From 6f289b36200a8c0b538ad7d58d16debb2d477883 Mon Sep 17 00:00:00 2001 From: Luke Taylor Date: Sat, 12 Apr 2008 17:16:49 +0000 Subject: [PATCH] Minor doc modifications --- src/docbkx/community.xml | 25 ++++++++++++++----------- src/docbkx/dao-auth-provider.xml | 8 ++++++-- src/docbkx/introduction.xml | 14 +++++++++----- src/docbkx/springsecurity.xml | 2 +- src/docbkx/technical-overview.xml | 11 ++++++----- src/docbkx/x509-auth-provider.xml | 3 ++- 6 files changed, 38 insertions(+), 25 deletions(-) diff --git a/src/docbkx/community.xml b/src/docbkx/community.xml index 8699b54302..3e04faf04e 100644 --- a/src/docbkx/community.xml +++ b/src/docbkx/community.xml @@ -7,8 +7,7 @@
- Use JIRA for Issue Tracking - + Issue Tracking Spring Security uses JIRA to manage bug reports and enhancement requests. If you find a bug, please log a report using JIRA. Do not @@ -16,14 +15,15 @@ developers. Such approaches are ad-hoc and we prefer to manage bugs using a more formal process. - If possible, in your JIRA report please provide a JUnit test + If possible, in your issue report please provide a JUnit test that demonstrates any incorrect behaviour. Or, better yet, provide a patch that corrects the issue. Similarly, enhancements are welcome to - be logged in JIRA, although we only accept commit enhancement requests + be logged in the issue tracker, although we only accept commit enhancement requests if you include corresponding unit tests. This is necessary to ensure project test coverage is adequately maintained. - You can access JIRA at http://jira.springframework.org/browse/SEC. + You can access the issue tracker at + http://jira.springframework.org/browse/SEC.
Becoming Involved @@ -41,17 +41,20 @@ project.
-
Further Information +
+ Further Information - - Questions and comments on Spring Security are welcome. Please - use the Spring Community Forum web site at http://forum.springframework.org for all support - issues. Remember to use JIRA for bug reports, as explained above. + Questions and comments on Spring Security are welcome. You can use the + Spring Community Forum web site at + http://forum.springframework.org + to discuss Spring Security with other users of the framework. + Remember to use the JIRA for bug reports, as explained above. Everyone is also welcome to join the Acegisecurity-developer mailing list and participate in design discussions. It's also a good way of finding out what's happening with regard to release timing, and the traffic volume is quite light. Finally, our project home page (where you can obtain the latest release of the project and convenient links - to Subversion, JIRA, mailing lists, forums etc) is at http://acegisecurity.org. + to Subversion, JIRA, mailing lists, forums etc) is at + http://static.springframework.org/spring-security/site/.
\ No newline at end of file diff --git a/src/docbkx/dao-auth-provider.xml b/src/docbkx/dao-auth-provider.xml index 709bf85f7a..3acfc44aef 100644 --- a/src/docbkx/dao-auth-provider.xml +++ b/src/docbkx/dao-auth-provider.xml @@ -72,8 +72,8 @@ - - + + @@ -98,6 +98,10 @@ Spring's factory classes, please refer to the Spring documentation for further details on how to optimise the cache storage location, memory usage, eviction policies, timeouts etc. + In the majority of cases, where your application is a stateful web + application, you don't need to use a cache as the user's authentication + information will be stored in the HttpSession. + A design decision was made not to support account locking in the DaoAuthenticationProvider, as doing so would have diff --git a/src/docbkx/introduction.xml b/src/docbkx/introduction.xml index fd43c6dd1c..c8ec7879e6 100644 --- a/src/docbkx/introduction.xml +++ b/src/docbkx/introduction.xml @@ -75,6 +75,10 @@ needs) + + OpenID authentication + + Computer Associates Siteminder @@ -251,14 +255,14 @@ use in numerous production software projects and many hundreds of improvements and community contributions. - Since work began on the 2.0 release, the project has been - rebranded as "Spring Security". + Acegi Security became an official Spring Portfolio project + towards the end of 2007 and was rebranded as "Spring Security". Today Spring Security enjoys a strong and active open source community. There are thousands of messages about Spring Security on - the support forums. Fourteen developers work on the code itself, with - an active community who also regularly share patches and support their - peers. + the support forums. There is an active core of developers work + who work on the code itself and an active community which also + regularly share patches and support their peers. diff --git a/src/docbkx/springsecurity.xml b/src/docbkx/springsecurity.xml index c4b5293006..1f37c145fc 100644 --- a/src/docbkx/springsecurity.xml +++ b/src/docbkx/springsecurity.xml @@ -88,7 +88,7 @@ framework architecture and implementation classes, an understanding of which is important if you need to do any serious customization. In this part, we take a slightly gentler look at how to get started using some of the features of Spring Security 2.0. - In particular, the use of namespace configuration provides a much simpler path to securing + In particular, we'll look at namespace configuration which provides a much simpler path to securing your application with little or no knowledge of the classes involved, unlike the traditional Spring bean approach which required you to configure large numbers of beans. diff --git a/src/docbkx/technical-overview.xml b/src/docbkx/technical-overview.xml index fcb86e1764..d378bb2ca0 100644 --- a/src/docbkx/technical-overview.xml +++ b/src/docbkx/technical-overview.xml @@ -73,12 +73,13 @@ object. You can use the following code block - from anywhere in your application - to do this: - Object obj = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); + +Object obj = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); if (obj instanceof UserDetails) { -String username = ((UserDetails)obj).getUsername(); + String username = ((UserDetails)obj).getUsername(); } else { -String username = obj.toString(); + String username = obj.toString(); } The above code introduces a number of interesting relationships @@ -221,8 +222,8 @@ String username = obj.toString(); authentication.
-
Authentication - +
+ Authentication As mentioned in the beginning of this reference guide, Spring Security can participate in many different authentication diff --git a/src/docbkx/x509-auth-provider.xml b/src/docbkx/x509-auth-provider.xml index b494b5e7ab..807b058082 100644 --- a/src/docbkx/x509-auth-provider.xml +++ b/src/docbkx/x509-auth-provider.xml @@ -54,7 +54,8 @@ then the security context will remain empty. This means that you can easily use X.509 authentication with other options such as a form-based login.
-
Setting up SSL in Tomcat +
+ Setting up SSL in Tomcat There are some pre-generated certificates in the samples/certificate directory in the Spring Security project.