the URL of an external LDAP server. Without this, it will create - an embedded Apache Directory server instance and attempt to load any ldif files found on the classpath. Doing this - with Spring beans would involve potentially hundreds of lines of configuration and is a difficult task for an - inexperienced user (or indeed any user). Ultimately the user should be able to configure authentication and group - membership strategy, server details (e.g. port number) and the structure of the directory. - - {{{http://acegisecurity.svn.sourceforge.net/svnroot/acegisecurity/spring-security/trunk/core/src/main/java/org/springframework/security/config/LdapBeanDefinitionParser.java}LdapBeanDefinitionParser}} - does the parsing work here and there are currently no child elements. - - - - - - - - diff --git a/src/site/apt/petclinic-tutorial.apt b/src/site/apt/petclinic-tutorial.apt deleted file mode 100644 index a5e52cd72f..0000000000 --- a/src/site/apt/petclinic-tutorial.apt +++ /dev/null @@ -1,240 +0,0 @@ - --------------------------------------------- - Tutorial: Adding Security to Spring Petclinic - --------------------------------------------- - - -Tutorial: Adding Security to Spring Petclinic - - - -* Preparation - - To complete this tutorial, you will require a servlet container (such as Tomcat) - and a general understanding of using Spring without Spring Security. The Petclinic - sample itself is part of Spring and should help you learn Spring. We suggest you - only try to learn one thing at a time, and start with Spring/Petclinic before - Spring Security. - - - - You will also need to download: - - * {{{http://www.springframework.org/download}Spring 2.5.6 with dependencies ZIP file}} - - * {{{http://www.springframework.org/download}Spring Security 2.0.4}} - - - Unzip both files. After unzipping Spring Security, you'll need to unzip the - spring-security-sample-tutorial-2.0.4.war file, because we need some files that are - included within it. After unzipping the war file, you will see a folder called - spring-security-samples-tutorial-2.0.4. - - In the code below, we'll refer to the respective unzipped - locations as %spring% and %spring-sec-tutorial% (with the later variable - referring to the unzipped WAR, not the original ZIP). There is no need to setup - any environment variables to complete the tutorial. - - -* 1st part: Run the Petclinic application without Spring Security - - In order to make sure that you work in a stable environment, we will first - set up the Petclinic application, without Spring Security. - -** Start Petclinic's database - - Start the Hypersonic server: - -+------------------------------------------------------ -cd %spring%\samples\petclinic\db\hsqldb -server -+------------------------------------------------------ - - Insert some data: - -+------------------------------------------------------ -cd %spring%\samples\petclinic -ant setupDB -+------------------------------------------------------ - -** Build and deploy the Petclinic WAR file - - - Use Petclinic's Ant build script and deploy to your servlet container: - -+------------------------------------------------------ -cd %spring%\samples\petclinic -build warfile -copy dist\petclinic.war %TOMCAT_HOME%\webapps -+------------------------------------------------------ - - Finally, start your container and try to visit the petclinic home page. - You are now able to browse the whole application without any authentication needed - - -* Second part: set up Spring security - -** Add required Spring Security files to Petclinic - - - We now need to put some extra files into Petclinic. - The following example is based on Windows MS-DOS. It only involves file copy. - We believe you can adapt it easily on any operating system. - -+------------------------------------------------------ -copy %spring-sec-tutorial%\WEB-INF\applicationContext-security.xml %spring%\samples\petclinic\war\WEB-INF -copy %spring-sec-tutorial%\WEB-INF\lib\spring-security-core-2.0.4.jar %spring%\samples\petclinic\war\WEB-INF\lib -copy %spring-sec-tutorial%\WEB-INF\lib\spring-security-core-tiger-2.0.4.jar %spring%\samples\petclinic\war\WEB-INF\lib -copy %spring-sec-tutorial%\WEB-INF\lib\spring-security-acl-2.0.4.jar %spring%\samples\petclinic\war\WEB-INF\lib -copy %spring-sec-tutorial%\WEB-INF\lib\spring-security-taglibs-2.0.4.jar %spring%\samples\petclinic\war\WEB-INF\lib -copy %spring-sec-tutorial%\WEB-INF\lib\commons-codec-1.3.jar %spring%\samples\petclinic\war\WEB-INF\lib -+------------------------------------------------------ - - -** Configure Petclinic's files - - Edit %spring%\samples\petclinic\war\WEB-INF\web.xml. The "contextConfigLocation" specifies Spring configuration files that should be used - by the petclinic application. Locate the "contextConfigLocation" parameter and add a new line into - the existing param-value. Now that we are using Spring Security, It should also declare - applicationContext-security.xml (Spring config file for Spring Security). - The resulting block will look like this: - -+------------------------------------------------------ - - - contextConfigLocation - - /WEB-INF/applicationContext-jdbc.xml - /WEB-INF/applicationContext-security.xml - - - -+------------------------------------------------------ - - Still inside web.xml, insert the following block of code. - It should be inserted right after the end-tag. - -+------------------------------------------------------ - - - springSecurityFilterChain - org.springframework.web.filter.DelegatingFilterProxy - - - - springSecurityFilterChain - /* - - -+------------------------------------------------------ - Our last step is to specify which URLs require authorization and which do not. Let's - edit %spring%\samples\petclinic\war\WEB-INF\applicationContext-security.xml. - All URLs ending with '.do' will be protected. - -+------------------------------------------------------ - - - - -+------------------------------------------------------ - -** Test - - Redeploy your web application. Use the earlier process to do that. Be careful to - ensure that the old Petclinic WAR is replaced by the new Petclinic WAR in your - servlet container. - - Finally, start your container and try to visit the home page. - Your request should be intercepted and you will be forced to login. - You can now log in using the usernames and passwords that are documented at the end - of applicationContext-security.xml file. - -** Log out - - To make it easier to experiment with the application, users should be able to log out of the application. - Edit %spring%\samples\petclinic\war\WEB-INF\jsp\footer.jsp. Add a new "logout" link, as shown: - -+------------------------------------------------------ - - - - - - - - -
