Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-04-04 22:39:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Polish Guides

Browse Source
This commit is contained in:
Rob Winch 2013-12-06 11:12:07 -06:00
parent ec524da6cb
commit feeb380b51
18 changed files with 153 additions and 101 deletions

1
build.gradle

@ -10,6 +10,7 @@ buildscript {
classpath("org.gradle.api.plugins:gradle-tomcat-plugin:0.9.8")
classpath('me.champeau.gradle:gradle-javadoc-hotfix-plugin:0.1')
classpath('org.asciidoctor:asciidoctor-gradle-plugin:0.7.0')
classpath('org.asciidoctor:asciidoctor-java-integration:0.1.4.preview.1')
}
}

21
docs/guides/build.gradle

@ -1,6 +1,7 @@
apply plugin: 'asciidoctor'
asciidoctor {
baseDir = file('src/asciidoc')
options = [
eruby: 'erubis',
eruby: 'erubis',
@ -9,11 +10,14 @@ asciidoctor {
icons : 'font',
'source-highlighter': 'prettify',
sectanchors : '',
toc2: '',
toc: '',
'toc-placement' : 'preamble',
idprefix: '',
idseparator: '-',
doctype: 'book',
'spring-security-version' : project.version,
'download-url' : getDownloadUrl(),
'include-maven-repository' : getMavenRepositoryInclude(),
revnumber : project.version
]
]
@ -24,4 +28,19 @@ ext.spec = copySpec {
from(asciidoctor.outputDir)
exclude 'build', 'Guardfile'
}
}
def getDownloadUrl() {
snapshotBuild ? "https://github.com/SpringSource/spring-security/archive/master.zip" : "https://github.com/spring-projects/spring-security/archive/${project.version}.zip"
}
def getMavenRepositoryInclude() {
if(snapshotBuild) {
return "_includes/maven-repository-snapshot.asc"
} else if(releaseBuild) {
return "_includes/maven-repository-release.asc"
} else {
return "_includes/maven-repository-milestone.asc"
}
}

5
docs/guides/src/asciidoc/Guardfile

@ -3,7 +3,10 @@ require 'erb'
guard 'shell' do
watch(/^.*\.asc$/) {|m|
Asciidoctor.render_file(m[0], :to_dir => "build/", :safe => Asciidoctor::SafeMode::UNSAFE, :attributes=> {'toc' => '', 'idprefix' => '', 'idseparator' => '-', 'copycss' => '', 'icons' => 'font', 'source-highlighter' => 'prettify', 'sectanchors' => '', 'toc-placement' => 'preamble', 'spring-security-version' => '3.2.0.CI-SNAPSHOT', 'revnumber' => '3.2.0.CI-SNAPSHOT' })
Asciidoctor.render_file(m[0], :to_dir => "build/", :safe => Asciidoctor::SafeMode::UNSAFE, :attributes=> {'toc' => '', 'idprefix' => '', 'idseparator' => '-', 'copycss' => '', 'icons' => 'font', 'source-highlighter' => 'prettify', 'sectanchors' => '', 'toc-placement' => 'preamble', 'revnumber' => '3.2.0.CI-SNAPSHOT',
'spring-security-version' => '3.2.0.CI-SNAPSHOT',
'download-url' => 'https://github.com/SpringSource/spring-security/archive/master.zip',
'include-maven-repository' => '_includes/maven-repository-snapshot.asc' })
}
end

2
docs/guides/src/asciidoc/_hello-includes/exploring-the-secured-application.asc

@ -16,4 +16,4 @@ You should see an error message stating that authentication failed. Now try ente
You should now see the page that we wanted to secure.
NOTE: The reason we can successfully authenticate with *Username* _user_ and *Password* _password_ is because that is what we configured in our <<security-config-java,`SecurityConfig`>>.
NOTE: The reason we can successfully authenticate with *Username* _user_ and *Password* _password_ is because that is what we configured in our <<security-config-java,SecurityConfig>>.

