4 anni fa · d2affef356
--- a/docs/antora.yml
+++ b/docs/antora.yml
@@ -8,7 +8,6 @@ asciidoc:
 
															     idprefix: ''
														
 
															     idseparator: '-'
														
 
															     apacheds-core-version: 1.5.5
														
 
															-    figures: servlet/architecture
														
 
															     gh-old-samples-url: https://github.com/spring-projects/spring-security/tree/5.4.x/samples
														
 
															     gh-samples-url: https://github.com/spring-projects/spring-security-samples/tree/main
														
 
															     gh-url: https://github.com/spring-projects/spring-security/tree/main
														
--- a/docs/modules/ROOT/assets/images/Authentication.gif
+++ b/docs/modules/ROOT/assets/images/Authentication.gif
--- a/docs/modules/ROOT/assets/images/icons/number_1.png
+++ b/docs/modules/ROOT/assets/images/icons/number_1.png
--- a/docs/modules/ROOT/assets/images/icons/number_10.png
+++ b/docs/modules/ROOT/assets/images/icons/number_10.png
--- a/docs/modules/ROOT/assets/images/icons/number_2.png
+++ b/docs/modules/ROOT/assets/images/icons/number_2.png
--- a/docs/modules/ROOT/assets/images/icons/number_3.png
+++ b/docs/modules/ROOT/assets/images/icons/number_3.png
--- a/docs/modules/ROOT/assets/images/icons/number_4.png
+++ b/docs/modules/ROOT/assets/images/icons/number_4.png
--- a/docs/modules/ROOT/assets/images/icons/number_5.png
+++ b/docs/modules/ROOT/assets/images/icons/number_5.png
--- a/docs/modules/ROOT/assets/images/icons/number_6.png
+++ b/docs/modules/ROOT/assets/images/icons/number_6.png
--- a/docs/modules/ROOT/assets/images/icons/number_7.png
+++ b/docs/modules/ROOT/assets/images/icons/number_7.png
--- a/docs/modules/ROOT/assets/images/icons/number_8.png
+++ b/docs/modules/ROOT/assets/images/icons/number_8.png
--- a/docs/modules/ROOT/assets/images/icons/number_9.png
+++ b/docs/modules/ROOT/assets/images/icons/number_9.png
--- a/docs/modules/ROOT/assets/images/icons/numbers.odg
+++ b/docs/modules/ROOT/assets/images/icons/numbers.odg
--- a/docs/modules/ROOT/assets/images/note.png
+++ b/docs/modules/ROOT/assets/images/note.png
--- a/docs/modules/ROOT/assets/images/palette.otg
+++ b/docs/modules/ROOT/assets/images/palette.otg
--- a/docs/modules/ROOT/assets/images/s2-banner-rhs.png
+++ b/docs/modules/ROOT/assets/images/s2-banner-rhs.png
--- a/docs/modules/ROOT/assets/images/s2_box_logo.png
+++ b/docs/modules/ROOT/assets/images/s2_box_logo.png
--- a/docs/modules/ROOT/assets/images/security-interception.graffle
+++ b/docs/modules/ROOT/assets/images/security-interception.graffle
--- a/docs/modules/ROOT/assets/images/security-interception.png
+++ b/docs/modules/ROOT/assets/images/security-interception.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/delegatingfilterproxy.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/delegatingfilterproxy.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/delegatingfilterproxy.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/delegatingfilterproxy.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/exceptiontranslationfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/exceptiontranslationfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/exceptiontranslationfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/exceptiontranslationfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.gif
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.gif
--- a/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/filterchain.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/filterchainproxy.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/filterchainproxy.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/filterchainproxy.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/filterchainproxy.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/multi-securityfilterchain.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/multi-securityfilterchain.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/multi-securityfilterchain.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/multi-securityfilterchain.png
--- a/docs/modules/ROOT/assets/images/servlet/architecture/securityfilterchain.odg
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/securityfilterchain.odg
--- a/docs/modules/ROOT/assets/images/servlet/architecture/securityfilterchain.png
+++ b/docs/modules/ROOT/assets/images/servlet/architecture/securityfilterchain.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager-parent.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager-parent.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager-parent.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager-parent.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanager.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanagers-parent.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanagers-parent.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanagers-parent.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/providermanagers-parent.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/securitycontextholder.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/securitycontextholder.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/architecture/securitycontextholder.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/architecture/securitycontextholder.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationentrypoint.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationentrypoint.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationentrypoint.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationentrypoint.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/basicauthenticationfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/daoauthenticationprovider.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/daoauthenticationprovider.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/daoauthenticationprovider.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/daoauthenticationprovider.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/loginurlauthenticationentrypoint.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/loginurlauthenticationentrypoint.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/loginurlauthenticationentrypoint.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/loginurlauthenticationentrypoint.png
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/usernamepasswordauthenticationfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/usernamepasswordauthenticationfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/usernamepasswordauthenticationfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/authentication/unpwd/usernamepasswordauthenticationfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/authorization/access-decision-voting.graffle
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/access-decision-voting.graffle
--- a/docs/modules/ROOT/assets/images/servlet/authorization/access-decision-voting.png
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/access-decision-voting.png
--- a/docs/modules/ROOT/assets/images/servlet/authorization/after-invocation.graffle
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/after-invocation.graffle
--- a/docs/modules/ROOT/assets/images/servlet/authorization/after-invocation.png
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/after-invocation.png
--- a/docs/modules/ROOT/assets/images/servlet/authorization/filtersecurityinterceptor.odg
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/filtersecurityinterceptor.odg
--- a/docs/modules/ROOT/assets/images/servlet/authorization/filtersecurityinterceptor.png
+++ b/docs/modules/ROOT/assets/images/servlet/authorization/filtersecurityinterceptor.png
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/beareraccessdeniedhandler.odg
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/beareraccessdeniedhandler.odg
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/bearerauthenticationentrypoint.odg
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/bearerauthenticationentrypoint.odg
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/bearerauthenticationentrypoint.png
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/bearerauthenticationentrypoint.png
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/bearertokenauthenticationfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/bearertokenauthenticationfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/bearertokenauthenticationfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/bearertokenauthenticationfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/jwtauthenticationprovider.odg
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/jwtauthenticationprovider.odg
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/jwtauthenticationprovider.png
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/jwtauthenticationprovider.png
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/opaquetokenauthenticationprovider.odg
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/opaquetokenauthenticationprovider.odg
--- a/docs/modules/ROOT/assets/images/servlet/oauth2/opaquetokenauthenticationprovider.png
+++ b/docs/modules/ROOT/assets/images/servlet/oauth2/opaquetokenauthenticationprovider.png
--- a/docs/modules/ROOT/assets/images/servlet/saml2/opensamlauthenticationprovider.odg
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/opensamlauthenticationprovider.odg
--- a/docs/modules/ROOT/assets/images/servlet/saml2/opensamlauthenticationprovider.png
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/opensamlauthenticationprovider.png
--- a/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationfilter.png
--- a/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationrequestfilter.odg
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationrequestfilter.odg
--- a/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationrequestfilter.png
+++ b/docs/modules/ROOT/assets/images/servlet/saml2/saml2webssoauthenticationrequestfilter.png
--- a/docs/modules/ROOT/assets/images/tip.png
+++ b/docs/modules/ROOT/assets/images/tip.png
--- a/docs/modules/ROOT/pages/servlet/architecture/index.adoc
+++ b/docs/modules/ROOT/pages/servlet/architecture/index.adoc
@@ -1,7 +1,6 @@
 