">HomePetClinic :: a Spring Framework demonstration"/>">Logout
- -+------------------------------------------------------ - - - -* Optional Bonus: Securing the Middle Tier - - Whilst you've now secured your web requests, you might want to stop users - from being able to add clinic visits unless authorized. We'll make it so - you need to hold ROLE_SUPERVISOR to add a clinic visit. - -** protect-pointcut - - Finally, we need to declare a protect-pointcut that will hold the security restriction. - Inside %spring%\samples\petclinic\war\WEB-INF\applicationContext-security.xml, update - the global-method-security tag as follows: - -+------------------------------------------------------ - - - - - -+------------------------------------------------------ - - Redeploy your web application. - Login as "peter" that does not have the "ROLE_SUPERVISOR" role. - - * Click on "Find owners" - - * Keep the "last name" field blank and validate - - * Select one owner in the list - - * Click on "add visit" - - * Add a description and validate - - Access should be denied. - - Now log out and try "rod", who has ROLE_SUPERVISOR. It should be working. - -** The "sec" tag-library - - To clean things up a bit, you might want to wrap up by hiding the "add visit" link - unless you are authorized to use it. Spring Security provides a tag library to help - you do that. Edit %spring%\samples\petclinic\war\WEB-INF\jsp\owner.jsp (please - make sure that you are opening owner.jsp, not owners.jsp !!). Add - the following line to the top of the file: - -+------------------------------------------------------ -<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> -+------------------------------------------------------ - - Next, scroll down and find the link to "add visit". Modify it as follows: - -+------------------------------------------------------ - - -
" name="formVisitPet${pet.id}"> - -

-
- - -+------------------------------------------------------ - -* What now? - - These steps can be applied to your own application. We suggest that you review - the "Suggested Steps" for getting started with Spring - Security on the web site. The suggested steps are optimized for learning Spring Security quickly - and applying it to your own projects. This section also includes realistic time estimates - for each step so you can plan your integration activities. diff --git a/src/site/apt/suggested.apt b/src/site/apt/suggested.apt deleted file mode 100644 index 7509c22dff..0000000000 --- a/src/site/apt/suggested.apt +++ /dev/null @@ -1,102 +0,0 @@ - -------------------------------- - Spring Security Suggested Steps - -------------------------------- - -Suggested Steps - - Presented below are the steps we encourage you to take in order to gain the most - out of Spring Security in a realistic timeframe. - - - [[1]] First of all, deploy the "Tutorial Sample", which is included in the main distribution - ZIP file. The sample doesn't do a great deal, but it does give you a template that can - be quickly and easily used to integrate into your own project. - - Estimated time: 30 minutes. - - - [[2]] Next, follow the {{{petclinic-tutorial.html}Petclinic Tutorial}}, which - covers how to add Spring Security to the commonly-used Petclinic sample application - that ships with Spring. This will give you a hands-on approach to integrating - Spring Security into your own application. - - Estimated time: 1 hour. - - [[3]] Next, review the {{{reference.html}Reference Guide}}, and in particular - Part I. It has been designed to give you a solid overview. Go through the beans - defined in the "Tutorial Sample" and understand their main purpose within the overall - framework. Once you understand this, you'll have no difficulty moving on to more - complex examples. You can also experiment in the Petclinic tutorial that you - implemented in the last step. - - Estimated time: 1 day. - - [[4]] If you have relatively simple security needs, you can probably start to integrate - Spring Security into your application at this point. Just use the "Tutorial Sample" - as your basis (now that you understand how it works). Those with more complicated - requirements should review the "Contacts Sample" application. - This will probably involve deploying <<>>, - which is also included in the release ZIP file. - - The purpose of understanding the "Contacts Sample" is to get a better feel for how method - security is implemented, particularly with domain object access control lists. This will - really round-out the rest of the framework for you. - - The actual java code - is a completely standard Spring application, except <<>> - which shows how we create and delete ACL permissions. The rest of the Java code has no - security awareness, with all security services being declared in the XML files - (don't worry, there aren't any new XML formats to learn: they're all standard Spring IoC container - declarations or the stock-standard <<>>). - -~~ The main X ML files to review are TODO: SVN Links: - -~~ applicationContext-acegi-security.xml (from the filter webapp), -~~ applicationContext-common-authorization.xml, -~~ applicationContext-common-business.xml (just note we add <<>> to the services layer target bean), and -~~ web.xml (from the filter webapp). - - The XML definitions are comprehensively discussed in the - {{{reference.html}Reference Guide}}. - - - Please note the release ZIP files do not include the sample application Java source code. You - will need to download from SVN if you would like to access the Java sources. - - Estimated time: 1-2 days. - - - [[5]]By now you will have a good grasp on how Spring Security works, and all that is left to - do is design your own application's implementation. - - - We strongly recommend that you start your actual integration with the "Tutorial Sample". - Don't start by integrating with the "Contacts Sample", even if you have complex needs. - Most people reporting problems on the forums do so because of a configuration problem, - as they're trying to make far too many changes at once without really knowing what - they're doing. Instead, make changes one at a time, starting from the bare bones configuration - provided by the "Tutorial Sample". - - If you've followed the steps above, and refer back to the - {{{reference.html}Reference Guide}}, - {{{http://www.springframework.org}forums}}, and - {{{faq.html}FAQ}} - for help, you'll find it pretty easy to implement Spring Security in your application. - Most importantly, you'll be using a security framework that offers you complete container - portability, flexibility, and community support - without needing to write and maintain your - own code. - - Estimated time: 1-5 days. - - - Please note the time estimates are just that: estimates. They will vary considerably depending - on how much experience you have, particularly with Java and Spring. They will also vary depending - on how complex your intended security-enabled application will be. Some people need to push the domain - object instance access control list capabilities to the maximum, whilst others don't even need anything - beyond web request security. The good thing is Spring Security will either directly support your future - needs, or provide a clearly-defined extension point for addressing them. - - - We welcome your feedback about how long it has actually taken you to complete each step, so we - can update this page and help new users better assess their project timetables in the future. - Any other tips on what you found helpful in learning Spring Security are also very welcome. diff --git a/src/site/apt/svn-usage.apt b/src/site/apt/svn-usage.apt deleted file mode 100644 index aa263bb236..0000000000 --- a/src/site/apt/svn-usage.apt +++ /dev/null @@ -1,45 +0,0 @@ - ---------------- - Subversion Usage - ---------------- - -Subversion Usage - -* Web Access - - You can browse the Subversion repository at - {{{https://src.springframework.org/svn/spring-security/}}} - -* Subversion Access - - The code can be checked out anonymously using the subversion command-line client: - -+----------------------------------------------------------------------------------------------------------------------+ - - svn co https://src.springframework.org/svn/spring-security/trunk/ spring-security - -+----------------------------------------------------------------------------------------------------------------------+ - - Note that the above command checks out the trunk source which is the least likely to be stable (although it should - always build correctly with no failing unit tests). If you are a beginner, or are looking for the source for a - specific stable version, you can use a different URL. For example, the following command would check out the 2.0 - branch of the code which should only contain bugfixes and minor updates so should be very stable: - -+----------------------------------------------------------------------------------------------------------------------+ - - svn co https://src.springframework.org/svn/spring-security/branches/2.0.x-branch/ - -+----------------------------------------------------------------------------------------------------------------------+ - - Specific tagged releases can be checked out from the URL - {{{https://src.springframework.org/svn/spring-security/tags/}}}. - - - -* Nightly Snapshots - - If you'd prefer not to use the subversion client directly, please see our - {{{http://s3browse.com/explore/maven.springframework.org/snapshot/org/springframework/security/}downloads page}} for - nightly snapshots. Note that these are taken from the trunk and may not be suitable for new users. - - - diff --git a/src/site/resources/css/site.css b/src/site/resources/css/site.css deleted file mode 100644 index 2b9eb4961e..0000000000 --- a/src/site/resources/css/site.css +++ /dev/null @@ -1,16 +0,0 @@ -body { - background-color: white; - color: black; -} - -.poweredBy { - visibility: hidden; -} - -#breadcrumbs { - padding: 3px 10px; -} - -#footer { - padding: 3px 10px; -} diff --git a/src/site/site.xml b/src/site/site.xml deleted file mode 100644 index 3e18f7ee6a..0000000000 --- a/src/site/site.xml +++ /dev/null @@ -1,42 +0,0 @@ - - - - - - org.springframework.maven.skins - maven-spring-skin - 1.0.4 - - - - Spring Security - http://www.springframework.org/files/logo.jpg - - http://static.springframework.org/spring-security/ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/src/site/xdoc/reference.xml b/src/site/xdoc/reference.xml deleted file mode 100644 index 1328fb07ac..0000000000 --- a/src/site/xdoc/reference.xml +++ /dev/null @@ -1,57 +0,0 @@ - - - - - - - - Reference Documentation - - - -
- - - - - - - - - - - - - - -
DocumentDescription
- Reference Guide as HTML - - The reference guide in a HTML. -
- Reference Guide PDF - - The PDF version of the reference guide. -
- -
- -