diff --git a/build.gradle b/build.gradle index 07576e7877..7ec219a10d 100644 --- a/build.gradle +++ b/build.gradle @@ -10,6 +10,7 @@ buildscript { classpath("org.gradle.api.plugins:gradle-tomcat-plugin:0.9.8") classpath('me.champeau.gradle:gradle-javadoc-hotfix-plugin:0.1') classpath('org.asciidoctor:asciidoctor-gradle-plugin:0.7.0') + classpath('org.asciidoctor:asciidoctor-java-integration:0.1.4.preview.1') } } diff --git a/docs/guides/build.gradle b/docs/guides/build.gradle index 173ed985f4..bab74cf7cb 100644 --- a/docs/guides/build.gradle +++ b/docs/guides/build.gradle @@ -1,6 +1,7 @@ apply plugin: 'asciidoctor' asciidoctor { + baseDir = file('src/asciidoc') options = [ eruby: 'erubis', eruby: 'erubis', @@ -9,11 +10,14 @@ asciidoctor { icons : 'font', 'source-highlighter': 'prettify', sectanchors : '', - toc2: '', + toc: '', + 'toc-placement' : 'preamble', idprefix: '', idseparator: '-', doctype: 'book', 'spring-security-version' : project.version, + 'download-url' : getDownloadUrl(), + 'include-maven-repository' : getMavenRepositoryInclude(), revnumber : project.version ] ] @@ -24,4 +28,19 @@ ext.spec = copySpec { from(asciidoctor.outputDir) exclude 'build', 'Guardfile' } +} + +def getDownloadUrl() { + snapshotBuild ? "https://github.com/SpringSource/spring-security/archive/master.zip" : "https://github.com/spring-projects/spring-security/archive/${project.version}.zip" +} + + +def getMavenRepositoryInclude() { + if(snapshotBuild) { + return "_includes/maven-repository-snapshot.asc" + } else if(releaseBuild) { + return "_includes/maven-repository-release.asc" + } else { + return "_includes/maven-repository-milestone.asc" + } } \ No newline at end of file diff --git a/docs/guides/src/asciidoc/Guardfile b/docs/guides/src/asciidoc/Guardfile index 4f11a925af..9b1c727f65 100644 --- a/docs/guides/src/asciidoc/Guardfile +++ b/docs/guides/src/asciidoc/Guardfile @@ -3,7 +3,10 @@ require 'erb' guard 'shell' do watch(/^.*\.asc$/) {|m| - Asciidoctor.render_file(m[0], :to_dir => "build/", :safe => Asciidoctor::SafeMode::UNSAFE, :attributes=> {'toc' => '', 'idprefix' => '', 'idseparator' => '-', 'copycss' => '', 'icons' => 'font', 'source-highlighter' => 'prettify', 'sectanchors' => '', 'toc-placement' => 'preamble', 'spring-security-version' => '3.2.0.CI-SNAPSHOT', 'revnumber' => '3.2.0.CI-SNAPSHOT' }) + Asciidoctor.render_file(m[0], :to_dir => "build/", :safe => Asciidoctor::SafeMode::UNSAFE, :attributes=> {'toc' => '', 'idprefix' => '', 'idseparator' => '-', 'copycss' => '', 'icons' => 'font', 'source-highlighter' => 'prettify', 'sectanchors' => '', 'toc-placement' => 'preamble', 'revnumber' => '3.2.0.CI-SNAPSHOT', + 'spring-security-version' => '3.2.0.CI-SNAPSHOT', + 'download-url' => 'https://github.com/SpringSource/spring-security/archive/master.zip', + 'include-maven-repository' => '_includes/maven-repository-snapshot.asc' }) } end diff --git a/docs/guides/src/asciidoc/_hello-includes/exploring-the-secured-application.asc b/docs/guides/src/asciidoc/_hello-includes/exploring-the-secured-application.asc index c123d913c9..fbdaf4b272 100644 --- a/docs/guides/src/asciidoc/_hello-includes/exploring-the-secured-application.asc +++ b/docs/guides/src/asciidoc/_hello-includes/exploring-the-secured-application.asc @@ -16,4 +16,4 @@ You should see an error message stating that authentication failed. Now try ente You should now see the page that we wanted to secure. -NOTE: The reason we can successfully authenticate with *Username* _user_ and *Password* _password_ is because that is what we configured in our <>. +NOTE: The reason we can successfully authenticate with *Username* _user_ and *Password* _password_ is because that is what we configured in our <>. diff --git a/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc b/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc index f7d6c0f5cf..e6396a600c 100644 --- a/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc +++ b/docs/guides/src/asciidoc/_hello-includes/secure-the-application.asc @@ -4,22 +4,9 @@ Before securing your application, it is important to ensure that the existing ap === Updating your dependencies -You will need to ensure you have added the dependencies. Spring Security milestones and release candidates are available in the