Polish MVC doc

This commit is contained in:
Rob Winch 2013-12-16 12:30:25 -06:00
parent 374aceed2b
commit f09ce267b3
1 changed files with 17 additions and 1 deletions

View File

@ -5873,10 +5873,26 @@ Refer to the Javadoc for additional integrations with both the Java concurrent A
Spring Security provides a number of optional integrations with Spring MVC. This section covers the integration in further detail.
[[mvc-enablewebmvcsecurity]]
=== @EnableWebMvcSecurity
To enable Spring Security integration with Spring MVC add the `@EnableWebMvcSecurity` annotation to your configuration. A typical example will look something like this:
[source,java]
----
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig {
// ...
}
----
[[mvc-authentication-principal]]
=== @AuthenticationPrincipal
Spring Security provides ability to automatically resolve the current `Authentication.getPrincipal()` for Spring MVC arguments. This means that you can be entirely decoupled from Spring Security in your Spring MVC layer.
Spring Security provides `AuthenticationPrincipalArgumentResolver` which can automatically resolve the current `Authentication.getPrincipal()` for Spring MVC arguments. By using <<mvc-enablewebmvcsecurity>> you will automatically have this added to your Spring MVC configuration. If you use XML based configuraiton, you must add this yourself.
Once `AuthenticationPrincipalArgumentResolver` is properly configured, you can be entirely decoupled from Spring Security in your Spring MVC layer.
Consider a situation where a custom `UserDetailsService` that returns an `Object` that implements `UserDetails` and your own `CustomUser` `Object`. The `CustomUser` of the currently authenticated user could be accessed using the following code: