Merge branch '5.3.x'

src/docs/asciidoc/integration.adoc

@@ -954,7 +954,7 @@ this application context.
 
 NOTE: The preceding example does not show a flexible kind of security infrastructure. For
 more options as far as security is concerned, have a look at the Spring Security project
-at https://projects.spring.io/spring-security/.
+at https://spring.io/projects/spring-security/.
 
 
 

src/docs/asciidoc/web/webflux-cors.adoc

@@ -1,5 +1,6 @@
 [[webflux-cors]]
 = CORS
+:doc-spring-security: {doc-root}/spring-security/reference
 [.small]#<<web.adoc#mvc-cors, Web MVC>>#
 
 Spring WebFlux lets you handle CORS (Cross-Origin Resource Sharing). This section
@@ -309,9 +310,8 @@ You can apply CORS support through the built-in
 good fit with <<webflux-fn, functional endpoints>>.
 
 NOTE: If you try to use the `CorsFilter` with Spring Security, keep in mind that Spring
-Security has
-https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#cors[built-in support]
-for CORS.
+Security has {doc-spring-security}/servlet/integrations/cors.html[built-in support] for
+CORS.
 
 To configure the filter, you can declare a `CorsWebFilter` bean and pass a
 `CorsConfigurationSource` to its constructor, as the following example shows:

src/docs/asciidoc/web/webflux.adoc

@@ -1,6 +1,6 @@
 [[webflux]]
 = Spring WebFlux
-:doc-spring-security: {doc-root}/spring-security/site/docs/current/reference
+:doc-spring-security: {doc-root}/spring-security/reference
 
 The original web framework included in the Spring Framework, Spring Web MVC, was
 purpose-built for the Servlet API and Servlet containers. The reactive-stack web framework,
@@ -676,8 +676,7 @@ Spring WebFlux provides fine-grained support for CORS configuration through anno
 controllers. However, when you use it with Spring Security, we advise relying on the built-in
 `CorsFilter`, which must be ordered ahead of Spring Security's chain of filters.
 
-See the section on <<webflux-cors>> and the <<webflux-cors.adoc#webflux-cors-webfilter>> for more details.
-
+See the section on <<webflux-cors>> and the <<webflux-cors-webfilter>> for more details.
 
 
 [[webflux-exception-handler]]
@@ -3509,14 +3508,14 @@ include::webflux-cors.adoc[leveloffset=+1]
 == Web Security
 [.small]#<<web.adoc#mvc-web-security, Web MVC>>#
 
-The https://projects.spring.io/spring-security/[Spring Security] project provides support
+The https://spring.io/projects/spring-security[Spring Security] project provides support
 for protecting web applications from malicious exploits. See the Spring Security
 reference documentation, including:
 
-* {doc-spring-security}/html5/#jc-webflux[WebFlux Security]
-* {doc-spring-security}/html5/#test-webflux[WebFlux Testing Support]
-* {doc-spring-security}/html5/#csrf[CSRF Protection]
-* {doc-spring-security}/html5/#headers[Security Response Headers]
+* {doc-spring-security}/reactive/configuration/webflux.html[WebFlux Security]
+* {doc-spring-security}/reactive/test/index.html[WebFlux Testing Support]
+* {doc-spring-security}/features/exploits/csrf.html#csrf-protection[CSRF protection]
+* {doc-spring-security}/features/exploits/headers.html[Security Response Headers]
 
 include::webflux-view.adoc[leveloffset=+1]
 

src/docs/asciidoc/web/webmvc-cors.adoc

@@ -1,5 +1,6 @@
 [[mvc-cors]]
 = CORS
+:doc-spring-security: {doc-root}/spring-security/reference
 [.small]#<<web-reactive.adoc#webflux-cors, WebFlux>>#
 
 Spring MVC lets you handle CORS (Cross-Origin Resource Sharing). This section
@@ -334,13 +335,12 @@ as the following example shows:
 You can apply CORS support through the built-in
 {api-spring-framework}/web/filter/CorsFilter.html[`CorsFilter`].
 