https://github.com/SpringSource/spring-framework/wiki/SpringSource-repository-FAQ[Spring Milestone Repository]. In short, if you are using Maven and using a milestone or release candidates ensure you have the following repository in your pom.xml: +include::../{include-maven-repository}[] -.pom.xml -[source,xml] ----- - - - - spring-libs-milestone - Spring Milestone Repository - http://repo.springsource.org/milestone - - ----- - -You will then need to include the Spring Security dependencies +In order to use Spring Security you must add the necessary dependencies. For the sample we will add the following Spring Security dependencies: .pom.xml [source,xml] @@ -83,7 +70,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { ---- [[servlet-api-integration]] -The <> will: +The <> will: * Require authentication to every URL in your application * Generate a login form for you diff --git a/docs/guides/src/asciidoc/_hello-includes/setting-up-the-sample.asc b/docs/guides/src/asciidoc/_hello-includes/setting-up-the-sample.asc deleted file mode 100644 index 164b23cdf4..0000000000 --- a/docs/guides/src/asciidoc/_hello-includes/setting-up-the-sample.asc +++ /dev/null @@ -1,43 +0,0 @@ -== Setting up the sample - -This section outlines how to setup a workspace within STS so that you can follow along with this guide. The next section outlines generic steps for how to apply Spring Security to your existing application. While you could simply apply the steps to your existing application, we encourage you to follow along with this guide as is to reduce the complexity. - -=== Obtaining the sample projects - -The simplest way to obtain the source and the samples is to download the source from github. You can choose from the following downloads: - -* https://github.com/SpringSource/spring-security/archive/master.zip[Development Version] -* https://github.com/SpringSource/spring-security/releases[Released Versions] - -Extract the zip to a known location and remember it as _SPRING_SECURITY_HOME_. You are now ready to <> - -=== Import the {starter-appname} sample application - -In oder to follow along, we encourage you to import the {starter-appname} sample application into your IDE. You may use any IDE you prefer, but the instructions in the guide will assume you are using Spring Tool Suite (STS). - -TIP: The completed sample application can be found at _SPRING_SECURITY_HOME_/{completed-appname} - -* If you do not have STS installed, download STS from https://spring.io/tools -* Start STS and import the sample applications into STS using the following steps: -** *File->Import* -** *Existing Maven Projects* -** Click *Next >* -** Click *Browse...* -** Navigate to the samples (i.e. _SPRING_SECURITY_HOME_/samples/{starter-appname}) and click *OK* -** Click *Finish* - -=== Running the {starter-appname} application - -In the following exerecise we will be modifying the _spring-security-samples-{starter-appname}_ application. Before we make any changes, it is best to verify that the sample works properly. Perform the following steps to ensure that _spring-security-samples-{starter-appname}_ works. - -* Right click on the _spring-security-samples-{starter-appname}_ application -* Select *Run As->Run on Server* -* Select the latest tc Server -* Click *Finish* - -include::{verify-starter-app-include}[] - -Once you have verified the application runs, stop the application server using the following steps: - -* In the Servers view select the latest tc Server -* Click the stop button (a red square) to stop the application server diff --git a/docs/guides/src/asciidoc/_hello-includes/verify-insecure-app.asc b/docs/guides/src/asciidoc/_hello-includes/verify-insecure-app.asc deleted file mode 100644 index 6d918be61c..0000000000 --- a/docs/guides/src/asciidoc/_hello-includes/verify-insecure-app.asc +++ /dev/null @@ -1 +0,0 @@ -A page stating *TODO Secure this* should be displayed at http://localhost:8080/sample/ diff --git a/docs/guides/src/asciidoc/_hello-includes/verify-insecuremvc-app.asc b/docs/guides/src/asciidoc/_hello-includes/verify-insecuremvc-app.asc deleted file mode 100644 index 54df751905..0000000000 --- a/docs/guides/src/asciidoc/_hello-includes/verify-insecuremvc-app.asc +++ /dev/null @@ -1,5 +0,0 @@ -Verify the application is working: - -* A page displaying a user's inbox