4 年之前 · d2affef356
--- a/docs/antora.yml
+++ b/docs/antora.yml
@@ -8,7 +8,6 @@ asciidoc:
 
				     idprefix: ''
			
 
				     idseparator: '-'
			
 
				     apacheds-core-version: 1.5.5
			
 
				-    figures: servlet/architecture
			
 
				     gh-old-samples-url: https://github.com/spring-projects/spring-security/tree/5.4.x/samples
			
 
				     gh-samples-url: https://github.com/spring-projects/spring-security-samples/tree/main
			
 
				     gh-url: https://github.com/spring-projects/spring-security/tree/main
			
--- a/docs/modules/ROOT/assets/images/Authentication.gif
+++ b/docs/modules/ROOT/assets/images/Authentication.gif
--- a/docs/modules/ROOT/assets/images/icons/number_1.png
+++ b/docs/modules/ROOT/assets/images/icons/number_1.png
--- a/docs/modules/ROOT/assets/images/icons/number_10.png
+++ b/docs/modules/ROOT/assets/images/icons/number_10.png
--- a/docs/modules/ROOT/assets/images/icons/number_2.png
+++ b/docs/modules/ROOT/assets/images/icons/number_2.png
--- a/docs/modules/ROOT/assets/images/icons/number_3.png
+++ b/docs/modules/ROOT/assets/images/icons/number_3.png
--- a/docs/modules/ROOT/assets/images/icons/number_4.png
+++ b/docs/modules/ROOT/assets/images/icons/number_4.png
--- a/docs/modules/ROOT/assets/images/icons/number_5.png
+++ b/docs/modules/ROOT/assets/images/icons/number_5.png
--- a/docs/modules/ROOT/assets/images/icons/number_6.png
+++ b/docs/modules/ROOT/assets/images/icons/number_6.png
--- a/docs/modules/ROOT/assets/images/icons/number_7.png
+++ b/docs/modules/ROOT/assets/images/icons/number_7.png
--- a/docs/modules/ROOT/assets/images/icons/number_8.png
+++ b/docs/modules/ROOT/assets/images/icons/number_8.png
--- a/docs/modules/ROOT/assets/images/icons/number_9.png
+++ b/docs/modules/ROOT/assets/images/icons/number_9.png
--- a/docs/modules/ROOT/assets/images/icons/numbers.odg
+++ b/docs/modules/ROOT/assets/images/icons/numbers.odg
--- a/docs/modules/ROOT/assets/images/note.png
+++ b/docs/modules/ROOT/assets/images/note.png
--- a/docs/modules/ROOT/assets/images/palette.otg
+++ b/docs/modules/ROOT/assets/images/palette.otg
--- a/docs/modules/ROOT/assets/images/s2-banner-rhs.png
+++ b/docs/modules/ROOT/assets/images/s2-banner-rhs.png
--- a/docs/modules/ROOT/assets/images/s2_box_logo.png
+++ b/docs/modules/ROOT/assets/images/s2_box_logo.png
--- a/docs/modules/ROOT/assets/images/security-interception.graffle
+++ b/docs/modules/ROOT/assets/images/security-interception.graffle
--- a/docs/modules/ROOT/assets/images/security-interception.png
+++ b/docs/modules/ROOT/assets/images/security-interception.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/delegatingfilterproxy.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/delegatingfilterproxy.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/delegatingfilterproxy.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/delegatingfilterproxy.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/exceptiontranslationfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/exceptiontranslationfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/exceptiontranslationfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/exceptiontranslationfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.gif
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.gif
--- a/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/filterchainproxy.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/filterchainproxy.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/filterchainproxy.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/filterchainproxy.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/multi-securityfilterchain.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/multi-securityfilterchain.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/multi-securityfilterchain.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/multi-securityfilterchain.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/securityfilterchain.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/securityfilterchain.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/securityfilterchain.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/securityfilterchain.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager-parent.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager-parent.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager-parent.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager-parent.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanagers-parent.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanagers-parent.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanagers-parent.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanagers-parent.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/securitycontextholder.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/securitycontextholder.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/securitycontextholder.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/securitycontextholder.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationentrypoint.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationentrypoint.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationentrypoint.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationentrypoint.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/daoauthenticationprovider.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/daoauthenticationprovider.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/daoauthenticationprovider.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/daoauthenticationprovider.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/loginurlauthenticationentrypoint.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/loginurlauthenticationentrypoint.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/loginurlauthenticationentrypoint.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/loginurlauthenticationentrypoint.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/usernamepasswordauthenticationfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/usernamepasswordauthenticationfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/usernamepasswordauthenticationfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/usernamepasswordauthenticationfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/authorization/access-decision-voting.graffle
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/access-decision-voting.graffle
--- a/docs/modules/ROOT/assets/images/servlet/authorization/access-decision-voting.png
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/access-decision-voting.png
--- a/docs/modules/ROOT/assets/images/servlet/authorization/after-invocation.graffle
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/after-invocation.graffle
--- a/docs/modules/ROOT/assets/images/servlet/authorization/after-invocation.png
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/after-invocation.png
--- a/docs/modules/ROOT/assets/images/servlet/authorization/filtersecurityinterceptor.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/filtersecurityinterceptor.odg
--- a/docs/modules/ROOT/assets/images/servlet/authorization/filtersecurityinterceptor.png
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/filtersecurityinterceptor.png
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/beareraccessdeniedhandler.odg
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/beareraccessdeniedhandler.odg
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/bearerauthenticationentrypoint.odg
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/bearerauthenticationentrypoint.odg
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/bearerauthenticationentrypoint.png
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/bearerauthenticationentrypoint.png
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/bearertokenauthenticationfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/bearertokenauthenticationfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/bearertokenauthenticationfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/bearertokenauthenticationfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/jwtauthenticationprovider.odg
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/jwtauthenticationprovider.odg
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/jwtauthenticationprovider.png
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/jwtauthenticationprovider.png
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/opaquetokenauthenticationprovider.odg
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/opaquetokenauthenticationprovider.odg
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/opaquetokenauthenticationprovider.png
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/opaquetokenauthenticationprovider.png
--- a/docs/modules/ROOT/assets/images/servlet/saml2/opensamlauthenticationprovider.odg
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/opensamlauthenticationprovider.odg
--- a/docs/modules/ROOT/assets/images/servlet/saml2/opensamlauthenticationprovider.png
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/opensamlauthenticationprovider.png
--- a/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationrequestfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationrequestfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationrequestfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationrequestfilter.png
--- a/docs/modules/ROOT/assets/images/tip.png
+++ b/docs/modules/ROOT/assets/images/tip.png
--- a/docs/modules/ROOT/pages/servlet/architecture/index.adoc
+++ b/docs/modules/ROOT/pages/servlet/architecture/index.adoc
@@ -1,7 +1,6 @@
 