-NOTE: If you try to use the `CorsFilter` with Spring Security, keep in mind that
-Spring Security has
-https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#cors[built-in support]
-for CORS.
+NOTE: If you try to use the `CorsFilter` with Spring Security, keep in mind that Spring
+Security has {doc-spring-security}/servlet/integrations/cors.html[built-in support] for
+CORS.
 
-To configure the filter, pass a
-`CorsConfigurationSource` to its constructor, as the following example shows:
+To configure the filter, pass a `CorsConfigurationSource` to its constructor, as the
+following example shows:
 
 [source,java,indent=0,subs="verbatim",role="primary"]
 .Java

src/docs/asciidoc/web/webmvc.adoc

@@ -1,6 +1,6 @@
 [[mvc]]
 = Spring Web MVC
-:doc-spring-security: {doc-root}/spring-security/site/docs/current/reference
+:doc-spring-security: {doc-root}/spring-security/reference
 
 Spring Web MVC is the original web framework built on the Servlet API and has been included
 in the Spring Framework from the very beginning. The formal name, "`Spring Web MVC,`"
@@ -4835,14 +4835,14 @@ include::webmvc-cors.adoc[leveloffset=+1]
 == Web Security
 [.small]#<<web-reactive.adoc#webflux-web-security, WebFlux>>#
 
-The https://projects.spring.io/spring-security/[Spring Security] project provides support
+The https://spring.io/projects/spring-security[Spring Security] project provides support
 for protecting web applications from malicious exploits. See the Spring Security
 reference documentation, including:
 
-* {doc-spring-security}/html5/#mvc[Spring MVC Security]
-* {doc-spring-security}/html5/#test-mockmvc[Spring MVC Test Support]
-* {doc-spring-security}/html5/#csrf[CSRF protection]
-* {doc-spring-security}/html5/#headers[Security Response Headers]
+* {doc-spring-security}/servlet/integrations/mvc.html[Spring MVC Security]
+* {doc-spring-security}/servlet/test/mockmvc/setup.html[Spring MVC Test Support]
+* {doc-spring-security}/features/exploits/csrf.html#csrf-protection[CSRF protection]
+* {doc-spring-security}/features/exploits/headers.html[Security Response Headers]
 
 https://hdiv.org/[HDIV] is another web security framework that integrates with Spring MVC.
 

src/docs/asciidoc/web/websocket.adoc

@@ -1,6 +1,6 @@
 [[websocket]]
 = WebSockets
-:doc-spring-security: {doc-root}/spring-security/site/docs/current/reference
+:doc-spring-security: {doc-root}/spring-security/reference
 [.small]#<<web-reactive.adoc#webflux-websocket, WebFlux>>#
 
 This part of the reference documentation covers support for Servlet stack, WebSocket
@@ -627,10 +627,11 @@ response. By default, the Spring Security Java configuration sets it to `DENY`.
 In 3.2, the Spring Security XML namespace does not set that header by default
 but can be configured to do so. In the future, it may set it by default.
 
-See {doc-spring-security}/htmlsingle/#headers[Default Security Headers]
+See {doc-spring-security}/features/exploits/headers.html#headers-default[Default Security Headers]
 of the Spring Security documentation for details on how to configure the
 setting of the `X-Frame-Options` header. You can also see
-https://jira.spring.io/browse/SEC-2501[SEC-2501] for additional background.
+https://github.com/spring-projects/spring-security/issues/2718[gh-2718]
+for additional background.
 ====
 
 If your application adds the `X-Frame-Options` response header (as it should!)
@@ -1810,7 +1811,7 @@ its own implementation of `WebSocketMessageBrokerConfigurer` that is marked with
 === Authorization
 
 Spring Security provides
-https://docs.spring.io/spring-security/reference/servlet/integrations/websocket.html#websocket-authorization[WebSocket sub-protocol authorization]
+{doc-spring-security}/servlet/integrations/websocket.html#websocket-authorization[WebSocket sub-protocol authorization]
 that uses a `ChannelInterceptor` to authorize messages based on the user header in them.
 Also, Spring Session provides
 https://docs.spring.io/spring-session/reference/web-socket.html[WebSocket integration]