#18 spring security 文案优化

1e421821 · 茶陵後 · 48d04a5e · 1e421821 · 1e421821 · 1e421821
9 changed file
--- a/docs/.vuepress/config.js
+++ b/docs/.vuepress/config.js
@@ -477,26 +477,115 @@ module.exports = {
                            initialOpenGroupIndex: 0 // 可选的, 默认值是 0
                        }
                    ],
-                    // '/spring-security/': [
-                    //     {
-                    //         title: 'Spring 安全',
-                    //         sidebarDepth: 2,
-                    //         collapsable: false,
-                    //         children: [
-                    //             "/spring-security/overview.md",
-                    //             "/spring-security/prerequisites.md",
-                    //             "/spring-security/community.md",
-                    //             "/spring-security/whats-new.md",
-                    //             "/spring-security/getting-spring-security.md",
-                    //             "/spring-security/features.md",
-                    //             "/spring-security/modules.md",
-                    //             "/spring-security/samples.md",
-                    //             "/spring-security/servlet.md",
-                    //             "/spring-security/reactive.md"
-                    //         ],
-                    //         initialOpenGroupIndex: 0 // 可选的, 默认值是 0
-                    //     }
-                    // ],
+                    '/spring-security/': [
+                        {
+                            title: 'Spring 安全',
+                            sidebarDepth: 2,
+                            collapsable: false,
+                            children: [
+                                "/spring-security/community.md",
+                                "/spring-security/features-authentication-password-storage.md",
+                                "/spring-security/features-authentication.md",
+                                "/spring-security/features-exploits-csrf.md",
+                                "/spring-security/features-exploits-headers.md",
+                                "/spring-security/features-exploits-http.md",
+                                "/spring-security/features-exploits.md",
+                                "/spring-security/features-integrations-concurrency.md",
+                                "/spring-security/features-integrations-cryptography.md",
+                                "/spring-security/features-integrations-data.md",
+                                "/spring-security/features-integrations-jackson.md",
+                                "/spring-security/features-integrations-localization.md",
+                                "/spring-security/features-integrations.md",
+                                "/spring-security/features.md",
+                                "/spring-security/getting-spring-security.md",
+                                "/spring-security/modules.md",
+                                "/spring-security/overview.md",
+                                "/spring-security/prerequisites.md",
+                                "/spring-security/reactive-authentication-logout.md",
+                                "/spring-security/reactive-authentication-x509.md",
+                                "/spring-security/reactive-authorization-authorize-http-requests.md",
+                                "/spring-security/reactive-authorization-method.md",
+                                "/spring-security/reactive-configuration-webflux.md",
+                                "/spring-security/reactive-exploits-csrf.md",
+                                "/spring-security/reactive-exploits-headers.md",
+                                "/spring-security/reactive-exploits-http.md",
+                                "/spring-security/reactive-exploits.md",
+                                "/spring-security/reactive-getting-started.md",
+                                "/spring-security/reactive-integrations-cors.md",
+                                "/spring-security/reactive-integrations-rsocket.md",
+                                "/spring-security/reactive-oauth2-client-authorization-grants.md",
+                                "/spring-security/reactive-oauth2-client-authorized-clients.md",
+                                "/spring-security/reactive-oauth2-client-client-authentication.md",
+                                "/spring-security/reactive-oauth2-client-core.md",
+                                "/spring-security/reactive-oauth2-client.md",
+                                "/spring-security/reactive-oauth2-login-advanced.md",
+                                "/spring-security/reactive-oauth2-login-core.md",
+                                "/spring-security/reactive-oauth2-login.md",
+                                "/spring-security/reactive-oauth2-resource-server-bearer-tokens.md",
+                                "/spring-security/reactive-oauth2-resource-server-jwt.md",
+                                "/spring-security/reactive-oauth2-resource-server-multitenancy.md",
+                                "/spring-security/reactive-oauth2-resource-server-opaque-token.md",