19
docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc

@ -4,22 +4,9 @@ Before securing your application, it is important to ensure that the existing ap
=== Updating your dependencies
You will need to ensure you have added the dependencies. Spring Security milestones and release candidates are available in the https://github.com/SpringSource/spring-framework/wiki/SpringSource-repository-FAQ[Spring Milestone Repository]. In short, if you are using Maven and using a milestone or release candidates ensure you have the following repository in your pom.xml:
include::../{include-maven-repository}[]
.pom.xml
[source,xml]
----
<repositories>
<!-- ... possibly other repository elements ... -->
<repository>
<id>spring-libs-milestone</id>
<name>Spring Milestone Repository</name>
<url>http://repo.springsource.org/milestone</url>
</repository>
</repositories>
----
You will then need to include the Spring Security dependencies
In order to use Spring Security you must add the necessary dependencies. For the sample we will add the following Spring Security dependencies:
.pom.xml
[source,xml]
@ -83,7 +70,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
----
[[servlet-api-integration]]
The <<security-config-java,`SecurityConfig`>> will:
The <<security-config-java,SecurityConfig>> will:
* Require authentication to every URL in your application
* Generate a login form for you

43
docs/guides/src/asciidoc/_hello-includes/setting-up-the-sample.asc

@ -1,43 +0,0 @@
== Setting up the sample
This section outlines how to setup a workspace within STS so that you can follow along with this guide. The next section outlines generic steps for how to apply Spring Security to your existing application. While you could simply apply the steps to your existing application, we encourage you to follow along with this guide as is to reduce the complexity.
=== Obtaining the sample projects
The simplest way to obtain the source and the samples is to download the source from github. You can choose from the following downloads:
* https://github.com/SpringSource/spring-security/archive/master.zip[Development Version]
* https://github.com/SpringSource/spring-security/releases[Released Versions]
Extract the zip to a known location and remember it as _SPRING_SECURITY_HOME_. You are now ready to <<import-the-{starter-appname}-sample-application>>
=== Import the {starter-appname} sample application
In oder to follow along, we encourage you to import the {starter-appname} sample application into your IDE. You may use any IDE you prefer, but the instructions in the guide will assume you are using Spring Tool Suite (STS).
TIP: The completed sample application can be found at _SPRING_SECURITY_HOME_/{completed-appname}
* If you do not have STS installed, download STS from https://spring.io/tools
* Start STS and import the sample applications into STS using the following steps:
** *File->Import*
** *Existing Maven Projects*
** Click *Next >*
** Click *Browse...*
** Navigate to the samples (i.e. _SPRING_SECURITY_HOME_/samples/{starter-appname}) and click *OK*
** Click *Finish*
=== Running the {starter-appname} application
In the following exerecise we will be modifying the _spring-security-samples-{starter-appname}_ application. Before we make any changes, it is best to verify that the sample works properly. Perform the following steps to ensure that _spring-security-samples-{starter-appname}_ works.
* Right click on the _spring-security-samples-{starter-appname}_ application
* Select *Run As->Run on Server*
* Select the latest tc Server
* Click *Finish*
include::{verify-starter-app-include}[]
Once you have verified the application runs, stop the application server using the following steps:
* In the Servers view select the latest tc Server
* Click the stop button (a red square) to stop the application server

1
docs/guides/src/asciidoc/_hello-includes/verify-insecure-app.asc

@ -1 +0,0 @@
A page stating *TODO Secure this* should be displayed at http://localhost:8080/sample/

5
docs/guides/src/asciidoc/_hello-includes/verify-insecuremvc-app.asc

@ -1,5 +0,0 @@
Verify the application is working:
* A page displaying a user's inbox can be seen at http://localhost:8080/sample/
* Try clicking on the Compose link and creating a message. The message details should be displayed.
* Now click on the Inbox link and see the message listed. You can click on the summary link to see the details displayed again.

14
docs/guides/src/asciidoc/_includes/maven-repository-milestone.asc Normal file

@ -0,0 +1,14 @@
In order to resolve Spring Security milestones and release candidates add the Spring Milestone repository as shown below:
.pom.xml
[source,xml]
----
<repositories>
<!-- ... possibly other repository elements ... -->
<repository>
<id>spring-milestone</id>
<name>Spring Milestone Repository</name>
<url>https://repo.spring.io/milestone</url>
</repository>
</repositories>
----

1
docs/guides/src/asciidoc/_includes/maven-repository-release.asc Normal file

@ -0,0 +1 @@
Spring Security GA releases are included within Maven Central, so no additional Maven repositories are necessary.

