diff --git a/docs/manual/src/docs/asciidoc/_includes/about/authentication/password-storage.adoc b/docs/manual/src/docs/asciidoc/_includes/about/authentication/password-storage.adoc
index 1ab274cf71..a023a53caf 100644
--- a/docs/manual/src/docs/asciidoc/_includes/about/authentication/password-storage.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/about/authentication/password-storage.adoc
@@ -342,7 +342,6 @@ However, this can be customized by exposing a `PasswordEncoder` as a Spring bean
If you are migrating from Spring Security 4.2.x you can revert to the previous behavior by exposing a `NoOpPasswordEncoder` bean.
-For example, if you are using Java Configuration, you can create a configuration that looks like:
[WARNING]
====
@@ -350,24 +349,26 @@ Reverting to `NoOpPasswordEncoder` is not considered to be secure.
You should instead migrate to using `DelegatingPasswordEncoder` to support secure password encoding.
====
-.NoOpPasswordEncoder with Java Configuration
+.NoOpPasswordEncoder
====
-[source,java]
+.Java
+[source,java,role="primary"]
----
@Bean
public static NoOpPasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
----
-====
-if you are using XML configuration, you can expose a `PasswordEncoder` with the id `passwordEncoder`:
-
-.NoPasswordEncoder with XML
-====
-[source,xml]
+.XML
+[source,xml,role="secondary"]
----
----
====
+
+[NOTE]
+====
+XML Configuration requires the `NoOpPasswordEncoder` bean name to be `passwordEncoder`.
+====
diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/input/digest.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/input/digest.adoc
index a9e80da0b1..90c38bca2d 100644
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/input/digest.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/input/digest.adoc
@@ -37,9 +37,10 @@ key: A private key to prevent modification of the nonce token
You will need to ensure you <> insecure plain text <> using NoOpPasswordEncoder`.
The following provides an example of configuring Digest Authentication with Java Configuration:
-.Digest Authentication with Java Configuration
+.Digest Authentication
====
-[source,java]
+.Java
+[source,java,role="primary"]
----
@Autowired
UserDetailsService userDetailsService;
@@ -63,13 +64,9 @@ protected void configure(HttpSecurity http) throws Exception {
.addFilterBefore(digestFilter());
}
----
-====
-The following provides an example of configuring Digest Authentication with XML Configuration:
-
-.Digest Authentication with XML Configuration
-====
-[source,xml]
+.XML
+[source,xml,role="secondary"]
----
@@ -45,9 +42,10 @@ Most production applications will require a custom log in form.
The configuration below demonstrates how to provide a custom log in form.
-.Custom Log In Form with Java Configuration
+.Custom Log In Form Configuration
====
-[source,java]
+.Java
+[source,java,role="primary"]
----
protected void configure(HttpSecurity http) throws Exception {
http
@@ -58,13 +56,9 @@ protected void configure(HttpSecurity http) throws Exception {
);
}
----
-====
-A minimal XML configuration can be found below:
-
-.Custom Log In Form with XML Configuration
-====
-[source,xml]
+.XML
+[source,xml,role="secondary"]
----
@@ -75,13 +69,12 @@ A minimal XML configuration can be found below:
====
[[servlet-authentication-form-custom-html]]
-=== HTML Form
-
When the login page is specified in the Spring Security configuration, you are responsible for rendering the page.
Below is a https://www.thymeleaf.org/[Thymeleaf] template that produces an HTML login form that complies with a login page of `/login`.:
-.Log In Form src/main/resources/templates/login.html
+.Log In Form
====
+.src/main/resources/templates/login.html
[source,xml]
----
@@ -122,13 +115,12 @@ Many users will not need much more than to customize the log in page.
However, if needed everything above can be customized with additional configuration.
[[servlet-authentication-form-custom-controller]]
-== LoginController
-
If you are using Spring MVC, you will need a controller that maps `GET /login` to the login template we created.
A minimal sample `LoginController` can be see below:
.LoginController
====
+.src/main/java/example/LoginController.java
[source,java]
----
@Controller
diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/storage/in-memory.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/storage/in-memory.adoc
index 3f21134e93..f48c52e839 100644
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/storage/in-memory.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/storage/in-memory.adoc
@@ -9,7 +9,8 @@ In this sample we use < XML Configuration
-====
-[source,xml]
+.XML
+[source,xml,role="secondary"]
----
> allows for storing user information including a username and password.
+Spring Security's <> allows for storing user information when authenticating with a username/password.
`UserDetailsService` is used by Spring Security when it is configured to <> for authentication.
// FIXME: Once it is retrieved it is validated using DaoAuthenticationProvider
diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/storage/jdbc.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/storage/jdbc.adoc
index e24421e4b8..b5b2f5abba 100644
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/storage/jdbc.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/storage/jdbc.adoc
@@ -3,6 +3,7 @@
Spring Security's `JdbcDaoImpl` implements <> to provide support for username/password based authentication that is retrieved using JDBC.
`JdbcUserDetailsManager` extends `JdbcDaoImpl` to provide management of `UserDetails` through the `UserDetailsManager` interface.
+`UserDetails` based authentication is used by Spring Security when it is configured to <> for authentication.
In the following sections we will discuss:
@@ -10,15 +11,6 @@ In the following sections we will discuss:
* <>
* <>
-[[servlet-authentication-jdbc-when]]
-== When is it Used?
-
-JDBC authentication is used for authenticating a username and password.
-Spring Security leverages username/password based authentication when any of the following are enabled:
-
-* <>
-* <>
-
[[servlet-authentication-jdbc-schema]]
== Default Schema
@@ -115,9 +107,10 @@ create table group_members (
Before we configure `JdbcUserDetailsManager`, we must create a `DataSource`.
In our example, we will setup an https://docs.spring.io/spring-framework/docs/current/spring-framework-reference/data-access.html#jdbc-embedded-database-support[embedded DataSource] that is initialized with the <>.
-.Embedded Data Source with Java Configuration
+.Embedded Data Source
====
-[source,java]
+.Java
+[source,java,role="primary"]
----
@Bean
DataSource dataSource() {
@@ -127,11 +120,9 @@ DataSource dataSource() {
.build();
}
----
-====
-.Embedded Data Source with XML Configuration
-====
-[source,xml]
+.XML
+[source,xml,role="secondary"]
----
@@ -147,9 +138,11 @@ In a production environment, you will want to ensure you setup a connection to a
In this sample we use <> to encode the password of `password` and get the encoded password of `{bcrypt}$2a$10$GRLdNijSQMUvl/au9ofL.eDwmoohzzS7.rmNSJZ.0FxO/BTk76klW`.
See the <> section for more details about how to store passwords.
-.JdbcUserDetailsManager with Java Configuration
+.JdbcUserDetailsManager
====
-[source,java]
+
+.Java
+[source,java,role="primary"]
----
@Bean
UserDetailsManager users(DataSource dataSource) {
@@ -167,13 +160,9 @@ UserDetailsManager users(DataSource dataSource) {
users.createUser()
}
----
-====
-The same configuration in XML looks like:
-
-. XML Configuration
-====
-[source,xml]
+.XML
+[source,xml,role="secondary"]
----