liangqi
/
spring-framework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add section on web security

Browse Source 
Issue: SPR-6125
master
Rossen Stoyanchev 10 years ago
parent d30174897d
commit 8e38b7ede6
1 changed files with 18 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 20
      src/asciidoc/index.adoc

20
src/asciidoc/index.adoc
Unescape View File

@ -31703,6 +31703,24 @@ or in a JSP:
----
[[mvc-web-security]]
=== Web Security
The http://projects.spring.io/spring-security/[Spring Security] project provides features
to protect web applications from malicious exploits. Check out the reference documentation in the sections on
http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#csrf["CSRF protection"],
http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#headers["Security Response Headers"], and also
http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#mvc["Spring MVC Integration"].
Note that using Spring Security to secure the application is not necessarily required for all features.
For example CSRF protection can be added simply by adding the `CsrfFilter` and
`CsrfRequestDataValueProcessor` to your configuration. See the
https://github.com/spring-projects/spring-mvc-showcase/commit/361adc124c05a8187b84f25e8a57550bb7d9f8e4[Spring MVC Showcase]
for an example.
Another option is to use a framework dedicated to Web Security.
http://hdiv.org/[HDIV] is one such framework and integrates with Spring MVC.
[[mvc-coc]]
@ -32882,8 +32900,6 @@ declaration.
[[view]]
== View technologies

Write Preview
Loading…
Cancel
Save