|
|
@@ -23,7 +23,7 @@ Finally, welcome to the Spring Security <<community,community>>.
|
|
|
|
|
|
|
|
|
[[getting-started]]
|
|
|
-= Getting Started
|
|
|
+== Getting Started
|
|
|
The later parts of this guide provide an in-depth discussion of the framework architecture and implementation classes, which you need to understand if you want to do any serious customization. In this part, we'll introduce Spring Security 4.0, give a brief overview of the project's history and take a slightly gentler look at how to get started using the framework. In particular, we'll look at namespace configuration which provides a much simpler way of securing your application compared to the traditional Spring bean approach where you have to wire up all the implementation classes individually.
|
|
|
|
|
|
We'll also take a look at the sample applications that are available. It's worth trying to run these and experimenting with them a bit even before you read the later sections - you can dip back into them as your understanding of the framework increases. Please also check out the http://spring.io/spring-security[project website] as it has useful information on building the project, plus links to articles, videos and tutorials.
|
|
|
@@ -1357,7 +1357,7 @@ If you want to use a database, then you can use
|
|
|
</authentication-manager>
|
|
|
----
|
|
|
|
|
|
-Where "securityDataSource" is the name of a `DataSource` bean in the application context, pointing at a database containing the standard Spring Security <<db_schema_users_authorities,user data tables>>. Alternatively, you could configure a Spring Security `JdbcDaoImpl` bean and point at that using the `user-service-ref` attribute:
|
|
|
+Where "securityDataSource" is the name of a `DataSource` bean in the application context, pointing at a database containing the standard Spring Security <<user-schema,user data tables>>. Alternatively, you could configure a Spring Security `JdbcDaoImpl` bean and point at that using the `user-service-ref` attribute:
|
|
|
|
|
|
[source,xml]
|
|
|
----
|
|
|
@@ -3328,7 +3328,7 @@ The last step is to ensure that you include the CSRF token in all PATCH, POST, P
|
|
|
</form>
|
|
|
----
|
|
|
|
|
|
-An easier approach is to use <<the-csrfInput-tag,the csrfInput tag>> from the Spring Security JSP tag library.
|
|
|
+An easier approach is to use <<the-csrfinput-tag,the csrfInput tag>> from the Spring Security JSP tag library.
|
|
|
|
|
|
[NOTE]
|
|
|
====
|
|
|
@@ -7597,7 +7597,7 @@ If disabled, the X-Frame-Options header will not be included. Default false.
|
|
|
* **policy**
|
|
|
** `DENY` The page cannot be displayed in a frame, regardless of the site attempting to do so. This is the default when frame-options-policy is specified.
|
|
|
** `SAMEORIGIN` The page can only be displayed in a frame on the same origin as the page itself
|
|
|
-** `ALLOW-FROM` <<nsa-frame-options-origin,origin>> The page can only be displayed in a frame on the specified origin.
|
|
|
+** `ALLOW-FROM origin` The page can only be displayed in a frame on the specified origin.
|
|
|
|
|
|
+
|
|
|
|
Rob Winch