diff --git a/framework-docs/src/docs/asciidoc/attributes.adoc b/framework-docs/src/docs/asciidoc/attributes.adoc index 8f94a35c0a..321eaf5cd3 100644 --- a/framework-docs/src/docs/asciidoc/attributes.adoc +++ b/framework-docs/src/docs/asciidoc/attributes.adoc @@ -1,4 +1,4 @@ -:chomp: default headers packages +:chomp: default headers packages :docs-site: https://docs.spring.io // Spring Framework :docs-spring-framework: {docs-site}/spring-framework/docs/{spring-version} @@ -10,8 +10,9 @@ // Spring portfolio Links :docs-spring-boot: {docs-site}/spring-boot/docs/current/reference :docs-spring-gemfire: {docs-site}/spring-gemfire/docs/current/reference +:docs-spring-security: {docs-site}/spring-security/reference // Third-party Links +:docs-graalvm: https://www.graalvm.org/22.3/reference-manual :gh-rsocket: https://github.com/rsocket :gh-rsocket-extensions: {gh-rsocket}/rsocket/blob/master/Extensions :gh-rsocket-java: {gh-rsocket}/rsocket-java -:doc-graalvm: https://www.graalvm.org/22.3/reference-manual diff --git a/framework-docs/src/docs/asciidoc/core/core-aot.adoc b/framework-docs/src/docs/asciidoc/core/core-aot.adoc index 56e955c299..331f94b8c4 100644 --- a/framework-docs/src/docs/asciidoc/core/core-aot.adoc +++ b/framework-docs/src/docs/asciidoc/core/core-aot.adoc @@ -272,7 +272,7 @@ include::code:SpellCheckServiceTests[tag=hintspredicates] With `RuntimeHintsPredicates`, we can check for reflection, resource, serialization or proxy generation hints. This approach works well for unit tests but implies that the runtime behavior of a component is well known. -You can learn more about the global runtime behavior of an application by running its test suite (or the app itself) with the {doc-graalvm}/native-image/metadata/AutomaticMetadataCollection/[GraalVM tracing agent]. +You can learn more about the global runtime behavior of an application by running its test suite (or the app itself) with the {docs-graalvm}/native-image/metadata/AutomaticMetadataCollection/[GraalVM tracing agent]. This agent will record all relevant calls requiring GraalVM hints at runtime and write them out as JSON configuration files. For more targeted discovery and testing, Spring Framework ships a dedicated module with core AOT testing utilities, `"org.springframework:spring-core-test"`. diff --git a/framework-docs/src/docs/asciidoc/core/core-beans.adoc b/framework-docs/src/docs/asciidoc/core/core-beans.adoc index 544817bce3..6091b139b3 100644 --- a/framework-docs/src/docs/asciidoc/core/core-beans.adoc +++ b/framework-docs/src/docs/asciidoc/core/core-beans.adoc @@ -113,10 +113,10 @@ For information about using other forms of metadata with the Spring container, s provided by the Spring JavaConfig project became part of the core Spring Framework. Thus, you can define beans external to your application classes by using Java rather than XML files. To use these new features, see the - https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/context/annotation/Configuration.html[`@Configuration`], - https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/context/annotation/Bean.html[`@Bean`], - https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/context/annotation/Import.html[`@Import`], - and https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/context/annotation/DependsOn.html[`@DependsOn`] annotations. + {api-spring-framework}/context/annotation/Configuration.html[`@Configuration`], + {api-spring-framework}/context/annotation/Bean.html[`@Bean`], + {api-spring-framework}/context/annotation/Import.html[`@Import`], + and {api-spring-framework}/context/annotation/DependsOn.html[`@DependsOn`] annotations. Spring configuration consists of at least one and typically more than one bean definition that the container must manage. XML-based configuration metadata configures these diff --git a/framework-docs/src/docs/asciidoc/web/webflux-cors.adoc b/framework-docs/src/docs/asciidoc/web/webflux-cors.adoc index b0c08f9ed6..cb646d9ed6 100644 --- a/framework-docs/src/docs/asciidoc/web/webflux-cors.adoc +++ b/framework-docs/src/docs/asciidoc/web/webflux-cors.adoc @@ -1,6 +1,5 @@ [[webflux-cors]] = CORS -:doc-spring-security: {docs-site}/spring-security/reference [.small]#<># Spring WebFlux lets you handle CORS (Cross-Origin Resource Sharing). This section @@ -310,7 +309,7 @@ You can apply CORS support through the built-in good fit with <>. NOTE: If you try to use the `CorsFilter` with Spring Security, keep in mind that Spring -Security has {doc-spring-security}/servlet/integrations/cors.html[built-in support] for +Security has {docs-spring-security}/servlet/integrations/cors.html[built-in support] for CORS. To configure the filter, you can declare a `CorsWebFilter` bean and pass a diff --git a/framework-docs/src/docs/asciidoc/web/webflux.adoc b/framework-docs/src/docs/asciidoc/web/webflux.adoc index da62ad14a7..a6f37f772d 100644 --- a/framework-docs/src/docs/asciidoc/web/webflux.adoc +++ b/framework-docs/src/docs/asciidoc/web/webflux.adoc @@ -1,7 +1,6 @@ [[webflux]] :chapter: webflux = Spring WebFlux -:doc-spring-security: {docs-site}/spring-security/reference The original web framework included in the Spring Framework, Spring