14
docs/guides/src/asciidoc/_includes/maven-repository-snapshot.asc Normal file

@ -0,0 +1,14 @@
In order to resolve Spring Security SNAPSHOT dependencies add the Spring Snapshot repository as shown below:
.pom.xml
[source,xml]
----
<repositories>
<!-- ... possibly other repository elements ... -->
<repository>
<id>spring-snapshot</id>
<name>Spring Snapshot Repository</name>
<url>https://repo.spring.io/snapshot</url>
</repository>
</repositories>
----

40
docs/guides/src/asciidoc/_includes/setting-up-the-sample.asc Normal file

@ -0,0 +1,40 @@
////
Variables:
starter-appname: the name of the module users should start with to complete the excercise
completed-appname: the name of the module that contains the completed application
download-url: the URL to download the Spring Security distribution
////
== Setting up the sample
This section outlines how to setup a workspace within https://spring.io/tools/sts[Spring Tool Suite (STS)] so that you can follow along with this guide. The next section outlines generic steps for how to apply Spring Security to your existing application. While you could simply apply the steps to your existing application, we encourage you to follow along with this guide as is to reduce the complexity.
=== Obtaining the sample projects
Extract the {download-url}[Spring Security Distribution] to a known location and remember it as _SPRING_SECURITY_HOME_.
=== Import the {starter-appname} sample application
In order to follow along, we encourage you to import the {starter-appname} sample application into your IDE. You may use any IDE you prefer, but the instructions in the guide will assume you are using Spring Tool Suite (STS).
TIP: The completed sample application can be found at _SPRING_SECURITY_HOME_/samples/{completed-appname}
* If you do not have STS installed, download STS from https://spring.io/tools
* Start STS and import the sample applications into STS using the following steps:
** *File->Import*
** *Existing Maven Projects*
** Click *Next >*
** Click *Browse...*
** Navigate to the samples (i.e. _SPRING_SECURITY_HOME_/samples/{starter-appname}) and click *OK*
** Click *Finish*
=== Running the {starter-appname} application
In the following exercise we will be modifying the _spring-security-samples-{starter-appname}_ application. Before we make any changes, it is best to verify that the sample works properly. Perform the following steps to ensure that _spring-security-samples-{starter-appname}_ works.
* Right click on the _spring-security-samples-{starter-appname}_ application
* Select *Run As->Run on Server*
* Select the latest tc Server
* Click *Finish*

16
docs/guides/src/asciidoc/form.asc

@ -2,17 +2,23 @@
:author: Rob Winch
:starter-appname: hellomvc-jc
:completed-appname: form-jc
:include-dir: src/asciidoc/_hello-includes
:verify-starter-app-include: ../_form-includes/verify-app.asc
:include-dir: _includes
This guide builds off of link:hellomvc.html[Hello Spring MVC Security Java Config] to explain how to configure and use a custom login form with Spring Security Java Configuration.
include::{include-dir}/setting-up-the-sample.asc[]
Verify the application is working:
* A page displaying a user's inbox can be seen at http://localhost:8080/sample/
* Try clicking on the Compose link and creating a message. The message details should be displayed.
* Now click on the Inbox link and see the message listed. You can click on the summary link to see the details displayed again.
= Overriding the default configure(HttpSecurity) method
As we saw in link:hellomvc.html[Hello Spring MVC Security Java Config], Spring Security's `WebSecurityConfigurerAdapter` provides some convenient defaults to get our application
up and running quickly. However, our login form does not match the rest of our application. Let's see how we can update our configuration to use a custom form.
up and running quickly. However, our login form does not look like the rest of our application. Let's see how we can update our configuration to use a custom form.
== Default configure(HttpSecurity)
@ -253,3 +259,7 @@ Start up the server and try visiting http://localhost:8080/sample/ to see the up
* Try entering an invalid username and password. You will see our error message is displayed.
* Try entering a valid username and password. You will be authenticated successfully.
* Try clicking the Log Out button. You will see our logout success message
== Conclusion
You should now know how to add a custom login form using Spring Security's Java Configuration. To learn more refer to the link:index.html[Spring Security Guides index page].

