SEC-2416: Fix Hello MVC guide

2025-05-29 16:22:12 +00:00 · 2013-12-05 15:47:38 -06:00 · 2013-12-05 15:47:38 -06:00 · ec524da6cb
commit ec524da6cb
parent fc6fc19eed
6 changed files with 15 additions and 59 deletions
--- a/docs/guides/src/asciidoc/_hello-includes/basic-authentication.asc
+++ b/docs/guides/src/asciidoc/_hello-includes/basic-authentication.asc
@ -1,22 +0,0 @@
-==== Basic authentication
-
-We stated that Spring Security supported both form and HTTP Basic authentication, but how does Spring Security know when to use one and not the other? When using HTTP Basic, the user should receive a HTTP 401 response, but when we visit our application in our web browser we are redirected to a login page. The reason for this is because Spring Security uses content negotiation to determine which type of authentication to use. For example, if we specified our *Accept* header to be _application/json_ the result would be an HTTP 401.
-
-You can use any tool you prefer (i.e. curl), but the instructions in this section we will use https://www.google.com/intl/en/chrome/browser/[Google Chrome] and the https://chrome.google.com/webstore/detail/postman-rest-client/fdmmgilgnpjigdojojpjoooidkmcomcm?hl=en[Postman - REST Client] to make an _application/json_ request to our application.
-
-* Open Google Chrome and launch the Postman - REST Client extension
-* Enter _http://localhost:8080/sample/_ into the request URL field
-* Select the *Headers* button
-* Enter _Accept_ into the *Header* input 
-* Enter _application/json_ into the *Value* field
-* Presss the *Send* button
-
-Observe that we get an HTTP Status of 401 instead of our redirect. Now lets try entering our user name and password.
-
-* Select the *Basic Auth* tab
-* Enter _user_ for the *Username* 
-* Enter _password_ for the *Password*
-* Click the *Refresh headers* button
-* Click the *Send* button
-
-This time you should see the HTML of our secured page.
--- a/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc
+++ b/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc
@ -52,7 +52,6 @@ The next step is to create a Spring Security configuration.

 * Right click the _spring-security-samples-{starter-appname}_ project the Package Explorer view
 * Select *New->Class*
-* Enter _spring-security-samples-insecuremvc/src/main/java_ for the *Source folder*
 * Enter _org.springframework.security.samples.config_ for the *Package*
 * Enter _SecurityConfig_ for the *Name*
 * Click *Finish*
--- a/docs/guides/src/asciidoc/_hello-includes/setting-up-the-sample.asc
+++ b/docs/guides/src/asciidoc/_hello-includes/setting-up-the-sample.asc
@ -4,38 +4,20 @@ This section outlines how to setup a workspace within STS so that you can follow

 === Obtaining the sample projects

-There are multiple ways in which you can obtain the source. We have highlighted a few ways below:
-
-* <<downloading-from-github>>
-* <<cloning-from-github>>
-
-==== Downloading from github
-
-You can download the source from github.
+The simplest way to obtain the source and the samples is to download the source from github. You can choose from the following downloads:

 * https://github.com/SpringSource/spring-security/archive/master.zip[Development Version]
 * https://github.com/SpringSource/spring-security/releases[Released Versions]

 Extract the zip to a known location and remember it as _SPRING_SECURITY_HOME_. You are now ready to <<import-the-{starter-appname}-sample-application>>

-==== Cloning from github
-
-If you wish you can also obtain the source by cloning from github. For example, if you have a git client installed you can type the following:
-
----
-cd ~/git/
-git clone https://github.com/SpringSource/spring-security.git
----
-
-In this example, the code will be placed at "~/git/spring-security". Remember this location as  _SPRING_SECURITY_HOME_.
-
 === Import the {starter-appname} sample application

 In oder to follow along, we encourage you to import the {starter-appname} sample application into your IDE. You may use any IDE you prefer, but the instructions in the guide will assume you are using Spring Tool Suite (STS).

