Open
Description
Each section of Spring Security's reference manual should be reviewed in consideration of the following structure:
- Start with "what to do"
- show code samples that cover 90% of applications
- show testing what was added
- link to relevant Spring Security Sample commit diffs
- link to the next relevant documentation step(s)
- Follow with "how it works"
- use diagrams to explain workflows
- include tradeoffs and security principles
- show tabular information
- Follow with 10% usage
and the following principles:
- Linked "what to dos" should make progressive sense together
- Use headers for contextual linking
- Favor the latest recommendations
- Explain deprecated recommendations relative to the benefits of the latest ones
- Not have outdated recommendations
- Use XML/Java/Kotlin tabs
- Link to other Spring projects; Framework, Data, Boot, MVC, etc.
Here are the sections that are planned so far:
- Revisit Logout Documentation #13062
- Revisit Session Management docs #12601
- Revisit Authorization Documentation #13088
- Revisit CSRF Documentation #13089
- Revisit OAuth 2.0 Client Documentation #13090
- OAuth 2.0 Resource Server
- Revisit SAML 2.0 Service Provider Documentation #14944
- Authentication
- Response Headers
- Firewall
- Remember Me