Security Documentation Cleanup

- Add link to Spring Security's Global Method Security Java Configuration - Fix link to SecurityProperties - Add link to SECURITY Common application properties - Remove unnecessary @Order from SecurityConfiguration - Change method signature for @Autowired AuthenticationManagerBuilder to compile / match Spring docs

Security Documentation Cleanup
- Add link to Spring Security's Global Method Security Java Configuration - Fix link to SecurityProperties - Add link to SECURITY Common application properties - Remove unnecessary @Order from SecurityConfiguration - Change method signature for @Autowired AuthenticationManagerBuilder to compile / match Spring docs
f852096c · Rob Winch · Phillip Webb · d42bedf2 · f852096c · f852096c
Commit f852096c authored Mar 24, 2014 by Rob Winch Committed by Phillip Webb Mar 24, 2014
3 changed files
--- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
+++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@@ -80,6 +80,7 @@ spring.thymeleaf.cache=true # set to false for hot refresh
 spring.messages.basename=messages
 spring.messages.encoding=UTF-8

+[[common-application-properties-security]]
 # SECURITY ({sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[SecurityProperties])
 security.user.name=user # login username
 security.user.password= # login password

--- a/spring-boot-docs/src/main/asciidoc/howto.adoc
+++ b/spring-boot-docs/src/main/asciidoc/howto.adoc
@@ -1101,11 +1101,15 @@ Look at {sc-spring-boot-actuator}/autoconfigure/ErrorMvcAutoConfiguration.{sc-ex
 If Spring Security is on the classpath then web applications will be secure by default
 (``basic'' authentication on all endpoints) . To add method-level security to a web
 application you can simply `@EnableGlobalMethodSecurity` with your desired settings.
+Additional information can be found in the {spring-security-reference}#jc-method[Spring
+Security Reference].

 The default `AuthenticationManager` has a single user (username ``user'' and password
 random, printed at INFO level when the application starts up). You can change the
 password by providing a `security.user.password`. This and other useful properties
-are externalized via {sc-spring-boot-autoconfigure}/security/SecurityProperties{sc-ext}[`SecurityProperties`.
+are externalized via
+{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`].
+


 [[howto-switch-off-spring-boot-security-configuration]]
@@ -1114,7 +1118,8 @@ If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your appl
 it will switch off the default webapp security settings in Spring Boot. To tweak the
 defaults try setting properties in `security.*` (see
 {sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]
-for details of available settings).
+for details of available settings) and `SECURITY` section of
+<<common-application-properties-security,Common application properties>>.



@@ -1132,12 +1137,12 @@ use this in a webapp is to inject it into a void method in a
 [source,java,indent=0,subs="verbatim,quotes,attributes"]
 ----
 	@Configuration
-	@Order(0)
 	public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

 		@Autowired
-		protected void init(AuthenticationManagerBuilder builder) {
-				builder.inMemoryAuthentication().withUser("barry"); // ...  etc.
+		public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+				auth.inMemoryAuthentication()
+					.withUser("barry").password("password").roles("USER"); // ...  etc.
 		}

 		// ... other stuff for application security
@@ -1145,9 +1150,6 @@ use this in a webapp is to inject it into a void method in a
 	}
 ----

-The configuration class that does this should declare an `@Order` so that it is used
-before the default one in Spring Boot (which has very low precedence).
-


 [[howto-enable-https]]

--- a/spring-boot-docs/src/main/asciidoc/index.adoc
+++ b/spring-boot-docs/src/main/asciidoc/index.adoc
 = Spring Boot Reference Guide
-Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll;
+Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll; Rob Winch;
 :doctype: book
 :toc:
 :toclevels: 4
@@ -24,6 +24,7 @@ Phillip Webb; Dave Syer; Josh Long; Stéphane Nicoll;
 :dc-spring-boot-autoconfigure: {dc-root}/org/springframework/boot/autoconfigure
 :dc-spring-boot-actuator: {dc-root}/org/springframework/boot/actuate
 :spring-reference: http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle
+:spring-security-reference: http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle
 :spring-javadoc: http://docs.spring.io/spring/docs/current/javadoc-api/org/springframework
 :spring-data-javadoc: http://docs.spring.io/spring-data/jpa/docs/current/api/org/springframework/data/jpa
 :spring-data-commons-javadoc: http://docs.spring.io/spring-data/commons/docs/current/api/org/springframework/data