can be seen at http://localhost:8080/sample/ -* Try clicking on the Compose link and creating a message. The message details should be displayed. -* Now click on the Inbox link and see the message listed. You can click on the summary link to see the details displayed again. diff --git a/docs/guides/src/asciidoc/_includes/maven-repository-milestone.asc b/docs/guides/src/asciidoc/_includes/maven-repository-milestone.asc new file mode 100644 index 0000000000..75009e17c3 --- /dev/null +++ b/docs/guides/src/asciidoc/_includes/maven-repository-milestone.asc @@ -0,0 +1,14 @@ +In order to resolve Spring Security milestones and release candidates add the Spring Milestone repository as shown below: + +.pom.xml +[source,xml] +---- + + + + spring-milestone + Spring Milestone Repository + https://repo.spring.io/milestone + + +---- \ No newline at end of file diff --git a/docs/guides/src/asciidoc/_includes/maven-repository-release.asc b/docs/guides/src/asciidoc/_includes/maven-repository-release.asc new file mode 100644 index 0000000000..a61938c847 --- /dev/null +++ b/docs/guides/src/asciidoc/_includes/maven-repository-release.asc @@ -0,0 +1 @@ +Spring Security GA releases are included within Maven Central, so no additional Maven repositories are necessary. \ No newline at end of file diff --git a/docs/guides/src/asciidoc/_includes/maven-repository-snapshot.asc b/docs/guides/src/asciidoc/_includes/maven-repository-snapshot.asc new file mode 100644 index 0000000000..6b58902aa9 --- /dev/null +++ b/docs/guides/src/asciidoc/_includes/maven-repository-snapshot.asc @@ -0,0 +1,14 @@ +In order to resolve Spring Security SNAPSHOT dependencies add the Spring Snapshot repository as shown below: + +.pom.xml +[source,xml] +---- + + + + spring-snapshot + Spring Snapshot Repository + https://repo.spring.io/snapshot + + +---- \ No newline at end of file diff --git a/docs/guides/src/asciidoc/_includes/setting-up-the-sample.asc b/docs/guides/src/asciidoc/_includes/setting-up-the-sample.asc new file mode 100644 index 0000000000..5b5eaf2502 --- /dev/null +++ b/docs/guides/src/asciidoc/_includes/setting-up-the-sample.asc @@ -0,0 +1,40 @@ +//// + +Variables: + +starter-appname: the name of the module users should start with to complete the excercise +completed-appname: the name of the module that contains the completed application +download-url: the URL to download the Spring Security distribution +//// + +== Setting up the sample + +This section outlines how to setup a workspace within https://spring.io/tools/sts[Spring Tool Suite (STS)] so that you can follow along with this guide. The next section outlines generic steps for how to apply Spring Security to your existing application. While you could simply apply the steps to your existing application, we encourage you to follow along with this guide as is to reduce the complexity. + +=== Obtaining the sample projects + +Extract the {download-url}[Spring Security Distribution] to a known location and remember it as _SPRING_SECURITY_HOME_. + +=== Import the {starter-appname} sample application + +In order to follow along, we encourage you to import the {starter-appname} sample application into your IDE. You may use any IDE you prefer, but the instructions in the guide will assume you are using Spring Tool Suite (STS). + +TIP: The completed sample application can be found at _SPRING_SECURITY_HOME_/samples/{completed-appname} + +* If you do not have STS installed, download STS from https://spring.io/tools +* Start STS and import the sample applications into STS using the following steps: +** *File->Import* +** *Existing Maven Projects* +** Click *Next >* +** Click *Browse...