															 [[servlet-architecture]]
														
 
															 = Servlet Security: The Big Picture
														
 
															-:figures: images/servlet/architecture
														
 
															-:icondir: images/icons
														
 
															+:figures: servlet/architecture
														
 
															 This section discusses Spring Security's high level architecture within Servlet based applications.
														
 
															 We build on this high level understanding within <<servlet-authentication>>, <<servlet-authorization>>, <<servlet-exploits>> sections of the reference.
														
--- a/docs/modules/ROOT/pages/servlet/authentication/architecture/index.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/architecture/index.adoc
@@ -1,7 +1,6 @@
 
															 [[servlet-authentication-architecture]]
														
 
															 = Servlet Authentication Architecture
														
 
															-:figures: images/servlet/authentication/architecture
														
 
															-:icondir: images/icons
														
 
															+:figures: servlet/authentication/architecture
														
 
															 This discussion expands on <<servlet-architecture>> to describe the main architectural components of Spring Security's used in Servlet authentication.
														
 
															 If you need concrete flows that explain how these pieces fit together, look at the <<servlet-authentication-mechanisms,Authentication Mechanism>> specific sections.
														
@@ -20,6 +19,7 @@ This also gives a good idea of the high level flow of authentication and how pie
 
															 [[servlet-authentication-securitycontextholder]]
														
 
															 == SecurityContextHolder
														
 
															+Hi {figures} there
														
 
															 At the heart of Spring Security's authentication model is the `SecurityContextHolder`.
														
 
															 It contains the <<servlet-authentication-securitycontext>>.
														
--- a/docs/modules/ROOT/pages/servlet/authentication/unpwd/basic.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/unpwd/basic.adoc
@@ -1,5 +1,6 @@
 
															 [[servlet-authentication-basic]]
														
 
															 = Basic Authentication
														
 
															+:figures: servlet/authentication/unpwd
														
 
															 This section provides details on how Spring Security provides support for https://tools.ietf.org/html/rfc7617[Basic HTTP Authentication] for servlet based applications.
														