29
docs/guides/src/asciidoc/hellomvc.asc

@ -2,14 +2,21 @@
:author: Rob Winch
:starter-appname: insecuremvc
:completed-appname: hellomvc-jc
:include-dir: src/asciidoc/_hello-includes
:verify-starter-app-include: verify-insecuremvc-app.asc
:include-dir: _includes
:hello-include-dir: _hello-includes
This guide provides instructions on how to add Spring Security to an existing Spring MVC application without the use of XML.
include::{include-dir}/setting-up-the-sample.asc[]
include::{include-dir}/secure-the-application.asc[]
Verify the application is working:
* A page displaying a user's inbox can be seen at http://localhost:8080/sample/
* Try clicking on the Compose link and creating a message. The message details should be displayed.
* Now click on the Inbox link and see the message listed. You can click on the summary link to see the details displayed again.
include::{hello-include-dir}/secure-the-application.asc[]
=== Registering Spring Security with the war
@ -40,7 +47,7 @@ The `MessageSecurityWebApplicationInitializer` will automatically register the s
=== Verify SecurityConfig is loaded
Just because <<security-config-java,`SecurityConfig`>> exists, does not mean that our Spring application knows about it. In this instance, our Spring root application context is initialized using MessageWebApplicationInitializer which is included with our spring-security-samples-messages-jc project. You can find a snippet of it below:
Just because <<security-config-java,SecurityConfig>> exists, does not mean that our Spring application knows about it. In this instance, our Spring root application context is initialized using MessageWebApplicationInitializer which is included with our spring-security-samples-messages-jc project. You can find a snippet of it below:
[[message-web-application-inititializer-java]]
.MessageWebApplicationInitializer.java
@ -66,18 +73,16 @@ You will notice it is loading the `RootConfiguration` class which is also includ
[source,java]
----
@Configuration
@ComponentScan(value = "org.springframework.security.samples.config",
excludeFilters = @Filter(type = FilterType.ASSIGNABLE_TYPE, value = RootConfiguration.class))
@ComponentScan
public class RootConfiguration {
}
----
The `@ComponentScan` is loading all configuration in the org.springframework.security.samples.config package. Since <<security-config-java,`SecurityConfig`>> is in this package, it will be loaded with our existing setup and there is nothing more to do.
The `@ComponentScan` is loading all configuration within the same package (and child packags) as `RootConfiguration`. Since <<security-config-java,SecurityConfig>> is in this package, it will be loaded with our existing setup and there is nothing more to do.
NOTE: Had <<security-config-java,`SecurityConfig`>> not been loaded, we could have used an `@Import(SecurityConfig)` above the class definition of <<root-configuration-java,`RootConfiguration`>> or added <<security-config-java,`SecurityConfig`>> as one of the results for `getRootConfigClasses()`.
NOTE: Had <<security-config-java,SecurityConfig>> not been loaded, we could have used an `@Import(SecurityConfig)` above the class definition of <<root-configuration-java,RootConfiguration>> or added <<security-config-java,SecurityConfig>> as one of the results for `getRootConfigClasses()`.
include::{include-dir}/exploring-the-secured-application.asc[]
include::{hello-include-dir}/exploring-the-secured-application.asc[]
==== Displaying the user name
@ -104,7 +109,7 @@ Now that we have authenticated, let's update the application to display the user
WARNING: The `<c:out />` tag ensures the username is escaped to avoid http://en.wikipedia.org/wiki/Cross-site_scripting[XSS vulnerabilities] Regardless of how an application renders user inputed values, it should ensure that the values are properly escaped.
Refresh the page at http://localhost:8080/sample/ and you will see the user name displayed. This works because Spring Security integrates with the <<servlet-api-integration,Servlet API methods>>
Refresh the page at http://localhost:8080/sample/ and you will see the user name displayed. This works because Spring Security integrates with the <<servlet-api-integration,Servlet API methods>>. Specifically, it is integrating with `HttpServletRequest#getRemoteUser()`.
==== Logging out
@ -142,4 +147,4 @@ Refresh the page at http://localhost:8080/sample/ and you will see the log out b
== Conclusion
You should now now how to secure your application using Spring Security without using any XML. Next, we will see how to link:form.html[customize our login form].
You should now know how to secure your application using Spring Security without using any XML. Next, we will see how to link:form.html[customize our login form].