* +** Navigate to the samples (i.e. _SPRING_SECURITY_HOME_/samples/{starter-appname}) and click *OK* +** Click *Finish* + +=== Running the {starter-appname} application + +In the following exercise we will be modifying the _spring-security-samples-{starter-appname}_ application. Before we make any changes, it is best to verify that the sample works properly. Perform the following steps to ensure that _spring-security-samples-{starter-appname}_ works. + +* Right click on the _spring-security-samples-{starter-appname}_ application +* Select *Run As->Run on Server* +* Select the latest tc Server +* Click *Finish* \ No newline at end of file diff --git a/docs/guides/src/asciidoc/form.asc b/docs/guides/src/asciidoc/form.asc index cb4abe9a08..3037ea2462 100644 --- a/docs/guides/src/asciidoc/form.asc +++ b/docs/guides/src/asciidoc/form.asc @@ -2,17 +2,23 @@ :author: Rob Winch :starter-appname: hellomvc-jc :completed-appname: form-jc -:include-dir: src/asciidoc/_hello-includes -:verify-starter-app-include: ../_form-includes/verify-app.asc +:include-dir: _includes This guide builds off of link:hellomvc.html[Hello Spring MVC Security Java Config] to explain how to configure and use a custom login form with Spring Security Java Configuration. include::{include-dir}/setting-up-the-sample.asc[] +Verify the application is working: + +* A page displaying a user's inbox can be seen at http://localhost:8080/sample/ +* Try clicking on the Compose link and creating a message. The message details should be displayed. +* Now click on the Inbox link and see the message listed. You can click on the summary link to see the details displayed again. + + = Overriding the default configure(HttpSecurity) method As we saw in link:hellomvc.html[Hello Spring MVC Security Java Config], Spring Security's `WebSecurityConfigurerAdapter` provides some convenient defaults to get our application -up and running quickly. However, our login form does not match the rest of our application. Let's see how we can update our configuration to use a custom form. +up and running quickly. However, our login form does not look like the rest of our application. Let's see how we can update our configuration to use a custom form. == Default configure(HttpSecurity) @@ -253,3 +259,7 @@ Start up the server and try visiting http://localhost:8080/sample/ to see the up * Try entering an invalid username and password. You will see our error message is displayed. * Try entering a valid username and password. You will be authenticated successfully. * Try clicking the Log Out button. You will see our logout success message + +== Conclusion + +You should now know how to add a custom login form using Spring Security's Java Configuration. To learn more refer to the link:index.html[Spring Security Guides index page]. diff --git a/docs/guides/src/asciidoc/hellomvc.asc b/docs/guides/src/asciidoc/hellomvc.asc index 4d3ebb9a7c..ea33f4b9b2 100644 --- a/docs/guides/src/asciidoc/hellomvc.asc +++ b/docs/guides/src/asciidoc/hellomvc.asc @@ -2,14 +2,21 @@ :author: Rob Winch :starter-appname: insecuremvc :completed-appname: hellomvc-jc -:include-dir: src/asciidoc/_hello-includes -:verify-starter-app-include: verify-insecuremvc-app.asc +:include-dir: _includes +:hello-include-dir: _hello-includes This guide provides instructions on how to add Spring Security to an existing Spring MVC application without the use of XML. include::{include-dir}/setting-up-the-sample.asc[] -include::{include-dir}/secure-the-application.asc[] +Verify the application is working: + +* A page displaying a user's inbox can be seen at http://localhost:8080/sample/ +* Try clicking on the Compose link and creating a message. The message details should be displayed. +* Now click on the Inbox link and see the message listed. You can click on the summary link to see the details displayed again. + + +include::{hello-include-dir}/secure-the-application.asc[] === Registering Spring Security with the war @@ -40,7 +47,7 @@ The `MessageSecurityWebApplicationInitializer` will automatically register the s === Verify SecurityConfig is loaded -Just because <> exists, does not mean that our Spring application knows about it. In this instance, our Spring root application context is initialized using MessageWebApplicationInitializer which is included with our spring-security-samples-messages-jc project. You can find a snippet of it below: +Just because <> exists, does not mean that our Spring application knows about it. In this instance, our Spring root application context is initialized using MessageWebApplicationInitializer which is included with our spring-security-samples-messages-jc project. You can find a snippet of it below: [[message-web-application-inititializer-java]] .MessageWebApplicationInitializer.java @@ -66,18 +73,16 @@ You will notice it is loading the `RootConfiguration` class which is also includ [source,java] ---- @Configuration -@ComponentScan(value = "org.springframework.security.samples.config", - excludeFilters = @Filter(type = FilterType.ASSIGNABLE_TYPE, value = RootConfiguration.class)) +@ComponentScan public class RootConfiguration { - } ---- -The `@ComponentScan` is loading all configuration in the org.springframework.security.samples.config package. Since <> is in this package, it will be loaded with our existing setup and there is nothing more to do. +The `@ComponentScan` is loading all configuration within the same package (and child packags) as `RootConfiguration`. Since <> is in this package, it will be loaded with our existing setup and there is nothing more to do. -NOTE: Had <> not been loaded, we could have used an `@Import(SecurityConfig)` above the class definition of <> or added <> as one of the results for `getRootConfigClasses()`. +NOTE: Had <> not been loaded, we could have used an `@Import(SecurityConfig)` above the class definition of <> or added <> as one of the results for `getRootConfigClasses()`. -include::{include-dir}/exploring-the-secured-application.asc[] +include::{hello-include-dir}/exploring-the-secured-application.asc[] ==== Displaying the user name @@ -104,7 +109,7 @@ Now that we have authenticated, let's update the application to display the user WARNING: The `` tag ensures the username is escaped to avoid http://en.wikipedia.org/wiki/Cross-site_scripting[XSS vulnerabilities] Regardless of how an application renders user inputed values, it should ensure that the values are properly escaped. -Refresh the page at http://localhost:8080/sample/ and you will see the user name displayed. This works because Spring Security integrates with the <> +Refresh the page at http://localhost:8080/sample/ and you will see the user name displayed. This works because Spring Security integrates with the <>. Specifically, it is integrating with `HttpServletRequest#getRemoteUser()`. ==== Logging out @@ -142,4 +147,4 @@ Refresh the page at http://localhost:8080/sample/ and you will see the log out b == Conclusion -You should now now how to secure your application using Spring Security without using any XML. Next, we will see how to link:form.html[customize our login form]. +You should now know how to secure your application using Spring Security without using any XML. Next, we will see how to link:form.html[customize our login form]. diff --git a/docs/guides/src/asciidoc/helloworld.asc b/docs/guides/src/asciidoc/helloworld.asc index cf7c4d6406..36ec86f998 100644 --- a/docs/guides/src/asciidoc/helloworld.asc +++ b/docs/guides/src/asciidoc/helloworld.asc @@ -2,14 +2,21 @@ :author: Rob Winch :starter-appname: insecure :completed-appname: helloworld-jc -:include-dir: src/asciidoc/_hello-includes -:verify-starter-app-include: verify-insecure-app.asc +:include-dir: _includes +:hello-include-dir: _hello-includes This guide provides instructions on how to add Spring Security to an existing application without the use of XML. include::{include-dir}/setting-up-the-sample.asc[] -include::{include-dir}/secure-the-application.asc[] +Verify the application is working by ensuring a page stating *TODO Secure this* is displayed at http://localhost:8080/sample/ + +Once you have verified the application runs, stop the application server using the following steps: + +* In the Servers view select the latest tc Server +* Click the stop button (a red square) to stop the application server + +include::{hello-include-dir}/secure-the-application.asc[] === Registering Spring Security with the war @@ -41,11 +48,11 @@ public class SecurityWebApplicationInitializer The `SecurityWebApplicationInitializer` will do the following things: * Automatically register the springSecurityFilterChain Filter for every URL in your application -* Add a ContextLoaderListener that loads the <>. +* Add a ContextLoaderListener that loads the <>. -NOTE: Since we were not already using Spring, this is a simple way to add our <>. If we were already using Spring, then we should add our <> with the reset of our Spring configuration (i.e. a subclass of AbstractContextLoaderInitializer or AbstractDispatcherServletInitializer) and use the default constructor instead. +NOTE: Since we were not already using Spring, this is a simple way to add our <>. If we were already using Spring, then we should