 TIP: The completed sample application can be found at _SPRING_SECURITY_HOME_/{completed-appname}

-* If you do not have STS installed, download STS from http://www.springsource.org/spring-tool-suite-download For performance reasons, we prefer the release based on Eclipse Juno.
+* If you do not have STS installed, download STS from https://spring.io/tools
 * Start STS and import the sample applications into STS using the following steps:
 ** *File->Import*
 ** *Existing Maven Projects*
@ -50,7 +32,7 @@ In the following exerecise we will be modifying the _spring-security-samples-{st

 * Right click on the _spring-security-samples-{starter-appname}_ application
 * Select *Run As->Run on Server*
-* Select the latest tc Server (i.e. v2.9)
+* Select the latest tc Server
 * Click *Finish*

 include::{verify-starter-app-include}[]
--- a/docs/guides/src/asciidoc/hellomvc.asc
+++ b/docs/guides/src/asciidoc/hellomvc.asc
@ -18,11 +18,11 @@ We have created the Spring Security configuration, but we still need to register
 * Right click the _spring-security-samples-{starter-appname}_ project the Package Explorer view
 * Select *New->Class*
 * Enter _org.springframework.security.samples.config_ for the *Package*
-* Enter _SecurityWebApplicationInitializer_ for the *Name*
+* Enter MessageSecurityWebApplicationInitializer for the *Name*
 * Click *Finish*
 * Replace the file with the following contents:

-.src/main/java/org/springframework/security/samples/config/SecurityWebApplicationInitializer.java
+.src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java
 [source,java]
 ----
 package org.springframework.security.samples.config;
@ -115,15 +115,16 @@ Now that we can view the user name, let's update the application to allow loggin
 [subs="verbatim,quotes"]
 ----
 <div class="nav-collapse collapse">
-  *<c:if test="${pageContext.request.remoteUser != null}">
-    <c:url var="logoutUrl" value="/logout"/>
+  <c:if test="${pageContext.request.remoteUser != null}">
+    *<c:url var="logoutUrl" value="/logout"/>
    <form:form class="navbar-form pull-right" action="${logoutUrl}" method="post">
      <input type="submit" value="Log out" />
-    </form:form>
-  </c:if>*
-  <p class="navbar-text pull-right">
-    <c:out value="${pageContext.request.remoteUser}"/>
-  </p>
+    </form:form>*
+
+    <p class="navbar-text pull-right">
+      <c:out value="${pageContext.request.remoteUser}"/>
+    </p>
+  </c:if>
  <ul class="nav">
    <c:url var="inboxUrl" value="/"/>
    <li><a href="${inboxUrl}">Inbox</a></li>
@ -139,8 +140,6 @@ In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request

 Refresh the page at http://localhost:8080/sample/ and you will see the log out button. Click the button and see that the application logs you out successfully.

-include::{include-dir}/basic-authentication.asc[]
-
 == Conclusion

 You should now now how to secure your application using Spring Security without using any XML. Next, we will see how to link:form.html[customize our login form].
--- a/docs/guides/src/asciidoc/helloworld.asc
+++ b/docs/guides/src/asciidoc/helloworld.asc
@ -97,8 +97,6 @@ In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request

 Refresh the page at http://localhost:8080/sample/ and you will see the log out button. Click the logout button and see that the application logs you out successfully.

-include::{include-dir}/basic-authentication.asc[]
-
 == Conclusion

 You should now now how to secure your application using Spring Security without using any XML.
--- a/samples/insecuremvc/src/main/webapp/WEB-INF/decorators/main.jsp
+++ b/samples/insecuremvc/src/main/webapp/WEB-INF/decorators/main.jsp
@ -103,13 +103,13 @@
            <c:url var="logoUrl" value="/resources/img/logo.png"/>
            <a class="brand" href="${homeUrl}"><img src="${logoUrl}" alt="Spring Security Sample"/></a>
            <div class="nav-collapse collapse">
-              <c:if test="${pageContext.request.remoteUser != null}">
+             <!-- <c:if test="${pageContext.request.remoteUser != null}">
                  <c:url var="logoutUrl" value="/logout"/>
                  <form:form class="navbar-form pull-right" action="${logoutUrl}" method="post"><input type="submit" value="Log out" /></form:form>
                  <p class="navbar-text pull-right">
                    <c:out value="${pageContext.request.remoteUser}"/>
                  </p>
-              </c:if>
+              </c:if> -->
              <ul class="nav">
                <c:url var="inboxUrl" value="/"/>
                <li><a href="${inboxUrl}">Inbox</a></li>