Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Minor rewording of "child web context" FAQ.

Luke Taylor 14 years ago
parent
bb3b8e4683
commit
3a3b2df1c5
1 changed files with 17 additions and 8 deletions
Unified View Show Diff Stats
  1. 17 8
      docs/faq/src/docbook/faq.xml

+ 17 - 8
docs/faq/src/docbook/faq.xml
View File 

@@ -326,14 +326,23 @@
 
                     element to my application context but if I add security annotations to my
 
                     element to my application context but if I add security annotations to my
 
                     Spring MVC controller beans (Struts actions etc.) then they don't seem to
 
                     Spring MVC controller beans (Struts actions etc.) then they don't seem to
 
                     have an effect.</para></question>
 
                     have an effect.</para></question>
 
-                <answer><para> The application context which holds the Spring MVC beans for the
 
-                    dispatcher servlet is a child application context of the main application
 
-                    context which is loaded using the
 
-                    <classname>ContextLoaderListener</classname> you define in your
 
-                    <filename>web.xml</filename>. The beans in the child context are not
 
-                    visible in the parent context so you need to either move the
 
-                    &lt;global-method-security&gt; declaration to the web context or moved the
 
-                    beans you want secured into the main application context.
 
+                <answer><para> In a Spring web application, the application context which
 
+                    holds the Spring MVC beans for the dispatcher servlet is often separate from the main
 
+                    application context. It is often defined in a file called
 
+                    <literal>myapp-servlet.xml</literal>, where <quote>myapp</quote> is the name
 
+                    assigned to the Spring <classname>DispatcherServlet</classname> in <filename>web.xml</filename>.
 
+                    An application can have multiple <classname>DispatcherServlet</classname>s, each with its own
 
+                    isolated application context. The beans in these <quote>child</quote> contexts are not
 
+                    visible to the rest of the application. The <quote>parent</quote> application context is
 
+                    loaded by the <classname>ContextLoaderListener</classname> you define in your
 
+                    <filename>web.xml</filename> and is visible to all the child contexts. This parent context is
 
+                    usually where you define your security configuration, including the
 
+                    <literal>&lt;global-method-security&gt;</literal> element). As a result
 
+                    any security constraints applied to methods in these web beans will not be enforced,
 
+                    since the beans cannot be seen from the <classname>DispatcherServlet</classname> context.
 
+                    You need to either move the <literal>&lt;global-method-security&gt;</literal>
 
+                    declaration to the web context or moved the beans you want secured into the main
 
+                    application context.
 
                 </para><para>Generally we would recommend applying method security at the
 
                 </para><para>Generally we would recommend applying method security at the
 
                     service layer rather than on individual web controllers.</para></answer>
 
                     service layer rather than on individual web controllers.</para></answer>
 
             </qandaentry>
 
             </qandaentry>