+                                "/spring-security/reactive-oauth2-resource-server.md",
+                                "/spring-security/reactive-oauth2.md",
+                                "/spring-security/reactive-test-method.md",
+                                "/spring-security/reactive-test-web-authentication.md",
+                                "/spring-security/reactive-test-web-csrf.md",
+                                "/spring-security/reactive-test-web-oauth2.md",
+                                "/spring-security/reactive-test-web-setup.md",
+                                "/spring-security/reactive-test-web.md",
+                                "/spring-security/reactive-test.md",
+                                "/spring-security/reactive.md",
+                                "/spring-security/samples.md",
+                                "/spring-security/servlet-appendix-database-schema.md",
+                                "/spring-security/servlet-appendix-faq.md",
+                                "/spring-security/servlet-appendix-namespace-authentication-manager.md",
+                                "/spring-security/servlet-appendix-namespace-http.md",
+                                "/spring-security/servlet-appendix-namespace-ldap.md",
+                                "/spring-security/servlet-appendix-namespace-method-security.md",
+                                "/spring-security/servlet-appendix-namespace-websocket.md",
+                                "/spring-security/servlet-appendix-namespace.md",
+                                "/spring-security/servlet-appendix.md",
+                                "/spring-security/servlet-architecture.md",
+                                "/spring-security/servlet-authentication-anonymous.md",
+                                "/spring-security/servlet-authentication-architecture.md",
+                                "/spring-security/servlet-authentication-cas.md",
+                                "/spring-security/servlet-authentication-events.md",
+                                "/spring-security/servlet-authentication-jaas.md",
+                                "/spring-security/servlet-authentication-logout.md",
+                                "/spring-security/servlet-authentication-openid.md",
+                                "/spring-security/servlet-authentication-passwords-basic.md",
+                                "/spring-security/servlet-authentication-passwords-digest.md",
+                                "/spring-security/servlet-authentication-passwords-form.md",
+                                "/spring-security/servlet-authentication-passwords-input.md",
+                                "/spring-security/servlet-authentication-passwords-storage-dao-authentication-provider.md",
+                                "/spring-security/servlet-authentication-passwords-storage-in-memory.md",
+                                "/spring-security/servlet-authentication-passwords-storage-jdbc.md",
+                                "/spring-security/servlet-authentication-passwords-storage-ldap.md",
+                                "/spring-security/servlet-authentication-passwords-storage-password-encoder.md",
+                                "/spring-security/servlet-authentication-passwords-storage-user-details-service.md",
+                                "/spring-security/servlet-authentication-passwords-storage-user-details.md",
+                                "/spring-security/servlet-authentication-passwords-storage.md",
+                                "/spring-security/servlet-authentication-passwords.md",
+                                "/spring-security/servlet-authentication-preauth.md",
+                                "/spring-security/servlet-authentication-rememberme.md",
+                                "/spring-security/servlet-authentication-runas.md",
+                                "/spring-security/servlet-authentication-session-management.md",
+                                "/spring-security/servlet-authentication-x509.md",
+                                "/spring-security/servlet-authentication.md",
+                                "/spring-security/servlet-authorization-.md",
+                                "/spring-security/servlet-authorization-acls.md",
+                                "/spring-security/servlet-authorization-architecture.md",
+                                "/spring-security/servlet-authorization-authorize-http-requests.md",
+                                "/spring-security/servlet-authorization-authorize-requests.md",
+                                "/spring-security/servlet-authorization-expression-based.md",
+                                "/spring-security/servlet-authorization-method-security.md",
+                                "/spring-security/servlet-authorization-secure-objects.md",
+                                "/spring-security/servlet-configuration-java.md",
+                                "/spring-security/servlet-configuration-kotlin.md"
+                            ],
+                            initialOpenGroupIndex: 0 // 可选的, 默认值是 0
+                        }
+                    ],

