diff --git a/docs/modules/ROOT/pages/servlet/architecture.adoc b/docs/modules/ROOT/pages/servlet/architecture.adoc index e7f557269e..1f534164f0 100644 --- a/docs/modules/ROOT/pages/servlet/architecture.adoc +++ b/docs/modules/ROOT/pages/servlet/architecture.adoc @@ -171,8 +171,10 @@ However, there are times that it is beneficial to know the ordering, if you want To exemplify the above paragraph, let's consider the following security configuration: -==== -.Java +[tabs] +====== +Java:: ++ [source,java,role="primary"] ---- @Configuration @@ -193,7 +195,9 @@ public class SecurityConfig { } ---- -.Kotlin + +Kotlin:: ++ [source,kotlin,role="secondary"] ---- import org.springframework.security.config.web.servlet.invoke @@ -217,7 +221,7 @@ class SecurityConfig { } ---- -==== +====== The above configuration will result in the following `Filter` ordering: @@ -333,8 +337,9 @@ Instead of implementing `Filter`, you can extend from {spring-framework-api-url} Now, we need to add the filter to the security filter chain. -==== -.Java +====== +Java:: ++ [source,java,role="primary"] ---- @Bean @@ -345,7 +350,9 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception { return http.build(); } ---- -.Kotlin + +Kotlin:: ++ [source,kotlin,role="secondary"] ---- @Bean @@ -356,7 +363,7 @@ fun filterChain(http: HttpSecurity): SecurityFilterChain { return http.build() } ---- -==== +====== <1> Use `HttpSecurity#addFilterBefore` to add the `TenantFilter` before the `AuthorizationFilter`. diff --git a/docs/modules/ROOT/pages/servlet/authentication/architecture.adoc b/docs/modules/ROOT/pages/servlet/authentication/architecture.adoc index 1d99ef6b38..0c43958a77 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/architecture.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/architecture.adoc @@ -31,7 +31,7 @@ If it contains a value, it is used as the currently authenticated user. The simplest way to indicate a user is authenticated is to set the `SecurityContextHolder` directly: .Setting `SecurityContextHolder` -==== + [tabs] ====== Java:: @@ -66,7 +66,7 @@ Here, we use `TestingAuthenticationToken`, because it is very simple. A more common production scenario is `UsernamePasswordAuthenticationToken(userDetails, password, authorities)`. <3> Finally, we set the `SecurityContext` on the `SecurityContextHolder`. Spring Security uses this information for xref:servlet/authorization/index.adoc#servlet-authorization[authorization]. -==== + To obtain information about the authenticated principal, access the `SecurityContextHolder`.