首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

SEC-1888: Improving the doc on (not) using multiple annotation types in the same class.

Luke Taylor 13 年之前
父节点
f97463cdb5
当前提交
b493afa18c
共有 1 个文件被更改,包括 12 次插入4 次删除
分列视图 显示文件统计
  1. 12 4
      docs/manual/src/docbook/namespace-config.xml

+ 12 - 4
docs/manual/src/docbook/namespace-config.xml
查看文件 

@@ -880,14 +880,20 @@ List&lt;OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
 
    }
 
         </programlisting>Expression-based
 
                 annotations are a good choice if you need to define simple rules that go beyond
 
-                checking the role names against the user's list of authorities. You can enable more
 
-                than one type of annotation in the same application, but you should avoid mixing
 
-                annotations types in the same interface or class to avoid confusion. <note>
 
+                checking the role names against the user's list of authorities. <note>
 
                 <para>The annotated methods will only be secured for instances which are defined as
 
                     Spring beans (in the same application context in which method-security is
 
                     enabled). If you want to secure instances which are not created by Spring (using
 
                     the <literal>new</literal> operator, for example) then you need to use AspectJ.
 
                 </para>
 
+            </note>
 
+                <note>
 
+                    <para>
 
+                    You can enable more than one type of annotation in the same application, but
 
+                    only one type should be used for any interface or class as the behaviour will not
 
+                    be well-defined otherwise. If two annotations are found which apply to a particular
 
+                    method, then only one of them will be applied.
 
+                </para>
 
                 </note> </para>
 
             <section xml:id="ns-protect-pointcut">
 
                 <title>Adding Security Pointcuts using <literal>protect-pointcut</literal></title>
 
@@ -904,7 +910,9 @@ List&lt;OpenIDAttribute> attributes = token.getAttributes();</programlisting>The
 
                     whose class names end in "Service". Only users with the
 
                     <literal>ROLE_USER</literal> role will be able to invoke these methods. As with
 
                     URL matching, the most specific matches must come first in the list of
 
-                    pointcuts, as the first matching expression will be used. </para>
 
+                    pointcuts, as the first matching expression will be used. Security
 
+                    annotations take precedence over pointcuts.
 
+                    </para>
 
             </section>
 
         </section>
 
     </section>