Each section of Spring Security's reference manual should be reviewed in consideration of the following structure:
- Start with "what to do"
- show code samples that cover 90% of applications
- show testing what was added
- link to relevant Spring Security Sample commit diffs
- link to the next relevant documentation step(s)
- Follow with "how it works"
- use diagrams to explain workflows
- include tradeoffs and security principles
- show tabular information
- Follow with 10% usage
and the following principles:
- Linked "what to dos" should make progressive sense together
- Use headers for contextual linking
- Favor the latest recommendations
- Explain deprecated recommendations relative to the benefits of the latest ones
- Not have outdated recommendations
- Use XML/Java/Kotlin tabs
- Link to other Spring projects; Framework, Data, Boot, MVC, etc.
Here are the sections that are planned so far: - [x] #13062 - [x] #12601 - [ ] #13088 - [x] #13089 - [ ] #13090 - [ ] OAuth 2.0 Resource Server - [ ] #14944 - [ ] Authentication - [ ] Response Headers - [ ] Firewall - [ ] Remember Me