add our <> with the reset of our Spring configuration (i.e. a subclass of AbstractContextLoaderInitializer or AbstractDispatcherServletInitializer) and use the default constructor instead. -include::{include-dir}/exploring-the-secured-application.asc[] +include::{hello-include-dir}/exploring-the-secured-application.asc[] ==== Displaying the user name @@ -70,7 +77,7 @@ Refresh the page at http://localhost:8080/sample/ and you will see the user name ==== Logging out -Now that we can view the user name, let's update the application to allow logging out. Update the body of index.jsp to contain a log out link as shown below: +Now that we can view the user name, let's update the application to allow logging out. Update the body of index.jsp to contain a log out form as shown below: .src/main/webapp/index.jsp [source,html] @@ -93,10 +100,12 @@ Now that we can view the user name, let's update the application to allow loggin In order to help protect against http://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attacks], by default, Spring Security Java Configuration log out requires: * the HTTP method must be a POST -* the CSRF token must be added to the request You can access it on the ServletRequest using the attribute _csrf as illustrated above. If you were using Spring MVC, the CSRF token is automatically added as a hidden input for you. +* the CSRF token must be added to the request You can access it on the ServletRequest using the attribute _csrf as illustrated above. + +NOTE: If you were using Spring MVC's tag library or Thymeleaf, the CSRF token is automatically added as a hidden input for you. Refresh the page at http://localhost:8080/sample/ and you will see the log out button. Click the logout button and see that the application logs you out successfully. == Conclusion -You should now now how to secure your application using Spring Security without using any XML. +You should now know how to secure your application using Spring Security without using any XML. To learn more refer to the link:index.html[Spring Security Guides index page]. diff --git a/docs/guides/src/asciidoc/index.asc b/docs/guides/src/asciidoc/index.asc index 79921228f0..3444b36b49 100644 --- a/docs/guides/src/asciidoc/index.asc +++ b/docs/guides/src/asciidoc/index.asc @@ -1,7 +1,7 @@ = Spring Security Guides Rob Winch -These are set by step guides on how to use Spring Security. +These are step by step guides on how to use Spring Security. == Hello World diff --git a/docs/manual/src/asciidoc/index.adoc b/docs/manual/src/asciidoc/index.adoc index 83c9b10800..793904c3af 100644 --- a/docs/manual/src/asciidoc/index.adoc +++ b/docs/manual/src/asciidoc/index.adoc @@ -479,7 +479,7 @@ public class SecurityWebApplicationInitializer The `SecurityWebApplicationInitializer` will do the following things: * Automatically register the springSecurityFilterChain Filter for every URL in your application -* Add a ContextLoaderListener that loads the <>. +* Add a ContextLoaderListener that loads the <>. ==== AbstractSecurityWebApplicationInitializer with Spring MVC @@ -4125,7 +4125,7 @@ Please be aware that if you're using `AfterInvocationManager`, you will still ne === Hierarchical Roles It is a common requirement that a particular role in an application should automatically "include" other roles. For example, in an application which has the concept of an "admin" and a "user" role, you may want an admin to be able to do everything a normal user can. To achieve this, you can either make sure that all admin users are also assigned the "user" role. Alternatively, you can modify every access constraint which requires the "user" role to also include the "admin" role. This can get quite complicated if you have a lot of different roles in your application. -The use of a role-hierarchy allows you to configure which roles (or authorities) should include others. An extended version of Spring Security's <>, `RoleHierarchyVoter`, is configured with a `RoleHierarchy`, from which it obtains all the "reachable authorities" which the user is assigned. A typical configuration might look like this: +The use of a role-hierarchy allows you to configure which roles (or authorities) should include others. An extended version of Spring Security's <>, `RoleHierarchyVoter`, is configured