diff --git a/src/docbkx/channel-security.xml b/src/docbkx/channel-security.xml
index 06cc37e388..0b77c25dce 100644
--- a/src/docbkx/channel-security.xml
+++ b/src/docbkx/channel-security.xml
@@ -40,35 +40,33 @@
by means of the requires-channel attribute on the <intercept-url>
element and this is the simplest (and recommended approach)
To confiure channel security explicitly, you would define the following the filter in your application
- context:
+ context:
+
+
+
+
+
+
+
+
+
+
+
-
-<bean id="channelProcessingFilter" class="org.springframework.security.securechannel.ChannelProcessingFilter">
- <property name="channelDecisionManager" ref="channelDecisionManager"/>
- <property name="filterInvocationDefinitionSource">
- <security:filter-invocation-definition-source path-type="regex">
- <security:intercept-url pattern="\A/secure/.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
- <security:intercept-url pattern="\A/acegilogin.jsp.*\" access="REQUIRES_SECURE_CHANNEL"/>
- <security:intercept-url pattern="\A/j_spring_security_check.*\Z" access="REQUIRES_SECURE_CHANNEL"/>
- <security:intercept-url pattern="\A/.*\Z" access="REQUIRES_INSECURE_CHANNEL"/>
- </security:filter-invocation-definition-source>
- </property>
-</bean>
+
+
+
+
+
+
-<bean id="channelDecisionManager" class="org.springframework.security.securechannel.ChannelDecisionManagerImpl">
- <property name="channelProcessors">
- <list>
- <ref bean="secureChannelProcessor"/>
- <ref bean="insecureChannelProcessor"/>
- </list>
- </property>
-</bean>
-
-<bean id="secureChannelProcessor" class="org.springframework.security.securechannel.SecureChannelProcessor"/>
-<bean id="insecureChannelProcessor" class="org.springframework.security.securechannel.InsecureChannelProcessor"/>
-
-
- Like FilterSecurityInterceptor, Apache Ant
+
+]]>
+
+ Like FilterSecurityInterceptor, Apache Ant
style paths are also supported by the
ChannelProcessingFilter.
@@ -77,10 +75,11 @@
attributes that apply. It then delegates to the
ChannelDecisionManager. The default implementation,
ChannelDecisionManagerImpl, should suffice in most
- cases. It simply delegates through the list of configured
- ChannelProcessor instances. A
+ cases. It simply delegates to the list of configured
+ ChannelProcessor instances. The attribute ANY_CHANNEL
+ can be used to override this behaviour and skip a particular URL. Otherwise, a
ChannelProcessor will review the request, and if it
- is unhappy with the request (eg it was received across the incorrect
+ is unhappy with the request (e.g. if it was received across the incorrect
transport protocol), it will perform a redirect, throw an exception or
take whatever other action is appropriate.
@@ -99,7 +98,7 @@
request to HTTP and HTTPS as appropriate. Appropriate defaults are
assigned to the ChannelProcessor implementations
for the configuration attribute keywords they respond to and the
- ChannelEntryPoint they delegate to, although you
+ ChannelEntryPoint they delegate to, although you
have the ability to override these using the application
context.
@@ -109,15 +108,15 @@
that Internet Explorer 6 Service Pack 1 has a bug whereby it does not
respond correctly to a redirection instruction which also changes the
port to use. Accordingly, absolute URLs are used in conjunction with
- bug detection logic in the PortResolverImpl that is
+ bug detection logic in the PortResolverImpl that is
wired up by default to many Spring Security beans. Please refer to the
- JavaDocs for PortResolverImpl for further
+ JavaDocs for PortResolverImpl for further
details.
You should note that using a secure channel is recommended if
usernames and passwords are to be kept secure during the login
process. If you do decide to use
- ChannelProcessingFilter with form-based login,
+ ChannelProcessingFilter with form-based login,
please ensure that your login page is set to
REQUIRES_SECURE_CHANNEL, and that the
AuthenticationProcessingFilterEntryPoint.forceHttps