Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge branch '5.7.x' into 5.8.x

Closes gh-12286
Marcus Da Coregio 2 years ago
parent
87c074fc26 9b3f834bff
commit
5db7ac4ce3
3 changed files with 3 additions and 5 deletions
Unified View Show Diff Stats
  1. BIN
      docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.odg
  2. BIN
      docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.png
  3. 3 5
      docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc

BIN
docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.odg
View File


BIN
docs/modules/ROOT/assets/images/servlet/authorization/authorizationfilter.png
View File


+ 3 - 5
docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
View File 

@@ -48,12 +48,10 @@ image::{figures}/authorizationfilter.png[]
 
 
 
 * image:{icondir}/number_1.png[] First, the `AuthorizationFilter` obtains an  xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[Authentication] from the xref:servlet/authentication/architecture.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder].
 
 * image:{icondir}/number_1.png[] First, the `AuthorizationFilter` obtains an  xref:servlet/authentication/architecture.adoc#servlet-authentication-authentication[Authentication] from the xref:servlet/authentication/architecture.adoc#servlet-authentication-securitycontextholder[SecurityContextHolder].
 
 It wraps this in an `Supplier` in order to delay lookup.
 
 It wraps this in an `Supplier` in order to delay lookup.
 
-* image:{icondir}/number_2.png[] Second, `AuthorizationFilter` creates a {security-api-url}org/springframework/security/web/FilterInvocation.html[`FilterInvocation`] from the `HttpServletRequest`, `HttpServletResponse`, and `FilterChain`.
 
-// FIXME: link to FilterInvocation
 
-* image:{icondir}/number_3.png[] Next, it passes the `Supplier<Authentication>` and `FilterInvocation` to the xref:servlet/architecture.adoc#authz-authorization-manager[`AuthorizationManager`].
 
-** image:{icondir}/number_4.png[] If authorization is denied, an `AccessDeniedException` is thrown.
 
+* image:{icondir}/number_2.png[] Second, it passes the `Supplier<Authentication>` and the `HttpServletRequest` to the xref:servlet/architecture.adoc#authz-authorization-manager[`AuthorizationManager`].
 
+** image:{icondir}/number_3.png[] If authorization is denied, an `AccessDeniedException` is thrown.
 
 In this case the xref:servlet/architecture.adoc#servlet-exceptiontranslationfilter[`ExceptionTranslationFilter`] handles the `AccessDeniedException`.
 
 In this case the xref:servlet/architecture.adoc#servlet-exceptiontranslationfilter[`ExceptionTranslationFilter`] handles the `AccessDeniedException`.
 
-** image:{icondir}/number_5.png[] If access is granted, `AuthorizationFilter` continues with the xref:servlet/architecture.adoc#servlet-filters-review[FilterChain] which allows the application to process normally.
 
+** image:{icondir}/number_4.png[] If access is granted, `AuthorizationFilter` continues with the xref:servlet/architecture.adoc#servlet-filters-review[FilterChain] which allows the application to process normally.
 
 
 
 We can configure Spring Security to have different rules by adding more rules in order of precedence.
 
 We can configure Spring Security to have different rules by adding more rules in order of precedence.