Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Minor rewording of "child web context" FAQ.

Luke Taylor 14 years ago
parent
bb3b8e4683
commit
3a3b2df1c5
1 changed files with 17 additions and 8 deletions
Split View Show Diff Stats
  1. 17 8
      docs/faq/src/docbook/faq.xml

+ 17 - 8
docs/faq/src/docbook/faq.xml
View File 

@@ -326,14 +326,23 @@
 
                     element to my application context but if I add security annotations to my
 
                     Spring MVC controller beans (Struts actions etc.) then they don't seem to
 
                     have an effect.</para></question>
 
-                <answer><para> The application context which holds the Spring MVC beans for the
 
-                    dispatcher servlet is a child application context of the main application
 
-                    context which is loaded using the
 
-                    <classname>ContextLoaderListener</classname> you define in your
 
-                    <filename>web.xml</filename>. The beans in the child context are not
 
-                    visible in the parent context so you need to either move the
 
-                    &lt;global-method-security&gt; declaration to the web context or moved the
 
-                    beans you want secured into the main application context.
 
+                <answer><para> In a Spring web application, the application context which
 
+                    holds the Spring MVC beans for the dispatcher servlet is often separate from the main
 
+                    application context. It is often defined in a file called
 
+                    <literal>myapp-servlet.xml</literal>, where <quote>myapp</quote> is the name
 
+                    assigned to the Spring <classname>DispatcherServlet</classname> in <filename>web.xml</filename>.
 
+                    An application can have multiple <classname>DispatcherServlet</classname>s, each with its own
 
+                    isolated application context. The beans in these <quote>child</quote> contexts are not
 
+                    visible to the rest of the application. The <quote>parent</quote> application context is
 
+                    loaded by the <classname>ContextLoaderListener</classname> you define in your
 
+                    <filename>web.xml</filename> and is visible to all the child contexts. This parent context is
 
+                    usually where you define your security configuration, including the
 
+                    <literal>&lt;global-method-security&gt;</literal> element). As a result
 
+                    any security constraints applied to methods in these web beans will not be enforced,
 
+                    since the beans cannot be seen from the <classname>DispatcherServlet</classname> context.
 
+                    You need to either move the <literal>&lt;global-method-security&gt;</literal>
 
+                    declaration to the web context or moved the beans you want secured into the main
 
+                    application context.
 
                 </para><para>Generally we would recommend applying method security at the
 
                     service layer rather than on individual web controllers.</para></answer>
 
             </qandaentry>