GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '6.1.x'

pull/14124/head
Marcus Hert Da Coregio 2 years ago
parent
9eee9887b9 2158d262bc
commit
6ab9cc6ff7
2 changed files with 17 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      docs/modules/ROOT/pages/servlet/architecture.adoc
  2. 4
      docs/modules/ROOT/pages/servlet/authentication/architecture.adoc

23
docs/modules/ROOT/pages/servlet/architecture.adoc
Unescape View File

@ -171,8 +171,10 @@ However, there are times that it is beneficial to know the ordering, if you want
To exemplify the above paragraph, let's consider the following security configuration: To exemplify the above paragraph, let's consider the following security configuration:
==== [tabs]
.Java ======
Java::
+
[source,java,role="primary"] [source,java,role="primary"]
---- ----
@Configuration @Configuration
@ -193,7 +195,9 @@ public class SecurityConfig {
} }
---- ----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"] [source,kotlin,role="secondary"]
---- ----
import org.springframework.security.config.web.servlet.invoke import org.springframework.security.config.web.servlet.invoke
@ -217,7 +221,7 @@ class SecurityConfig {
} }
---- ----
==== ======
The above configuration will result in the following `Filter` ordering: The above configuration will result in the following `Filter` ordering:
@ -333,8 +337,9 @@ Instead of implementing `Filter`, you can extend from {spring-framework-api-url}
Now, we need to add the filter to the security filter chain. Now, we need to add the filter to the security filter chain.
==== ======
.Java Java::
+
[source,java,role="primary"] [source,java,role="primary"]
---- ----
@Bean @Bean
@ -345,7 +350,9 @@ SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
return http.build(); return http.build();
} }
---- ----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"] [source,kotlin,role="secondary"]
---- ----
@Bean @Bean
@ -356,7 +363,7 @@ fun filterChain(http: HttpSecurity): SecurityFilterChain {
return http.build() return http.build()
} }
---- ----
==== ======
<1> Use `HttpSecurity#addFilterBefore` to add the `TenantFilter` before the `AuthorizationFilter`. <1> Use `HttpSecurity#addFilterBefore` to add the `TenantFilter` before the `AuthorizationFilter`.

4
docs/modules/ROOT/pages/servlet/authentication/architecture.adoc
Unescape View File

@ -31,7 +31,7 @@ If it contains a value, it is used as the currently authenticated user.
The simplest way to indicate a user is authenticated is to set the `SecurityContextHolder` directly: The simplest way to indicate a user is authenticated is to set the `SecurityContextHolder` directly:
.Setting `SecurityContextHolder` .Setting `SecurityContextHolder`
====
[tabs] [tabs]
====== ======
Java:: Java::
@ -66,7 +66,7 @@ Here, we use `TestingAuthenticationToken`, because it is very simple.
A more common production scenario is `UsernamePasswordAuthenticationToken(userDetails, password, authorities)`. A more common production scenario is `UsernamePasswordAuthenticationToken(userDetails, password, authorities)`.
<3> Finally, we set the `SecurityContext` on the `SecurityContextHolder`. <3> Finally, we set the `SecurityContext` on the `SecurityContextHolder`.
Spring Security uses this information for xref:servlet/authorization/index.adoc#servlet-authorization[authorization]. Spring Security uses this information for xref:servlet/authorization/index.adoc#servlet-authorization[authorization].
====
To obtain information about the authenticated principal, access the `SecurityContextHolder`. To obtain information about the authenticated principal, access the `SecurityContextHolder`.

Write Preview
Loading…
Cancel
Save