GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '6.0.x' into 6.1.x

pull/14134/head
Marcus Hert Da Coregio 2 years ago
parent
148e9e59d9 fafb579a6e
commit
2158d262bc
2 changed files with 17 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      docs/modules/ROOT/pages/servlet/architecture.adoc
  2. 4
      docs/modules/ROOT/pages/servlet/authentication/architecture.adoc

23
docs/modules/ROOT/pages/servlet/architecture.adoc
Unescape View File

@ -171,8 +171,10 @@ However, there are times that it is beneficial to know the ordering, if you want @@ -171,8 +171,10 @@ However, there are times that it is beneficial to know the ordering, if you want
To exemplify the above paragraph, let's consider the following security configuration:
====
.Java
[tabs]
======
Java::
+
[source,java,role="primary"]
----
@Configuration
@ -193,7 +195,9 @@ public class SecurityConfig { @@ -193,7 +195,9 @@ public class SecurityConfig {
}
----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
import org.springframework.security.config.web.servlet.invoke
@ -217,7 +221,7 @@ class SecurityConfig { @@ -217,7 +221,7 @@ class SecurityConfig {
}
----
====
======
The above configuration will result in the following `Filter` ordering:
@ -333,8 +337,9 @@ Instead of implementing `Filter`, you can extend from {spring-framework-api-url} @@ -333,8 +337,9 @@ Instead of implementing `Filter`, you can extend from {spring-framework-api-url}
Now, we need to add the filter to the security filter chain.
====
.Java
======
Java::
+
[source,java,role="primary"]
----
@Bean
@ -345,7 +350,9 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception { @@ -345,7 +350,9 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http.build();
}
----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
@Bean
@ -356,7 +363,7 @@ fun filterChain(http: HttpSecurity): SecurityFilterChain { @@ -356,7 +363,7 @@ fun filterChain(http: HttpSecurity): SecurityFilterChain {
return http.build()
}
----
====
======
<1> Use `HttpSecurity#addFilterBefore` to add the `TenantFilter` before the `AuthorizationFilter`.

4
docs/modules/ROOT/pages/servlet/authentication/architecture.adoc
Unescape View File

@ -31,7 +31,7 @@ If it contains a value, it is used as the currently authenticated user. @@ -31,7 +31,7 @@ If it contains a value, it is used as the currently authenticated user.
The simplest way to indicate a user is authenticated is to set the `SecurityContextHolder` directly:
.Setting `SecurityContextHolder`
====
[tabs]
======
Java::
@ -66,7 +66,7 @@ Here, we use `TestingAuthenticationToken`, because it is very simple. @@ -66,7 +66,7 @@ Here, we use `TestingAuthenticationToken`, because it is very simple.
A more common production scenario is `UsernamePasswordAuthenticationToken(userDetails, password, authorities)`.
<3> Finally, we set the `SecurityContext` on the `SecurityContextHolder`.
Spring Security uses this information for xref:servlet/authorization/index.adoc#servlet-authorization[authorization].
====
To obtain information about the authenticated principal, access the `SecurityContextHolder`.

Write Preview
Loading…
Cancel
Save