                    '/spring-for-graphql/': [
                        {

--- a/docs/spring-security/servlet-architecture.md
+++ b/docs/spring-security/servlet-architecture.md
@@ -6,7 +6,7 @@

 Spring 安全性的 Servlet 支持是基于 Servlet `Filter`s 的，因此通常首先查看`Filter`s 的作用是有帮助的。下图显示了单个 HTTP 请求的处理程序的典型分层。

-![滤清链](../_images/servlet/architecture/filterchain.png)
+![滤清链](https://docs.spring.io/spring-security/reference/_images/servlet/architecture/filterchain.png)

 图 1。滤清链

@@ -48,7 +48,7 @@ Spring 提供了名为[`Filter`]（https://DOCS. Spring.io/ Spring-framework/DOC

 下面是一张`DelegatingFilterProxy`如何与[`Filter`s 和`FilterChain`]（# Servlet-filters-review）相匹配的图片。

-![委托过滤代理](../_images/servlet/architecture/delegatingfilterproxy.png)
+![委托过滤代理](https://docs.spring.io/spring-security/reference/_images/servlet/architecture/delegatingfilterproxy.png)

 图 2。委托过滤代理

@@ -86,7 +86,7 @@ fun doFilter(request: ServletRequest, response: ServletResponse, chain: FilterCh

 Spring Security 的 Servlet 支持包含在`FilterChainProxy`中。`FilterChainProxy`是 Spring Security 提供的一种特殊的`Filter`，它允许通过[`证券过滤链`]（# Servlet-SecurityFilterchain）将许多`Filter`实例委托给多个实例。由于`FilterChainProxy`是 Bean，因此它通常被包装在[委托过滤代理](#servlet-delegatingfilterproxy)中。

-![FilterchainProxy ](../_images/servlet/architecture/filterchainproxy.png)
+![FilterchainProxy ](https://docs.spring.io/spring-security/reference/_images/servlet/architecture/filterchainproxy.png)

 图 3。FilterchainProxy

@@ -94,7 +94,7 @@ Spring Security 的 Servlet 支持包含在`FilterChainProxy`中。`FilterChainP

 [`SecurityFilterChain`]（https://DOCS. Spring.io/ Spring-security/site/DOCS/5.6.2/api/org/springframework/security/web/securityfilterchain.html）被[FilterchainProxy ](#servlet-filterchainproxy)用于确定应该为此请求调用哪个 Spring security`Filter`s。

-![证券过滤链](../_images/servlet/architecture/securityfilterchain.png)
+![证券过滤链](https://docs.spring.io/spring-security/reference/_images/servlet/architecture/securityfilterchain.png)

 图 4。证券过滤链

@@ -106,7 +106,7 @@ Spring Security 的 Servlet 支持包含在`FilterChainProxy`中。`FilterChainP

 事实上，`FilterChainProxy`可以用来确定应该使用哪些`SecurityFilterChain`。这允许为应用程序的不同*切片*提供完全独立的配置。

-![多证券过滤链](../_images/servlet/architecture/multi-securityfilterchain.png)
+![多证券过滤链](https://docs.spring.io/spring-security/reference/_images/servlet/architecture/multi-securityfilterchain.png)

 图 5。多重证券过滤链

@@ -190,11 +190,11 @@ Spring Security 的 Servlet 支持包含在`FilterChainProxy`中。`FilterChainP

 `ExceptionTranslationFilter`作为[安全过滤器](#servlet-security-filters)中的一个插入到[FilterchainProxy ](#servlet-filterchainproxy)中。

-![ExceptionTranslationFilter ](../_images/servlet/architecture/exceptiontranslationfilter.png)
+![ExceptionTranslationFilter ](https://docs.spring.io/spring-security/reference/_images/servlet/architecture/exceptiontranslationfilter.png)

-* ![number 1](../_images/icons/number_1.png)首先，`ExceptionTranslationFilter`调用`FilterChain.doFilter(request, response)`来调用应用程序的其余部分。
+* ![number 1](https://docs.spring.io/spring-security/reference/_images/icons/number_1.png)首先，`ExceptionTranslationFilter`调用`FilterChain.doFilter(request, response)`来调用应用程序的其余部分。

-* ![number 2](../_images/icons/number_2.png)如果用户没有经过身份验证，或者它是`AuthenticationException`，那么*启动身份验证*。
+* ![number 2](https://docs.spring.io/spring-security/reference/_images/icons/number_2.png)如果用户没有经过身份验证，或者它是`AuthenticationException`，那么*启动身份验证*。

  * [SecurityContextholder ](authentication/architecture.html#servlet-authentication-securitycontextholder)已清除

@@ -202,7 +202,7 @@ Spring Security 的 Servlet 支持包含在`FilterChainProxy`中。`FilterChainP

