diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc index 7b7c724527..4e8a24b2dc 100644 --- a/docs/modules/ROOT/nav.adoc +++ b/docs/modules/ROOT/nav.adoc @@ -24,11 +24,11 @@ ** xref:servlet/authentication/index.adoc[Authentication] *** xref:servlet/authentication/architecture.adoc[Authentication Architecture] *** xref:servlet/authentication/passwords/index.adoc[Username/Password] -**** Reading Username/Password +**** xref:servlet/authentication/passwords/input.adoc[Reading Username/Password] ***** xref:servlet/authentication/passwords/form.adoc[Form] ***** xref:servlet/authentication/passwords/basic.adoc[Basic] ***** xref:servlet/authentication/passwords/digest.adoc[Digest] -**** Password Storage +**** **** xref:servlet/authentication/passwords/storage.adoc[Password Storage] ***** xref:servlet/authentication/passwords/in-memory.adoc[In Memory] ***** xref:servlet/authentication/passwords/jdbc.adoc[JDBC] ***** xref:servlet/authentication/passwords/user-details.adoc[UserDetails] diff --git a/docs/modules/ROOT/pages/features/exploits/index.adoc b/docs/modules/ROOT/pages/features/exploits/index.adoc index 6aa70077ee..ec5de58e85 100644 --- a/docs/modules/ROOT/pages/features/exploits/index.adoc +++ b/docs/modules/ROOT/pages/features/exploits/index.adoc @@ -1,10 +1,7 @@ [[exploits]] = Protection Against Exploits +:page-section-summary-toc: 1 Spring Security provides protection against common exploits. Whenever possible, the protection is enabled by default. Below you will find high level description of the various exploits that Spring Security protects against. - -* xref:features/exploits/csrf.adoc[CSRF] -* xref:features/exploits/headers.adoc[HTTP Headers] -* xref:features/exploits/http.adoc[HTTP Requests] diff --git a/docs/modules/ROOT/pages/features/index.adoc b/docs/modules/ROOT/pages/features/index.adoc index 5775de1d1f..5c6f1865ca 100644 --- a/docs/modules/ROOT/pages/features/index.adoc +++ b/docs/modules/ROOT/pages/features/index.adoc @@ -1,5 +1,6 @@ [[features]] = Features +:page-section-summary-toc: 1 Spring Security provides comprehensive support for xref:features/authentication/index.adoc[authentication], xref:features/authorization/index.adoc[authorization], and protection against xref:features/exploits/index.adoc#exploits[common exploits]. It also provides integration with other libraries to simplify its usage. diff --git a/docs/modules/ROOT/pages/features/integrations/index.adoc b/docs/modules/ROOT/pages/features/integrations/index.adoc index 96f151b5fc..2ba79ad71a 100644 --- a/docs/modules/ROOT/pages/features/integrations/index.adoc +++ b/docs/modules/ROOT/pages/features/integrations/index.adoc @@ -1,13 +1,8 @@ [[integrations]] = Integrations +:page-section-summary-toc: 1 Spring Security provides integrations with numerous frameworks and APIs. In this section, we discuss generic integrations that are not specific to Servlet or Reactive environments. To see specific integrations, refer to the xref:servlet/integrations/index.adoc[Servlet] and xref:servlet/integrations/index.adoc[Reactive] Integrations sections. // FIXME add link to reactive integrations - -* xref:features/integrations/cryptography.adoc[Cryptography] -* xref:features/integrations/data.adoc[Spring Data] -* xref:features/integrations/concurrency.adoc[Java's Concurrency APIs] -* xref:features/integrations/jackson.adoc[Jackson] -* xref:features/integrations/localization.adoc[Localization] diff --git a/docs/modules/ROOT/pages/servlet/authentication/passwords/index.adoc b/docs/modules/ROOT/pages/servlet/authentication/passwords/index.adoc index 49efe3d2da..d461ced251 100644 --- a/docs/modules/ROOT/pages/servlet/authentication/passwords/index.adoc +++ b/docs/modules/ROOT/pages/servlet/authentication/passwords/index.adoc @@ -1,27 +1,9 @@ [[servlet-authentication-unpwd]] = Username/Password Authentication +:page-section-summary-toc: 1 :figures: images/servlet/authentication/unpwd :icondir: images/icons One of the most common ways to authenticate a user is by validating a username and password. As such, Spring Security provides comprehensive support for authenticating with a username and password. -[[servlet-authentication-unpwd-input]] -== Reading the Username & Password - -Spring Security provides the following built in mechanisms for reading a username and password from the `HttpServletRequest`: - -* xref:servlet/authentication/passwords/form.adoc#servlet-authentication-form[Form Login] -* xref:servlet/authentication/passwords/basic.adoc#servlet-authentication-basic[Basic Authentication] -* xref:servlet/authentication/passwords/digest.adoc#servlet-authentication-digest[Digest Authentication] - -[[servlet-authentication-unpwd-storage]] -== Storage Mechanisms - -Each of the supported mechanisms for reading a username and password can leverage any of the supported storage mechanisms: - -* Simple Storage with xref:servlet/authentication/passwords/in-memory.adoc#servlet-authentication-inmemory[In-Memory Authentication] -* Relational Databases with xref:servlet/authentication/passwords/jdbc.adoc#servlet-authentication-jdbc[JDBC Authentication] -* Custom data stores with xref:servlet/authentication/passwords/user-details-service.adoc#servlet-authentication-userdetailsservice[UserDetailsService] -* LDAP storage with xref:servlet/authentication/passwords/ldap.adoc#servlet-authentication-ldap[LDAP Authentication] - diff --git a/docs/modules/ROOT/pages/servlet/authentication/passwords/input.adoc b/docs/modules/ROOT/pages/servlet/authentication/passwords/input.adoc new file mode 100644 index 0000000000..8be7400570 --- /dev/null +++ b/docs/modules/ROOT/pages/servlet/authentication/passwords/input.adoc @@ -0,0 +1,5 @@ +[[servlet-authentication-unpwd-input]] += Reading the Username & Password +:page-section-summary-toc: 1 + +Spring Security provides the following built in mechanisms for reading a username and password from the `HttpServletRequest`: diff --git a/docs/modules/ROOT/pages/servlet/authentication/passwords/storage.adoc b/docs/modules/ROOT/pages/servlet/authentication/passwords/storage.adoc new file mode 100644 index 0000000000..0462818a28 --- /dev/null +++ b/docs/modules/ROOT/pages/servlet/authentication/passwords/storage.adoc @@ -0,0 +1,11 @@ +[[servlet-authentication-unpwd-storage]] += Storage Mechanisms +:page-section-summary-toc: 1 + +Each of the supported mechanisms for reading a username and password can leverage any of the supported storage mechanisms: + +* Simple Storage with xref:servlet/authentication/passwords/in-memory.adoc#servlet-authentication-inmemory[In-Memory Authentication] +* Relational Databases with xref:servlet/authentication/passwords/jdbc.adoc#servlet-authentication-jdbc[JDBC Authentication] +* Custom data stores with xref:servlet/authentication/passwords/user-details-service.adoc#servlet-authentication-userdetailsservice[UserDetailsService] +* LDAP storage with xref:servlet/authentication/passwords/ldap.adoc#servlet-authentication-ldap[LDAP Authentication] + diff --git a/docs/modules/ROOT/pages/servlet/authorization/index.adoc b/docs/modules/ROOT/pages/servlet/authorization/index.adoc index fec5d6b31f..847871e362 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/index.