Web MVC, was purpose-built for the Servlet API and Servlet containers. The reactive-stack web framework, @@ -3743,10 +3742,10 @@ The https://spring.io/projects/spring-security[Spring Security] project provides for protecting web applications from malicious exploits. See the Spring Security reference documentation, including: -* {doc-spring-security}/reactive/configuration/webflux.html[WebFlux Security] -* {doc-spring-security}/reactive/test/index.html[WebFlux Testing Support] -* {doc-spring-security}/features/exploits/csrf.html#csrf-protection[CSRF protection] -* {doc-spring-security}/features/exploits/headers.html[Security Response Headers] +* {docs-spring-security}/reactive/configuration/webflux.html[WebFlux Security] +* {docs-spring-security}/reactive/test/index.html[WebFlux Testing Support] +* {docs-spring-security}/features/exploits/csrf.html#csrf-protection[CSRF protection] +* {docs-spring-security}/features/exploits/headers.html[Security Response Headers] diff --git a/framework-docs/src/docs/asciidoc/web/webmvc-cors.adoc b/framework-docs/src/docs/asciidoc/web/webmvc-cors.adoc index c6bf104406..1c2be4c266 100644 --- a/framework-docs/src/docs/asciidoc/web/webmvc-cors.adoc +++ b/framework-docs/src/docs/asciidoc/web/webmvc-cors.adoc @@ -1,6 +1,5 @@ [[mvc-cors]] = CORS -:doc-spring-security: {docs-site}/spring-security/reference [.small]#<># Spring MVC lets you handle CORS (Cross-Origin Resource Sharing). This section @@ -336,7 +335,7 @@ You can apply CORS support through the built-in {api-spring-framework}/web/filter/CorsFilter.html[`CorsFilter`]. NOTE: If you try to use the `CorsFilter` with Spring Security, keep in mind that Spring -Security has {doc-spring-security}/servlet/integrations/cors.html[built-in support] for +Security has {docs-spring-security}/servlet/integrations/cors.html[built-in support] for CORS. To configure the filter, pass a `CorsConfigurationSource` to its constructor, as the diff --git a/framework-docs/src/docs/asciidoc/web/webmvc.adoc b/framework-docs/src/docs/asciidoc/web/webmvc.adoc index 7cd525d46d..d534b837a8 100644 --- a/framework-docs/src/docs/asciidoc/web/webmvc.adoc +++ b/framework-docs/src/docs/asciidoc/web/webmvc.adoc @@ -1,7 +1,6 @@ [[mvc]] :chapter: mvc = Spring Web MVC -:doc-spring-security: {docs-site}/spring-security/reference Spring Web MVC is the original web framework built on the Servlet API and has been included in the Spring Framework from the very beginning. The formal name, "Spring Web MVC," @@ -5073,10 +5072,10 @@ The https://spring.io/projects/spring-security[Spring Security] project provides for protecting web applications from malicious exploits. See the Spring Security reference documentation, including: -* {doc-spring-security}/servlet/integrations/mvc.html[Spring MVC Security] -* {doc-spring-security}/servlet/test/mockmvc/setup.html[Spring MVC Test Support] -* {doc-spring-security}/features/exploits/csrf.html#csrf-protection[CSRF protection] -* {doc-spring-security}/features/exploits/headers.html[Security Response Headers] +* {docs-spring-security}/servlet/integrations/mvc.html[Spring MVC Security] +* {docs-spring-security}/servlet/test/mockmvc/setup.html[Spring MVC Test Support] +* {docs-spring-security}/features/exploits/csrf.html#csrf-protection[CSRF protection] +* {docs-spring-security}/features/exploits/headers.html[Security Response Headers] https://hdiv.org/[HDIV] is another web security framework that integrates with Spring MVC. diff --git a/framework-docs/src/docs/asciidoc/web/websocket.adoc b/framework-docs/src/docs/asciidoc/web/websocket.adoc index bca8732574..191914edde 100644 --- a/framework-docs/src/docs/asciidoc/web/websocket.adoc +++ b/framework-docs/src/docs/asciidoc/web/websocket.adoc @@ -1,6 +1,5 @@ [[websocket]] = WebSockets -:doc-spring-security: {docs-site}/spring-security/reference [.small]#<># This part of the reference documentation covers support for Servlet stack, WebSocket @@ -627,7 +626,7 @@ response. By default, the Spring Security Java configuration sets it to `DENY`. In 3.2, the Spring Security XML namespace does not set that header by default but can be configured to do so. In the future, it may set it by default. -See {doc-spring-security}/features/exploits/headers.html#headers-default[Default Security Headers] +See {docs-spring-security}/features/exploits/headers.html#headers-default[Default Security Headers] of the Spring Security documentation for details on how to configure the setting of the `X-Frame-Options` header. You can also see https://github.com/spring-projects/spring-security/issues/2718[gh-2718] @@ -1811,7 +1810,7 @@ its own implementation of `WebSocketMessageBrokerConfigurer` that is marked with === Authorization Spring Security provides -{doc-spring-security}/servlet/integrations/websocket.html#websocket-authorization[WebSocket sub-protocol authorization] +{docs-spring-security}/servlet/integrations/websocket.html#websocket-authorization[WebSocket sub-protocol authorization] that uses a `ChannelInterceptor` to authorize messages based on the user header in them. Also, Spring Session provides https://docs.spring.io/spring-session/reference/web-socket.html[WebSocket integration]