  * `AuthenticationEntryPoint`用于从客户机请求凭据。例如，它可能重定向到一个登录页面，或者发送一个`WWW-Authenticate`头。

-* ![number 3](../_images/icons/number_3.png)否则如果是`AccessDeniedException`，则*访问被拒绝*。调用`AccessDeniedHandler`来处理拒绝访问。
+* ![number 3](https://docs.spring.io/spring-security/reference/_images/icons/number_3.png)否则如果是`AccessDeniedException`，则*访问被拒绝*。调用`AccessDeniedHandler`来处理拒绝访问。

 |   |如果应用程序不抛出`AccessDeniedException`或`AuthenticationException`，则`ExceptionTranslationFilter`不执行任何操作。|
 |---|-----------------------------------------------------------------------------------------------------------------------------------------------------|

--- a/docs/spring-security/servlet-authentication-architecture.md
+++ b/docs/spring-security/servlet-authentication-architecture.md
@@ -26,7 +26,7 @@ hi Servlet/身份验证/体系结构

 Spring 安全性的身份验证模型的核心是`SecurityContextHolder`。它包含[SecurityContext](#servlet-authentication-securitycontext)。

-![SecurityContextholder](../../_images/servlet/authentication/architecture/securitycontextholder.png)
+![SecurityContextholder](https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/securitycontextholder.png)

 在`SecurityContextHolder`中， Spring 安全性存储了谁是[已认证](../../features/authentication/index.html#authentication)的详细信息。 Spring 安全性并不关心`SecurityContextHolder`是如何填充的。如果它包含一个值，那么它将被用作当前经过身份验证的用户。

@@ -126,17 +126,17 @@ val authorities = authentication.authorities

 [`ProviderManager`]（https://DOCS. Spring.io/ Spring-security/site/DOCS/5.6.2/api/org/springframework/security/authentication/providermanager.html）是最常用的[`AuthenticationManager`]（# Servlet-authentication-authentication manager）的实现。`ProviderManager`委托给[`List`的[`身份验证提供者`s]（# Servlet-authenticentication-authenticationprov 每个`AuthenticationProvider`都有机会指示身份验证应该成功、失败或指示它不能做出决定，并允许下游`AuthenticationProvider`进行决定。如果所有配置的`AuthenticationProvider`都不能进行身份验证，则使用`ProviderNotFoundException`进行身份验证将失败，这是一个特殊的`AuthenticationException`，表示`ProviderManager`未配置为支持传递到它的`Authentication`类型。

-![ProviderManager](../../_images/servlet/authentication/architecture/providermanager.png)
+![ProviderManager](https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/providermanager.png)

 在实践中，每个`AuthenticationProvider`都知道如何执行特定类型的身份验证。例如，一个`AuthenticationProvider`可能能够验证用户名/密码，而另一个可能能够验证 SAML 断言。这允许每个`AuthenticationProvider`执行非常特定类型的身份验证，同时支持多种类型的身份验证，并且只公开单个`AuthenticationManager` Bean。

 `ProviderManager`还允许配置一个可选的父`AuthenticationManager`，在没有`AuthenticationProvider`可以执行身份验证的情况下，可以查询该父`AuthenticationManager`。父可以是`AuthenticationManager`的任何类型，但它通常是`ProviderManager`的实例。

-![ProviderManager 母公司](../../_images/servlet/authentication/architecture/providermanager-parent.png)
+![ProviderManager 母公司](https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/providermanager-parent.png)

 实际上，多个`ProviderManager`实例可能共享同一个父`AuthenticationManager`。在多个[`SecurityFilterChain`]（../architecture.html# Servlet-securityfilterchain）实例具有一些共同的身份验证（共享的父`AuthenticationManager`）的场景中，这种情况有些常见，但也存在不同的身份验证机制（不同的`ProviderManager`实例）。

-![ProviderManagers 母公司](../../_images/servlet/authentication/architecture/providermanagers-parent.png)
+![ProviderManagers 母公司](https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/providermanagers-parent.png)

 默认情况下，`ProviderManager`将尝试清除由成功的身份验证请求返回的`Authentication`对象中的任何敏感凭据信息。这可以防止像密码这样的信息在`HttpSession`中保留的时间超过必要的时间。