 
															 // FIXME: describe authenticationentrypoint, authenticationfailurehandler, authenticationsuccesshandler
														
--- a/docs/modules/ROOT/pages/servlet/authentication/unpwd/dao-authentication-provider.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/unpwd/dao-authentication-provider.adoc
@@ -1,5 +1,6 @@
 
															 [[servlet-authentication-daoauthenticationprovider]]
														
 
															 = DaoAuthenticationProvider
														
 
															+:figures: servlet/authentication/unpwd
														
 
															 {security-api-url}org/springframework/security/authentication/dao/DaoAuthenticationProvider.html[`DaoAuthenticationProvider`] is an <<servlet-authentication-authenticationprovider,`AuthenticationProvider`>> implementation that leverages a <<servlet-authentication-userdetailsservice,`UserDetailsService`>> and <<servlet-authentication-password-storage,`PasswordEncoder`>> to authenticate a username and password.
														
--- a/docs/modules/ROOT/pages/servlet/authentication/unpwd/form.adoc
+++ b/docs/modules/ROOT/pages/servlet/authentication/unpwd/form.adoc
@@ -1,5 +1,6 @@
 
															 [[servlet-authentication-form]]
														
 
															 = Form Login
														
 
															+:figures: servlet/authentication/unpwd
														
 
															 Spring Security provides support for username and password being provided through an html form.
														
 
															 This section provides details on how form based authentication works within Spring Security.
														
--- a/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc
+++ b/docs/modules/ROOT/pages/servlet/authorization/architecture.adoc
@@ -2,7 +2,7 @@
 
															 [[authz-arch]]
														
 
															 = Authorization Architecture
														
 
															-
														
 
															+:figures: servlet/authorization
														
 
															 [[authz-authorities]]
														
 
															 == Authorities
														
@@ -70,7 +70,7 @@ Whilst users can implement their own `AccessDecisionManager` to control all aspe
 
															 [[authz-access-voting]]
														
 
															 .Voting Decision Manager
														
 
															-image::images/access-decision-voting.png[]
														
 
															+image::{figures}/access-decision-voting.png[]
														
@@ -140,7 +140,7 @@ Whilst you could easily implement your own AOP concern to achieve this, Spring S
 
															 [[authz-after-invocation]]
														
 
															 .After Invocation Implementation
														
 
															-image::images/after-invocation.png[]
														
 
															+image::{figures}/after-invocation.png[]
														
 
															 Like many other parts of Spring Security, `AfterInvocationManager` has a single concrete implementation, `AfterInvocationProviderManager`, which polls a list of ``AfterInvocationProvider``s.
														
 
															 Each `AfterInvocationProvider` is allowed to modify the return object or throw an `AccessDeniedException`.
														
--- a/docs/modules/ROOT/pages/servlet/authorization/authorize-requests.adoc
+++ b/docs/modules/ROOT/pages/servlet/authorization/authorize-requests.adoc
@@ -1,7 +1,6 @@
 
															 [[servlet-authorization-filtersecurityinterceptor]]
														
 
															 = Authorize HttpServletRequest with FilterSecurityInterceptor
														
 
															-:figures: images/servlet/authorization
														
 
															-:icondir: images/icons
														
 
															+:figures: servlet/authorization
														
 
															 This section builds on <<servlet-architecture,Servlet Architecture and Implementation>> by digging deeper into how <<servlet-authorization,authorization>> works within Servlet based applications.
														
--- a/docs/modules/ROOT/pages/servlet/oauth2/oauth2-resourceserver.adoc
+++ b/docs/modules/ROOT/pages/servlet/oauth2/oauth2-resourceserver.adoc
@@ -1,7 +1,6 @@
 
															 [[oauth2resourceserver]]
														
 
															 = OAuth 2.0 Resource Server
														
 
															-:figures: images/servlet/oauth2
														
 
															-:icondir: images/icons
														
 
															+:figures: servlet/oauth2
														
 
															 Spring Security supports protecting endpoints using two forms of OAuth 2.0 https://tools.ietf.org/html/rfc6750.html[Bearer Tokens]:
														
--- a/docs/modules/ROOT/pages/servlet/saml2/index.adoc
+++ b/docs/modules/ROOT/pages/servlet/saml2/index.adoc
@@ -1,13 +1,12 @@
 
															 [[servlet-saml2]]
														
 
															 = SAML2
														
 
															+:figures: servlet/saml2
														
 
															 Spring Security provides comprehensive SAML 2 support.
														
 
															 This section discusses how to integrate SAML 2 into your servlet based application.
														
 
															 [[servlet-saml2login]]
														
 
															 == SAML 2.0 Login
														
 
															-:figures: images/servlet/saml2
														
 
															-:icondir: images/icons
														
 
															 The SAML 2.0 Login feature provides an application with the capability to act as a SAML 2.0 Relying Party, having users https://wiki.shibboleth.net/confluence/display/CONCEPT/FlowsAndConfig[log in] to the application by using their existing account at a SAML 2.0 Asserting Party (Okta, ADFS, etc).