Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix some list punctuation and capitalization in docs

This commit is contained in:
Dmitriy Bogdanov 2021-09-15 13:37:26 +04:00 committed by Josh Cummings
parent 31a8f8c4df
commit fe274e7553
3 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/manual/src/docs/asciidoc/_includes/about/authentication/password-storage.adoc
View File

@ -55,7 +55,7 @@ Based upon the <<authentication-password-storage-history,Password History>> sect
However, this ignores three real world problems:
- There are many applications using old password encodings that cannot easily migrate
- The best practice for password storage will change again.
- The best practice for password storage will change again
- As a framework Spring Security cannot make breaking changes frequently
Instead Spring Security introduces `DelegatingPasswordEncoder` which solves all of the problems by:

2
docs/manual/src/docs/asciidoc/_includes/servlet/authentication/architecture/authentication.adoc
View File

@ -12,7 +12,7 @@ The `Authentication` contains:
* `principal` - identifies the user.
When authenticating with a username/password this is often an instance of <<servlet-authentication-userdetails,`UserDetails`>>.
* `credentials` - Often a password.
* `credentials` - often a password.
In many cases this will be cleared after the user is authenticated to ensure it is not leaked.
* `authorities` - the <<servlet-authentication-granted-authority,``GrantedAuthority``s>> are high level permissions the user is granted.
A few examples are roles or scopes.

16
docs/manual/src/docs/asciidoc/_includes/servlet/authentication/index.adoc
View File

@ -10,12 +10,12 @@ This section discusses:
This section describes the main architectural components of Spring Security's used in Servlet authentication.
If you need concrete flows that explain how these pieces fit together, look at the <<servlet-authentication-mechanisms,Authentication Mechanism>> specific sections.
* <<servlet-authentication-securitycontextholder>> - The `SecurityContextHolder` is where Spring Security stores the details of who is <<authentication,authenticated>>.
* <<servlet-authentication-securitycontextholder>> - the `SecurityContextHolder` is where Spring Security stores the details of who is <<authentication,authenticated>>.
* <<servlet-authentication-securitycontext>> - is obtained from the `SecurityContextHolder` and contains the `Authentication` of the currently authenticated user.
* <<servlet-authentication-authentication>> - Can be the input to `AuthenticationManager` to provide the credentials a user has provided to authenticate or the current user from the `SecurityContext`.
* <<servlet-authentication-granted-authority>> - An authority that is granted to the principal on the `Authentication` (i.e. roles, scopes, etc.)
* <<servlet-authentication-authenticationmanager>> - the API that defines how Spring Security's Filters perform <<authentication,authentication>>.
* <<servlet-authentication-providermanager>> - the most common implementation of `AuthenticationManager`.
* <<servlet-authentication-authentication>> - can be the input to `AuthenticationManager` to provide the credentials a user has provided to authenticate or the current user from the `SecurityContext`.
* <<servlet-authentication-granted-authority>> - an authority that is granted to the principal on the `Authentication` (i.e. roles, scopes, etc.)
* <<servlet-authentication-authenticationmanager>> - the API that defines how Spring Security's Filters perform <<authentication,authentication>>.
* <<servlet-authentication-providermanager>> - the most common implementation of `AuthenticationManager`.
* <<servlet-authentication-authenticationprovider>> - used by `ProviderManager` to perform a specific type of authentication.
* <<servlet-authentication-authenticationentrypoint>> - used for requesting credentials from a client (i.e. redirecting to a log in page, sending a `WWW-Authenticate` response, etc.)
* <<servlet-authentication-abstractprocessingfilter>> - a base `Filter` used for authentication.
@ -30,10 +30,10 @@ This also gives a good idea of the high level flow of authentication and how pie
* <<oauth2login,OAuth 2.0 Login>> - OAuth 2.0 Log In with OpenID Connect and non-standard OAuth 2.0 Login (i.e. GitHub)
* <<servlet-saml2,SAML 2.0 Login>> - SAML 2.0 Log In
* <<servlet-cas,Central Authentication Server (CAS)>> - Central Authentication Server (CAS) Support
* <<servlet-rememberme, Remember Me>> - How to remember a user past session expiration
* <<servlet-jaas, JAAS Authentication>> - Authenticate with JAAS
* <<servlet-rememberme, Remember Me>> - how to remember a user past session expiration
* <<servlet-jaas, JAAS Authentication>> - authenticate with JAAS
* <<servlet-openid,OpenID>> - OpenID Authentication (not to be confused with OpenID Connect)
* <<servlet-preauth>> - Authenticate with an external mechanism such as https://www.siteminder.com/[SiteMinder] or Java EE security but still use Spring Security for authorization and protection against common exploits.
* <<servlet-preauth>> - authenticate with an external mechanism such as https://www.siteminder.com/[SiteMinder] or Java EE security but still use Spring Security for authorization and protection against common exploits.
* <<servlet-x509,X509 Authentication>> - X509 Authentication
// FIXME: Add other mechanisms