@@ -160,13 +160,13 @@ val authorities = authentication.authorities

 接下来，`AbstractAuthenticationProcessingFilter`可以对提交给它的任何身份验证请求进行身份验证。

-![抽象处理过滤器](../../_images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.png)
+![抽象处理过滤器](https://docs.spring.io/spring-security/reference/_images/servlet/authentication/architecture/abstractauthenticationprocessingfilter.png)

-![number 1](../../_images/icons/number_1.png)当用户提交其凭据时，`AbstractAuthenticationProcessingFilter`从`Authentication`创建一个[`Authentication`]（# Servlet-authentication-authentication）来进行身份验证。创建的`Authentication`类型取决于`AbstractAuthenticationProcessingFilter`的子类。例如，[`UsernamePasswordAuthenticationFilter`]（passwords/form.html# Servlet-authentication-usernamepasswordauthenticationfilter）从*用户 Name*和*密码*中创建一个`UsernamePasswordAuthenticationToken`，它们在`HttpServletRequest`中提交。
+![number 1](https://docs.spring.io/spring-security/reference/_images/icons/number_1.png)当用户提交其凭据时，`AbstractAuthenticationProcessingFilter`从`Authentication`创建一个[`Authentication`]（# Servlet-authentication-authentication）来进行身份验证。创建的`Authentication`类型取决于`AbstractAuthenticationProcessingFilter`的子类。例如，[`UsernamePasswordAuthenticationFilter`]（passwords/form.html# Servlet-authentication-usernamepasswordauthenticationfilter）从*用户 Name*和*密码*中创建一个`UsernamePasswordAuthenticationToken`，它们在`HttpServletRequest`中提交。

-![number 2](../../_images/icons/number_2.png)接下来，将[`Authentication`]（# Servlet-authentication-authentication）传递到[`AuthenticationManager`]（# Servlet-authentication-authenticationManager）中进行身份验证。
+![number 2](https://docs.spring.io/spring-security/reference/_images/icons/number_2.png)接下来，将[`Authentication`]（# Servlet-authentication-authentication）传递到[`AuthenticationManager`]（# Servlet-authentication-authenticationManager）中进行身份验证。

-![number 3](../../_images/icons/number_3.png)如果身份验证失败，则*失败*
+![number 3](https://docs.spring.io/spring-security/reference/_images/icons/number_3.png)如果身份验证失败，则*失败*

 * [SecurityContextholder](#servlet-authentication-securitycontextholder)被清除。

@@ -174,7 +174,7 @@ val authorities = authentication.authorities

 * 调用`AuthenticationFailureHandler`。

-![number 4](../../_images/icons/number_4.png)如果身份验证成功，则*成功*。
+![number 4](https://docs.spring.io/spring-security/reference/_images/icons/number_4.png)如果身份验证成功，则*成功*。

 * `SessionAuthenticationStrategy`被通知有一个新的登录。


--- a/docs/spring-security/servlet-authentication-passwords-basic.md
+++ b/docs/spring-security/servlet-authentication-passwords-basic.md
@@ -4,31 +4,31 @@

 让我们来看看 HTTP Basic 身份验证在 Spring 安全性中是如何工作的。首先，我们看到[WWW-认证](https://tools.ietf.org/html/rfc7235#section-4.1)头被发送回未经验证的客户端。

-![基本验证入口点](../../../_images/servlet/authentication/unpwd/basicauthenticationentrypoint.png)
+![基本验证入口点](https://docs.spring.io/spring-security/reference/_images/servlet/authentication/unpwd/basicauthenticationentrypoint.png)

 图 1。发送 WWW-身份验证报头

 该图构建于我们的[`SecurityFilterChain`]（../../architecture.html# Servlet-SecurityFilterchain）图。

-![number 1](../../../_images/icons/number_1.png)首先，用户向资源`/private`发出未经授权的请求。
+![number 1](https://docs.spring.io/spring-security/reference/_images/icons/number_1.png)首先，用户向资源`/private`发出未经授权的请求。

