diff --git a/docs/guides/src/asciidoc/_hello-includes/basic-authentication.asc b/docs/guides/src/asciidoc/_hello-includes/basic-authentication.asc deleted file mode 100644 index 884e3da011..0000000000 --- a/docs/guides/src/asciidoc/_hello-includes/basic-authentication.asc +++ /dev/null @@ -1,22 +0,0 @@ -==== Basic authentication - -We stated that Spring Security supported both form and HTTP Basic authentication, but how does Spring Security know when to use one and not the other? When using HTTP Basic, the user should receive a HTTP 401 response, but when we visit our application in our web browser we are redirected to a login page. The reason for this is because Spring Security uses content negotiation to determine which type of authentication to use. For example, if we specified our *Accept* header to be _application/json_ the result would be an HTTP 401. - -You can use any tool you prefer (i.e. curl), but the instructions in this section we will use https://www.google.com/intl/en/chrome/browser/[Google Chrome] and the https://chrome.google.com/webstore/detail/postman-rest-client/fdmmgilgnpjigdojojpjoooidkmcomcm?hl=en[Postman - REST Client] to make an _application/json_ request to our application. - -* Open Google Chrome and launch the Postman - REST Client extension -* Enter _http://localhost:8080/sample/_ into the request URL field -* Select the *Headers* button -* Enter _Accept_ into the *Header* input -* Enter _application/json_ into the *Value* field -* Presss the *Send* button - -Observe that we get an HTTP Status of 401 instead of our redirect. Now lets try entering our user name and password. - -* Select the *Basic Auth* tab -* Enter _user_ for the *Username* -* Enter _password_ for the *Password* -* Click the *Refresh headers* button -* Click the *Send* button - -This time you should see the HTML of our secured page. diff --git a/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc b/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc index ef8790e80c..f7d6c0f5cf 100644 --- a/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc +++ b/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc @@ -52,7 +52,6 @@ The next step is to create a Spring Security configuration. * Right click the _spring-security-samples-{starter-appname}_ project the Package Explorer view * Select *New->Class* -* Enter _spring-security-samples-insecuremvc/src/main/java_ for the *Source folder* * Enter _org.springframework.security.samples.config_ for the *Package* * Enter _SecurityConfig_ for the *Name* * Click *Finish* diff --git a/docs/guides/src/asciidoc/_hello-includes/setting-up-the-sample.asc b/docs/guides/src/asciidoc/_hello-includes/setting-up-the-sample.asc index dcdf5803d6..164b23cdf4 100644 --- a/docs/guides/src/asciidoc/_hello-includes/setting-up-the-sample.asc +++ b/docs/guides/src/asciidoc/_hello-includes/setting-up-the-sample.asc @@ -4,38 +4,20 @@ This section outlines how to setup a workspace within STS so that you can follow === Obtaining the sample projects -There are multiple ways in which you can obtain the source. We have highlighted a few ways below: - -* <> -* <> - -==== Downloading from github - -You can download the source from github. +The simplest way to obtain the source and the samples is to download the source from github. You can choose from the following downloads: * https://github.com/SpringSource/spring-security/archive/master.zip[Development Version] * https://github.com/SpringSource/spring-security/releases[Released Versions] Extract the zip to a known location and remember it as _SPRING_SECURITY_HOME_. You are now ready to <> -==== Cloning from github - -If you wish you can also obtain the source by cloning from github. For example, if you have a git client installed you can type the following: - ----- -cd ~/git/ -git clone https://github.com/SpringSource/spring-security.git ----- - -In this example, the code will be placed at "~/git/spring-security". Remember this location as _SPRING_SECURITY_HOME_. - === Import the {starter-appname} sample application In oder to follow along, we encourage you to import the {starter-appname} sample application into your IDE. You may use any IDE you prefer, but the instructions in the guide will assume you are using Spring Tool Suite (STS). TIP: The completed sample application can be found at _SPRING_SECURITY_HOME_/{completed-appname} -* If you do not have STS installed, download STS from http://www.springsource.org/spring-tool-suite-download For performance reasons, we prefer the release based on Eclipse Juno. +* If you do not have STS installed, download STS from https://spring.io/tools * Start STS and import the sample applications into STS using the following steps: ** *File->Import* ** *Existing Maven Projects* @@ -50,7 +32,7 @@ In the following exerecise we will be modifying the _spring-security-samples-{st * Right click on the _spring-security-samples-{starter-appname}_ application * Select *Run As->Run on Server* -* Select the latest tc Server (i.e. v2.9) +* Select the latest tc Server * Click *Finish* include::{verify-starter-app-include}[] diff --git a/docs/guides/src/asciidoc/hellomvc.asc b/docs/guides/src/asciidoc/hellomvc.asc index 82e2500b2e..4d3ebb9a7c 100644 --- a/docs/guides/src/asciidoc/hellomvc.asc +++ b/docs/guides/src/asciidoc/hellomvc.asc @@ -18,11 +18,11 @@ We have created the Spring Security configuration, but we still need to register * Right click the _spring-security-samples-{starter-appname}_ project the Package Explorer view * Select *New->Class* * Enter _org.springframework.security.samples.config_ for the *Package* -* Enter _SecurityWebApplicationInitializer_ for the *Name* +* Enter MessageSecurityWebApplicationInitializer for the *Name* * Click *Finish* * Replace the file with the following contents: -.src/main/java/org/springframework/security/samples/config/SecurityWebApplicationInitializer.java +.src/main/java/org/springframework/security/samples/config/MessageSecurityWebApplicationInitializer.java [source,java] ---- package org.springframework.security.samples.config; @@ -115,15 +115,16 @@ Now that we can view the user name, let's update the application to allow loggin [subs="verbatim,quotes"] ----
- * - + + * - - * -

- -

+ * + +

+ +

+
  • Inbox
    • @@ -139,8 +140,6 @@ In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request Refresh the page at http://localhost:8080/sample/ and you will see the log out button. Click the button and see that the application logs you out successfully. -include::{include-dir}/basic-authentication.asc[] - == Conclusion You should now now how to secure your application using Spring Security without using any XML. Next, we will see how to link:form.html[customize our login form]. diff --git a/docs/guides/src/asciidoc/helloworld.asc b/docs/guides/src/asciidoc/helloworld.asc index f1378c433d..cf7c4d6406 100644 --- a/docs/guides/src/asciidoc/helloworld.asc +++ b/docs/guides/src/asciidoc/helloworld.asc @@ -97,8 +97,6 @@ In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request Refresh the page at http://localhost:8080/sample/ and you will see the log out button. Click the logout button and see that the application logs you out successfully. -include::{include-dir}/basic-authentication.asc[] - == Conclusion You should now now how to secure your application using Spring Security without using any XML. diff --git a/samples/insecuremvc/src/main/webapp/WEB-INF/decorators/main.jsp b/samples/insecuremvc/src/main/webapp/WEB-INF/decorators/main.jsp index 29e25eb9d0..4e19966a33 100644 --- a/samples/insecuremvc/src/main/webapp/WEB-INF/decorators/main.jsp +++ b/samples/insecuremvc/src/main/webapp/WEB-INF/decorators/main.jsp @@ -103,13 +103,13 @@ Spring Security Sample
    - +