27
docs/guides/src/asciidoc/helloworld.asc

@ -2,14 +2,21 @@
:author: Rob Winch
:starter-appname: insecure
:completed-appname: helloworld-jc
:include-dir: src/asciidoc/_hello-includes
:verify-starter-app-include: verify-insecure-app.asc
:include-dir: _includes
:hello-include-dir: _hello-includes
This guide provides instructions on how to add Spring Security to an existing application without the use of XML.
include::{include-dir}/setting-up-the-sample.asc[]
include::{include-dir}/secure-the-application.asc[]
Verify the application is working by ensuring a page stating *TODO Secure this* is displayed at http://localhost:8080/sample/
Once you have verified the application runs, stop the application server using the following steps:
* In the Servers view select the latest tc Server
* Click the stop button (a red square) to stop the application server
include::{hello-include-dir}/secure-the-application.asc[]
=== Registering Spring Security with the war
@ -41,11 +48,11 @@ public class SecurityWebApplicationInitializer
The `SecurityWebApplicationInitializer` will do the following things:
* Automatically register the springSecurityFilterChain Filter for every URL in your application
* Add a ContextLoaderListener that loads the <<security-config-java,`SecurityConfig`>>.
* Add a ContextLoaderListener that loads the <<security-config-java,SecurityConfig>>.
NOTE: Since we were not already using Spring, this is a simple way to add our <<security-config-java,`SecurityConfig`>>. If we were already using Spring, then we should add our <<security-config-java,`SecurityConfig`>> with the reset of our Spring configuration (i.e. a subclass of AbstractContextLoaderInitializer or AbstractDispatcherServletInitializer) and use the default constructor instead.
NOTE: Since we were not already using Spring, this is a simple way to add our <<security-config-java,SecurityConfig>>. If we were already using Spring, then we should add our <<security-config-java,SecurityConfig>> with the reset of our Spring configuration (i.e. a subclass of AbstractContextLoaderInitializer or AbstractDispatcherServletInitializer) and use the default constructor instead.
include::{include-dir}/exploring-the-secured-application.asc[]
include::{hello-include-dir}/exploring-the-secured-application.asc[]
==== Displaying the user name
@ -70,7 +77,7 @@ Refresh the page at http://localhost:8080/sample/ and you will see the user name
==== Logging out
Now that we can view the user name, let's update the application to allow logging out. Update the body of index.jsp to contain a log out link as shown below:
Now that we can view the user name, let's update the application to allow logging out. Update the body of index.jsp to contain a log out form as shown below:
.src/main/webapp/index.jsp
[source,html]
@ -93,10 +100,12 @@ Now that we can view the user name, let's update the application to allow loggin
In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires:
* the HTTP method must be a POST
* the CSRF token must be added to the request You can access it on the ServletRequest using the attribute _csrf as illustrated above. If you were using Spring MVC, the CSRF token is automatically added as a hidden input for you.
* the CSRF token must be added to the request You can access it on the ServletRequest using the attribute _csrf as illustrated above.
NOTE: If you were using Spring MVC's tag library or Thymeleaf, the CSRF token is automatically added as a hidden input for you.
Refresh the page at http://localhost:8080/sample/ and you will see the log out button. Click the logout button and see that the application logs you out successfully.
== Conclusion
You should now now how to secure your application using Spring Security without using any XML.
You should now know how to secure your application using Spring Security without using any XML. To learn more refer to the link:index.html[Spring Security Guides index page].

2
docs/guides/src/asciidoc/index.asc

@ -1,7 +1,7 @@
= Spring Security Guides
Rob Winch
These are set by step guides on how to use Spring Security.
These are step by step guides on how to use Spring Security.
== Hello World