				 [[servlet-architecture]]
			
 
				 = Servlet Security: The Big Picture
			
 
				-:figures: images/servlet/architecture
			
 
				-:icondir: images/icons
			
 
				+:figures: servlet/architecture
			
 
				 
			
 
				 This section discusses Spring Security's high level architecture within Servlet based applications.
			
 
				 We build on this high level understanding within <<servlet-authentication>>, <<servlet-authorization>>, <<servlet-exploits>> sections of the reference.
			
--- a/docs/modules/ROOT/pages/servlet/authentication/architecture/index.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/architecture/index.adoc
@@ -1,7 +1,6 @@
 
				 [[servlet-authentication-architecture]]
			
 
				 = Servlet Authentication Architecture
			
 
				-:figures: images/servlet/authentication/architecture
			
 
				-:icondir: images/icons
			
 
				+:figures: servlet/authentication/architecture
			
 
				 
			
 
				 This discussion expands on <<servlet-architecture>> to describe the main architectural components of Spring Security's used in Servlet authentication.
			
 
				 If you need concrete flows that explain how these pieces fit together, look at the <<servlet-authentication-mechanisms,Authentication Mechanism>> specific sections.
			
@@ -20,6 +19,7 @@ This also gives a good idea of the high level flow of authentication and how pie
 
				 [[servlet-authentication-securitycontextholder]]
			
 
				 == SecurityContextHolder
			
 
				 
			
 
				+Hi {figures} there
			
 
				 
			
 
				 At the heart of Spring Security's authentication model is the `SecurityContextHolder`.
			
 
				 It contains the <<servlet-authentication-securitycontext>>.
			
--- a/docs/modules/ROOT/pages/servlet/authentication/unpwd/basic.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/unpwd/basic.adoc
@@ -1,5 +1,6 @@
 
				 [[servlet-authentication-basic]]
			
 
				 = Basic Authentication
			
 
				+:figures: servlet/authentication/unpwd
			
 
				 
			
 
				 This section provides details on how Spring Security provides support for https://tools.ietf.org/html/rfc7617[Basic HTTP Authentication] for servlet based applications.
			
 
				 // FIXME: describe authenticationentrypoint, authenticationfailurehandler, authenticationsuccesshandler
			
--- a/docs/modules/ROOT/pages/servlet/authentication/unpwd/dao-authentication-provider.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/unpwd/dao-authentication-provider.adoc
@@ -1,5 +1,6 @@
 
				 [[servlet-authentication-daoauthenticationprovider]]
			
 
				 = DaoAuthenticationProvider
			
 
				+:figures: servlet/authentication/unpwd
			
 
				 
			
 
				 {security-api-url}org/springframework/security/authentication/dao/DaoAuthenticationProvider.html[`DaoAuthenticationProvider`] is an <<servlet-authentication-authenticationprovider,`AuthenticationProvider`>> implementation that leverages a <<servlet-authentication-userdetailsservice,`UserDetailsService`>> and <<servlet-authentication-password-storage,`PasswordEncoder`>> to authenticate a username and password.
			
