From 8e38b7ede6756feda759db28f876f70d484e4320 Mon Sep 17 00:00:00 2001
From: Rossen Stoyanchev <rstoyanchev@gopivotal.com>
Date: Tue, 29 Jul 2014 16:55:33 -0400
Subject: [PATCH] Add section on web security

Issue: SPR-6125
---
 src/asciidoc/index.adoc | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/asciidoc/index.adoc b/src/asciidoc/index.adoc
index 489090f193..7dd7c9211d 100644
--- a/src/asciidoc/index.adoc
+++ b/src/asciidoc/index.adoc
@@ -31703,6 +31703,24 @@ or in a JSP:
 ----
 
 
+[[mvc-web-security]]
+=== Web Security
+
+The http://projects.spring.io/spring-security/[Spring Security] project provides features
+to protect web applications from malicious exploits. Check out the reference documentation in the sections on
+http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#csrf["CSRF protection"],
+http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#headers["Security Response Headers"], and also
+http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#mvc["Spring MVC Integration"].
+Note that using Spring Security to secure the application is not necessarily required for all features.
+For example CSRF protection can be added simply by adding the `CsrfFilter` and
+`CsrfRequestDataValueProcessor` to your configuration. See the
+https://github.com/spring-projects/spring-mvc-showcase/commit/361adc124c05a8187b84f25e8a57550bb7d9f8e4[Spring MVC Showcase]
+for an example.
+
+Another option is to use a framework dedicated to Web Security.
+http://hdiv.org/[HDIV] is one such framework and integrates with Spring MVC.
+
+
 
 
 [[mvc-coc]]
@@ -32882,8 +32900,6 @@ declaration.
 
 
 
-
-
 [[view]]
 == View technologies