10
docs/manual/src/asciidoc/index.adoc

@ -479,7 +479,7 @@ public class SecurityWebApplicationInitializer
The `SecurityWebApplicationInitializer` will do the following things:
* Automatically register the springSecurityFilterChain Filter for every URL in your application
* Add a ContextLoaderListener that loads the <<jc-hello-wsca,`SecurityConfig`>>.
* Add a ContextLoaderListener that loads the <<jc-hello-wsca,SecurityConfig>>.
==== AbstractSecurityWebApplicationInitializer with Spring MVC
@ -4125,7 +4125,7 @@ Please be aware that if you're using `AfterInvocationManager`, you will still ne
=== Hierarchical Roles
It is a common requirement that a particular role in an application should automatically "include" other roles. For example, in an application which has the concept of an "admin" and a "user" role, you may want an admin to be able to do everything a normal user can. To achieve this, you can either make sure that all admin users are also assigned the "user" role. Alternatively, you can modify every access constraint which requires the "user" role to also include the "admin" role. This can get quite complicated if you have a lot of different roles in your application.
The use of a role-hierarchy allows you to configure which roles (or authorities) should include others. An extended version of Spring Security's <<authz-role-voter,`RoleVoter`>>, `RoleHierarchyVoter`, is configured with a `RoleHierarchy`, from which it obtains all the "reachable authorities" which the user is assigned. A typical configuration might look like this:
The use of a role-hierarchy allows you to configure which roles (or authorities) should include others. An extended version of Spring Security's <<authz-role-voter,RoleVoter>>, `RoleHierarchyVoter`, is configured with a `RoleHierarchy`, from which it obtains all the "reachable authorities" which the user is assigned. A typical configuration might look like this:
[source,xml]
----
@ -5261,7 +5261,7 @@ The following beans should be configured to commence the CAS authentication proc
</bean>
----
For CAS to operate, the `ExceptionTranslationFilter` must have its `authenticationEntryPoint` property set to the `CasAuthenticationEntryPoint` bean. This can easily be done using <<ns-entry-point-ref,`entry-point-ref`>> as is done in the example above. The `CasAuthenticationEntryPoint` must refer to the `ServiceProperties` bean (discussed above), which provides the URL to the enterprise's CAS login server. This is where the user's browser will be redirected.
For CAS to operate, the `ExceptionTranslationFilter` must have its `authenticationEntryPoint` property set to the `CasAuthenticationEntryPoint` bean. This can easily be done using <<ns-entry-point-ref,entry-point-ref>> as is done in the example above. The `CasAuthenticationEntryPoint` must refer to the `ServiceProperties` bean (discussed above), which provides the URL to the enterprise's CAS login server. This is where the user's browser will be redirected.
The `CasAuthenticationFilter` has very similar properties to the `UsernamePasswordAuthenticationFilter` (used for form-based logins). You can use these properties to customize things like behavior for authentication success and failure.
@ -6317,7 +6317,7 @@ Enables EL-expressions in the `access` attribute, as described in the chapter on
[[nsa-access-denied-handler]]
==== <access-denied-handler>
This element allows you to set the `errorPage` property for the default `AccessDeniedHandler` used by the `ExceptionTranslationFilter`, using the <<nsa-access-denied-handler-error-page,error-page>> attribute, or to supply your own implementation using the<<nsa-access-denied-handler-ref,ref>> attribute. This is discussed in more detail in the section on the <<access-denied-handler,`ExceptionTranslationFilter`>>.
This element allows you to set the `errorPage` property for the default `AccessDeniedHandler` used by the `ExceptionTranslationFilter`, using the <<nsa-access-denied-handler-error-page,error-page>> attribute, or to supply your own implementation using the<<nsa-access-denied-handler-ref,ref>> attribute. This is discussed in more detail in the section on the <<access-denied-handler,ExceptionTranslationFilter>>.
[[nsa-access-denied-handler-parents]]
@ -7479,7 +7479,7 @@ This attribute allows you to define an id for the internal instance for use in y
[[nsa-authentication-provider]]
==== <authentication-provider>
Unless used with a `ref` attribute, this element is shorthand for configuring a <<core-services-dao-provider,`DaoAuthenticationProvider`>>. `DaoAuthenticationProvider` loads user information from a `UserDetailsService` and compares the username/password combination with the values supplied at login. The `UserDetailsService` instance can be defined either by using an available namespace element ( `jdbc-user-service` or by using the `user-service-ref` attribute to point to a bean defined elsewhere in the application context). You can find examples of these variations in the <<ns-auth-providers,namespace introduction>>.
Unless used with a `ref` attribute, this element is shorthand for configuring a <<core-services-dao-provider,DaoAuthenticationProvider>>. `DaoAuthenticationProvider` loads user information from a `UserDetailsService` and compares the username/password combination with the values supplied at login. The `UserDetailsService` instance can be defined either by using an available namespace element ( `jdbc-user-service` or by using the `user-service-ref` attribute to point to a bean defined elsewhere in the application context). You can find examples of these variations in the <<ns-auth-providers,namespace introduction>>.
[[nsa-authentication-provider-parents]]

4
samples/messages-jc/src/main/java/org/springframework/security/samples/config/RootConfiguration.java

@ -1,12 +1,10 @@
package org.springframework.security.samples.config;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.ComponentScan.Filter;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FilterType;
@Configuration
@ComponentScan(value = "org.springframework.security.samples.config", excludeFilters = @Filter(type = FilterType.ASSIGNABLE_TYPE, value = RootConfiguration.class))
@ComponentScan
public class RootConfiguration {
}