 
				 
			
--- a/docs/modules/ROOT/pages/servlet/authentication/unpwd/form.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/unpwd/form.adoc
@@ -1,5 +1,6 @@
 
				 [[servlet-authentication-form]]
			
 
				 = Form Login
			
 
				+:figures: servlet/authentication/unpwd
			
 
				 
			
 
				 Spring Security provides support for username and password being provided through an html form.
			
 
				 This section provides details on how form based authentication works within Spring Security.
			
--- a/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc
+++ b/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc
@@ -2,7 +2,7 @@
 
				 
			
 
				 [[authz-arch]]
			
 
				 = Authorization Architecture
			
 
				-
			
 
				+:figures: servlet/authorization
			
 
				 
			
 
				 [[authz-authorities]]
			
 
				 == Authorities
			
@@ -70,7 +70,7 @@ Whilst users can implement their own `AccessDecisionManager` to control all aspe
 
				 
			
 
				 [[authz-access-voting]]
			
 
				 .Voting Decision Manager
			
 
				-image::images/access-decision-voting.png[]
			
 
				+image::{figures}/access-decision-voting.png[]
			
 
				 
			
 
				 
			
 
				 
			
@@ -140,7 +140,7 @@ Whilst you could easily implement your own AOP concern to achieve this, Spring S
 
				 
			
 
				 [[authz-after-invocation]]
			
 
				 .After Invocation Implementation
			
 
				-image::images/after-invocation.png[]
			
 
				+image::{figures}/after-invocation.png[]
			
 
				 
			
 
				 Like many other parts of Spring Security, `AfterInvocationManager` has a single concrete implementation, `AfterInvocationProviderManager`, which polls a list of ``AfterInvocationProvider``s.
			
 
				 Each `AfterInvocationProvider` is allowed to modify the return object or throw an `AccessDeniedException`.
			
--- a/docs/modules/ROOT/pages/servlet/authorization/authorize-requests.adoc
+++ b/docs/modules/ROOT/pages/servlet/authorization/authorize-requests.adoc
@@ -1,7 +1,6 @@
 
				 [[servlet-authorization-filtersecurityinterceptor]]
			
 
				 = Authorize HttpServletRequest with FilterSecurityInterceptor
			
 
				-:figures: images/servlet/authorization
			
 
				-:icondir: images/icons
			
 
				+:figures: servlet/authorization
			
 
				 
			
 
				 This section builds on <<servlet-architecture,Servlet Architecture and Implementation>> by digging deeper into how <<servlet-authorization,authorization>> works within Servlet based applications.
			
 
				 
			
--- a/docs/modules/ROOT/pages/servlet/oauth2/oauth2-resourceserver.adoc
+++ b/docs/modules/ROOT/pages/servlet/oauth2/oauth2-resourceserver.adoc
@@ -1,7 +1,6 @@
 
				 [[oauth2resourceserver]]
			
 
				 = OAuth 2.0 Resource Server
			
 
				-:figures: images/servlet/oauth2
			
 
				-:icondir: images/icons
			
 
				+:figures: servlet/oauth2
			
 
				 
			
 
				 Spring Security supports protecting endpoints using two forms of OAuth 2.0 https://tools.ietf.org/html/rfc6750.html[Bearer Tokens]:
			
 
				 
			
--- a/docs/modules/ROOT/pages/servlet/saml2/index.adoc
+++ b/docs/modules/ROOT/pages/servlet/saml2/index.adoc
@@ -1,13 +1,12 @@
 
				 [[servlet-saml2]]
			
 
				 = SAML2
			
 
				+:figures: servlet/saml2
			
 
				 
			
 
				 Spring Security provides comprehensive SAML 2 support.
			
 
				 This section discusses how to integrate SAML 2 into your servlet based application.
			
 
				 
			
 
				 [[servlet-saml2login]]
			
 
				 == SAML 2.0 Login
			
 
				-:figures: images/servlet/saml2
			
 
				-:icondir: images/icons
			
 
				 
			
 
				 The SAML 2.0 Login feature provides an application with the capability to act as a SAML 2.0 Relying Party, having users https://wiki.shibboleth.net/confluence/display/CONCEPT/FlowsAndConfig[log in] to the application by using their existing account at a SAML 2.0 Asserting Party (Okta, ADFS, etc).