with a `RoleHierarchy`, from which it obtains all the "reachable authorities" which the user is assigned. A typical configuration might look like this: [source,xml] ---- @@ -5261,7 +5261,7 @@ The following beans should be configured to commence the CAS authentication proc ---- -For CAS to operate, the `ExceptionTranslationFilter` must have its `authenticationEntryPoint` property set to the `CasAuthenticationEntryPoint` bean. This can easily be done using <> as is done in the example above. The `CasAuthenticationEntryPoint` must refer to the `ServiceProperties` bean (discussed above), which provides the URL to the enterprise's CAS login server. This is where the user's browser will be redirected. +For CAS to operate, the `ExceptionTranslationFilter` must have its `authenticationEntryPoint` property set to the `CasAuthenticationEntryPoint` bean. This can easily be done using <> as is done in the example above. The `CasAuthenticationEntryPoint` must refer to the `ServiceProperties` bean (discussed above), which provides the URL to the enterprise's CAS login server. This is where the user's browser will be redirected. The `CasAuthenticationFilter` has very similar properties to the `UsernamePasswordAuthenticationFilter` (used for form-based logins). You can use these properties to customize things like behavior for authentication success and failure. @@ -6317,7 +6317,7 @@ Enables EL-expressions in the `access` attribute, as described in the chapter on [[nsa-access-denied-handler]] ==== -This element allows you to set the `errorPage` property for the default `AccessDeniedHandler` used by the `ExceptionTranslationFilter`, using the <> attribute, or to supply your own implementation using the<> attribute. This is discussed in more detail in the section on the <>. +This element allows you to set the `errorPage` property for the default `AccessDeniedHandler` used by the `ExceptionTranslationFilter`, using the <> attribute, or to supply your own implementation using the<> attribute. This is discussed in more detail in the section on the <>. [[nsa-access-denied-handler-parents]] @@ -7479,7 +7479,7 @@ This attribute allows you to define an id for the internal instance for use in y [[nsa-authentication-provider]] ==== -Unless used with a `ref` attribute, this element is shorthand for configuring a <>. `DaoAuthenticationProvider` loads user information from a `UserDetailsService` and compares the username/password combination with the values supplied at login. The `UserDetailsService` instance can be defined either by using an available namespace element ( `jdbc-user-service` or by using the `user-service-ref` attribute to point to a bean defined elsewhere in the application context). You can find examples of these variations in the <>. +Unless used with a `ref` attribute, this element is shorthand for configuring a <>. `DaoAuthenticationProvider` loads user information from a `UserDetailsService` and compares the username/password combination with the values supplied at login. The `UserDetailsService` instance can be defined either by using an available namespace element ( `jdbc-user-service` or by using the `user-service-ref` attribute to point to a bean defined elsewhere in the application context). You can find examples of these variations in the <>. [[nsa-authentication-provider-parents]] diff --git a/samples/messages-jc/src/main/java/org/springframework/security/samples/config/RootConfiguration.java b/samples/messages-jc/src/main/java/org/springframework/security/samples/config/RootConfiguration.java index b98f36f9bb..4e5a854666 100644 --- a/samples/messages-jc/src/main/java/org/springframework/security/samples/config/RootConfiguration.java +++ b/samples/messages-jc/src/main/java/org/springframework/security/samples/config/RootConfiguration.java @@ -1,12 +1,10 @@ package org.springframework.security.samples.config; import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.ComponentScan.Filter; import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.FilterType; @Configuration -@ComponentScan(value = "org.springframework.security.samples.config", excludeFilters = @Filter(type = FilterType.ASSIGNABLE_TYPE, value = RootConfiguration.class)) +@ComponentScan public class RootConfiguration { } \ No newline at end of file