-![number 2](../../../_images/icons/number_2.png) Spring security 的[`FilterSecurityInterceptor`]（.../授权/authorization/authorization/authorization-requests.html# Servlet-authorization-filtersecurityinterceptor）通过抛出`AccessDeniedException`表示未经验证的请求是*拒绝*。
+![number 2](https://docs.spring.io/spring-security/reference/_images/icons/number_2.png) Spring security 的[`FilterSecurityInterceptor`]（.../授权/authorization/authorization/authorization-requests.html# Servlet-authorization-filtersecurityinterceptor）通过抛出`AccessDeniedException`表示未经验证的请求是*拒绝*。

-![number 3](../../../_images/icons/number_3.png)由于用户未经过身份验证，[`ExceptionTranslationFilter`]（..../architecture.html# Servlet-ExceptionTranslationFilter）发起*启动身份验证*。配置的[`AuthenticationEntryPoint`]（../architecture.html# Servlet-authentication-authentryPoint）是[`BasicAuthenticationEntryPoint`]（https://DOCS. Spring.io/ Spring-security/site/DOCS/5.6.2/api/org/springframework/security/web/authentification/WWW/basicauthentrypoint.html）的一个实例，它发送一个 WWW-authenticate 报头。`RequestCache`通常是不保存请求的`NullRequestCache`，因为客户机能够重放它最初请求的请求。
+![number 3](https://docs.spring.io/spring-security/reference/_images/icons/number_3.png)由于用户未经过身份验证，[`ExceptionTranslationFilter`]（..../architecture.html# Servlet-ExceptionTranslationFilter）发起*启动身份验证*。配置的[`AuthenticationEntryPoint`]（../architecture.html# Servlet-authentication-authentryPoint）是[`BasicAuthenticationEntryPoint`]（https://DOCS. Spring.io/ Spring-security/site/DOCS/5.6.2/api/org/springframework/security/web/authentification/WWW/basicauthentrypoint.html）的一个实例，它发送一个 WWW-authenticate 报头。`RequestCache`通常是不保存请求的`NullRequestCache`，因为客户机能够重放它最初请求的请求。

 当客户端接收到 WWW-Authenticate 报头时，它知道应该使用用户名和密码重试。下面是正在处理的用户名和密码的流程。

-![基本验证过滤器](../../../_images/servlet/authentication/unpwd/basicauthenticationfilter.png)
+![基本验证过滤器](https://docs.spring.io/spring-security/reference/_images/servlet/authentication/unpwd/basicauthenticationfilter.png)

 图 2。验证用户名和密码

 这个图是基于我们的[`SecurityFilterChain`]（../../architecture.html# Servlet-SecurityFilterchain）图构建的。

-![number 1](../../../_images/icons/number_1.png)当用户提交他们的用户名和密码时，`BasicAuthenticationFilter`通过从`HttpServletRequest`中提取用户名和密码，创建一个`UsernamePasswordAuthenticationToken`，这是一种[`Authentication`]（../architecture.html# Servlet-authentication-authentication）的类型。
+![number 1](https://docs.spring.io/spring-security/reference/_images/icons/number_1.png)当用户提交他们的用户名和密码时，`BasicAuthenticationFilter`通过从`HttpServletRequest`中提取用户名和密码，创建一个`UsernamePasswordAuthenticationToken`，这是一种[`Authentication`]（../architecture.html# Servlet-authentication-authentication）的类型。

-![number 2](../../../_images/icons/number_2.png)接下来，将`UsernamePasswordAuthenticationToken`传递到`AuthenticationManager`中以进行身份验证。`AuthenticationManager`的详细内容取决于[用户信息被存储](index.html#servlet-authentication-unpwd-storage)的方式。
+![number 2](https://docs.spring.io/spring-security/reference/_images/icons/number_2.png)接下来，将`UsernamePasswordAuthenticationToken`传递到`AuthenticationManager`中以进行身份验证。`AuthenticationManager`的详细内容取决于[用户信息被存储](index.html#servlet-authentication-unpwd-storage)的方式。

-![number 3](../../../_images/icons/number_3.png)如果身份验证失败，则*失败*
+![number 3](https://docs.spring.io/spring-security/reference/_images/icons/number_3.png)如果身份验证失败，则*失败*

 * [SecurityContextholder ](../architecture.html#servlet-authentication-securitycontextholder)被清除。

@@ -36,7 +36,7 @@

 * 调用`AuthenticationEntryPoint`以触发再次发送 WWW-身份验证。

-![number 4](../../../_images/icons/number_4.png)如果身份验证成功，则*成功*。
+![number 4](https://docs.spring.io/spring-security/reference/_images/icons/number_4.png)如果身份验证成功，则*成功*。

 * [认证](../architecture.html#servlet-authentication-authentication)设置在[SecurityContextholder ](../architecture.html#servlet-authentication-securitycontextholder)上。


--- a/docs/spring-security/servlet-authentication-passwords-form.md
+++ b/docs/spring-security/servlet-authentication-passwords-form.md
@@ -4,35 +4,35 @@ Spring 安全性为正在通过 HTML 表单提供的用户名和密码提供支

 让我们来看看基于表单的登录在 Spring 安全性中是如何工作的。首先，我们来看看用户是如何被重定向到 Log In 表单的。

-![LoginurlauthenticationEntryPoint ](../../../_images/servlet/authentication/unpwd/loginurlauthenticationentrypoint.png)
+![LoginurlauthenticationEntryPoint ](https://docs.spring.io/spring-security/reference/_images/servlet/authentication/unpwd/loginurlauthenticationentrypoint.png)

 图 1。重定向到登录页面

 该图构建于我们的[`SecurityFilterChain`]（../../architecture.html# Servlet-SecurityFilterchain）图。

-![number 1](../../../_images/icons/number_1.png)首先，用户向资源`/private`发出未经授权的请求。
+![number 1](https://docs.spring.io/spring-security/reference/_images/icons/number_1.png)首先，用户向资源`/private`发出未经授权的请求。

-![number 2](../../../_images/icons/number_2.png) Spring security 的[`FilterSecurityInterceptor`]（.../授权/authorization/authorization/authorization-requests.html# Servlet-authorization-filtersecurityinterceptor）通过抛出`AccessDeniedException`表示未经验证的请求是*拒绝*。
+![number 2](https://docs.spring.io/spring-security/reference/_images/icons/number_2.png) Spring security 的[`FilterSecurityInterceptor`]（.../授权/authorization/authorization/authorization-requests.html# Servlet-authorization-filtersecurityinterceptor）通过抛出`AccessDeniedException`表示未经验证的请求是*拒绝*。

-![number 3](../../../_images/icons/number_3.png)由于未对用户进行身份验证，[`ExceptionTranslationFilter`]（..../architecture.html# Servlet-ExceptionTranslationFilter）启动*启动身份验证*，并用配置的[`AuthenticationEntryPoint`]（../architecture.html# Servlet-authentication-authentrationEntryPoint）向登录页面发送重定向。在大多数情况下，`AuthenticationEntryPoint`是[`LoginUrlAuthenticationEntryPoint`]（https://DOCS. Spring.io/ Spring-security/site/DOCS/5.6.2/api/org/springframework/security/web/authentication/loginurlauthenticationentrypoint.html）的一个实例。
+![number 3](https://docs.spring.io/spring-security/reference/_images/icons/number_3.png)由于未对用户进行身份验证，[`ExceptionTranslationFilter`]（..../architecture.html# Servlet-ExceptionTranslationFilter）启动*启动身份验证*，并用配置的[`AuthenticationEntryPoint`]（../architecture.html# Servlet-authentication-authentrationEntryPoint）向登录页面发送重定向。在大多数情况下，`AuthenticationEntryPoint`是[`LoginUrlAuthenticationEntryPoint`]（https://DOCS. Spring.io/ Spring-security/site/DOCS/5.6.2/api/org/springframework/security/web/authentication/loginurlauthenticationentrypoint.html）的一个实例。

-![number 4](../../../_images/icons/number_4.png)然后浏览器将请求重定向到的登录页面。
+![number 4](https://docs.spring.io/spring-security/reference/_images/icons/number_4.png)然后浏览器将请求重定向到的登录页面。

-![number 5](../../../_images/icons/number_5.png)应用程序中的某个内容，必须[呈现登录页面](#servlet-authentication-form-custom)。
+![number 5](https://docs.spring.io/spring-security/reference/_images/icons/number_5.png)应用程序中的某个内容，必须[呈现登录页面](#servlet-authentication-form-custom)。

