Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge branch '5.8.x' into 6.0.x

Closes gh-12287
Marcus Da Coregio 2 years ago
parent
3f2bade4f1 5db7ac4ce3
commit
3e0e532ed7
3 changed files with 3 additions and 5 deletions
Unified View Show Diff Stats
  1. BIN
      docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.odg
  2. BIN
      docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.png
  3. 3 5
      docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc

BIN
docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.odg
View File


BIN
docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.png
View File


+ 3 - 5
docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
View File 

@@ -48,12 +48,10 @@ image::{figures}/authorizationfilter.png[]
 
 
 
 * image:{icondir}/number_1.png[] First, the `AuthorizationFilter` obtains an  xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[Authentication] from the xref:servlet/authentication/architecture.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder].
 
 * image:{icondir}/number_1.png[] First, the `AuthorizationFilter` obtains an  xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[Authentication] from the xref:servlet/authentication/architecture.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder].
 
 It wraps this in an `Supplier` in order to delay lookup.
 
 It wraps this in an `Supplier` in order to delay lookup.
 
-* image:{icondir}/number_2.png[] Second, `AuthorizationFilter` creates a {security-api-url}org/springframework/security/web/FilterInvocation.html[`FilterInvocation`] from the `HttpServletRequest`, `HttpServletResponse`, and `FilterChain`.
 
-// FIXME: link to FilterInvocation
 
-* image:{icondir}/number_3.png[] Next, it passes the `Supplier<Authentication>` and `FilterInvocation` to the xref:servlet/architecture.adoc#authz-authorization-manager[`AuthorizationManager`].
 
-** image:{icondir}/number_4.png[] If authorization is denied, an `AccessDeniedException` is thrown.
 
+* image:{icondir}/number_2.png[] Second, it passes the `Supplier<Authentication>` and the `HttpServletRequest` to the xref:servlet/architecture.adoc#authz-authorization-manager[`AuthorizationManager`].
 
+** image:{icondir}/number_3.png[] If authorization is denied, an `AccessDeniedException` is thrown.
 
 In this case the xref:servlet/architecture.adoc#servlet-exceptiontranslationfilter[`ExceptionTranslationFilter`] handles the `AccessDeniedException`.
 
 In this case the xref:servlet/architecture.adoc#servlet-exceptiontranslationfilter[`ExceptionTranslationFilter`] handles the `AccessDeniedException`.
 
-** image:{icondir}/number_5.png[] If access is granted, `AuthorizationFilter` continues with the xref:servlet/architecture.adoc#servlet-filters-review[FilterChain] which allows the application to process normally.
 
+** image:{icondir}/number_4.png[] If access is granted, `AuthorizationFilter` continues with the xref:servlet/architecture.adoc#servlet-filters-review[FilterChain] which allows the application to process normally.
 
 
 
 We can configure Spring Security to have different rules by adding more rules in order of precedence.
 
 We can configure Spring Security to have different rules by adding more rules in order of precedence.