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/index.adoc @@ -1,15 +1,11 @@ [[servlet-authorization]] = Authorization +:page-section-summary-toc: 1 + The advanced authorization capabilities within Spring Security represent one of the most compelling reasons for its popularity. Irrespective of how you choose to authenticate - whether using a Spring Security-provided mechanism and provider, or integrating with a container or other non-Spring Security authentication authority - you will find the authorization services can be used within your application in a consistent and simple way. In this part we'll explore the different `AbstractSecurityInterceptor` implementations, which were introduced in Part I. We then move on to explore how to fine-tune authorization through use of domain access control lists. -* xref:servlet/authorization/architecture.adoc[leveloffset=+1] -* xref:servlet/authorization/authorize-requests.adoc[leveloffset=+1] -* xref:servlet/authorization/expression-based.adoc[] -* xref:servlet/authorization/secure-objects.adoc[] -* xref:servlet/authorization/method-security.adoc[] -* xref:servlet/authorization/acls.adoc[] diff --git a/docs/modules/ROOT/pages/servlet/exploits/index.adoc b/docs/modules/ROOT/pages/servlet/exploits/index.adoc index 71c3a5eeb9..cbf59862a7 100644 --- a/docs/modules/ROOT/pages/servlet/exploits/index.adoc +++ b/docs/modules/ROOT/pages/servlet/exploits/index.adoc @@ -1,9 +1,5 @@ [[servlet-exploits]] = Protection Against Exploits +:page-section-summary-toc: 1 This section discusses Servlet specific support for xref:features/exploits/index.adoc#exploits[Spring Security's protection against common exploits]. - -* xref:servlet/exploits/csrf.adoc[] -* xref:servlet/exploits/headers.adoc[] -* xref:servlet/exploits/http.adoc[] -* xref:servlet/exploits/firewall.adoc[] diff --git a/docs/modules/ROOT/pages/servlet/index.adoc b/docs/modules/ROOT/pages/servlet/index.adoc index 5c8f216973..d220d83ad7 100644 --- a/docs/modules/ROOT/pages/servlet/index.adoc +++ b/docs/modules/ROOT/pages/servlet/index.adoc @@ -1,4 +1,5 @@ [[servlet-applications]] = Servlet Applications +:page-section-summary-toc: 1 Spring Security integrates with the Servlet Container by using a standard Servlet `Filter`. This means it works with any application that runs in a Servlet Container. More concretely, you do not need to use Spring in your Servlet-based application to take advantage of Spring Security. diff --git a/docs/modules/ROOT/pages/servlet/integrations/index.adoc b/docs/modules/ROOT/pages/servlet/integrations/index.adoc index 0e549ff221..8b8d1eb581 100644 --- a/docs/modules/ROOT/pages/servlet/integrations/index.adoc +++ b/docs/modules/ROOT/pages/servlet/integrations/index.adoc @@ -1,10 +1,5 @@ = Integrations +:page-section-summary-toc: 1 Spring Security integrates with numerous frameworks and APIs. In this section, we discuss Spring Security integration with: - -* xref:servlet/integrations/servlet-api.adoc[Servlet APIs] -* xref:servlet/integrations/mvc.adoc[Spring MVC] -* xref:servlet/integrations/websocket.adoc[WebSocket] -* xref:servlet/integrations/cors.adoc[Spring's CORS Support] -* xref:servlet/integrations/jsp-taglibs.adoc[JSP Taglib] diff --git a/docs/modules/ROOT/pages/servlet/test/index.adoc b/docs/modules/ROOT/pages/servlet/test/index.adoc index c6597e2aa8..f3491f5d08 100644 --- a/docs/modules/ROOT/pages/servlet/test/index.adoc +++ b/docs/modules/ROOT/pages/servlet/test/index.adoc @@ -1,5 +1,6 @@ [[test]] = Testing +:page-section-summary-toc: 1 This section describes the testing support provided by Spring Security. @@ -7,5 +8,3 @@ To use the Spring Security test support, you must include `spring-security-test- At a high level Spring Security's test support provides integration for: -* xref:servlet/test/method.adoc[Method Security] - provides test support for Spring Security's method security. -* xref:servlet/test/mockmvc.adoc[MockMvc] - Provides test support to integrate with Spring's `MockMvc`.