 当提交用户名和密码时，`UsernamePasswordAuthenticationFilter`将对用户名和密码进行身份验证。`UsernamePasswordAuthenticationFilter`扩展了[抽象处理过滤器](../architecture.html#servlet-authentication-abstractprocessingfilter)，所以这个图看起来应该很相似。

-![用户名 passwordauthenticationfilter ](../../../_images/servlet/authentication/unpwd/usernamepasswordauthenticationfilter.png)
+![用户名 passwordauthenticationfilter ](https://docs.spring.io/spring-security/reference/_images/servlet/authentication/unpwd/usernamepasswordauthenticationfilter.png)

 图 2。验证用户名和密码

 该图构建于我们的[`SecurityFilterChain`]（../../architecture.html# Servlet-SecurityFilterchain）图。

-![number 1](../../../_images/icons/number_1.png)当用户提交他们的用户名和密码时，`UsernamePasswordAuthenticationFilter`通过从`HttpServletRequest`中提取用户名和密码，创建一个`UsernamePasswordAuthenticationToken`，这是一种[`Authentication`]（../architecture.html# Servlet-authentication-authentication）的类型。
+![number 1](https://docs.spring.io/spring-security/reference/_images/icons/number_1.png)当用户提交他们的用户名和密码时，`UsernamePasswordAuthenticationFilter`通过从`HttpServletRequest`中提取用户名和密码，创建一个`UsernamePasswordAuthenticationToken`，这是一种[`Authentication`]（../architecture.html# Servlet-authentication-authentication）的类型。

-![number 2](../../../_images/icons/number_2.png)接下来，将`UsernamePasswordAuthenticationToken`传递到`AuthenticationManager`中以进行身份验证。`AuthenticationManager`的详细内容取决于[用户信息被存储](index.html#servlet-authentication-unpwd-storage)的方式。
+![number 2](https://docs.spring.io/spring-security/reference/_images/icons/number_2.png)接下来，将`UsernamePasswordAuthenticationToken`传递到`AuthenticationManager`中以进行身份验证。`AuthenticationManager`的详细内容取决于[用户信息被存储](index.html#servlet-authentication-unpwd-storage)的方式。

-![number 3](../../../_images/icons/number_3.png)如果身份验证失败，则*失败*
+![number 3](https://docs.spring.io/spring-security/reference/_images/icons/number_3.png)如果身份验证失败，则*失败*

 * [SecurityContextholder ](../architecture.html#servlet-authentication-securitycontextholder)被清除。

@@ -40,7 +40,7 @@ Spring 安全性为正在通过 HTML 表单提供的用户名和密码提供支

 * 调用`AuthenticationFailureHandler`。

-![number 4](../../../_images/icons/number_4.png)如果身份验证成功，则*成功*。
+![number 4](https://docs.spring.io/spring-security/reference/_images/icons/number_4.png)如果身份验证成功，则*成功*。

 * `SessionAuthenticationStrategy`被通知有一个新的登录。


--- a/docs/spring-security/servlet-authentication-passwords-storage-dao-authentication-provider.md
+++ b/docs/spring-security/servlet-authentication-passwords-storage-dao-authentication-provider.md
@@ -4,19 +4,19 @@

 让我们来看看`DaoAuthenticationProvider`在 Spring 安全性中是如何工作的。该图详细说明了[读取用户名和密码](index.html#servlet-authentication-unpwd-input)图中的[`AuthenticationManager`]（../architecture.html# Servlet-authentication-authenticationmanager）是如何工作的。

-![DAoAuthenticationProvider ](../../../_images/servlet/authentication/unpwd/daoauthenticationprovider.png)
+![DAoAuthenticationProvider ](https://docs.spring.io/spring-security/reference/_images/servlet/authentication/unpwd/daoauthenticationprovider.png)

 图 1。`DaoAuthenticationProvider`用法

-![number 1](../../../_images/icons/number_1.png)来自[读取用户名和密码](index.html#servlet-authentication-unpwd-input)的身份验证`Filter`将一个`UsernamePasswordAuthenticationToken`传递到`AuthenticationManager`，这是由[`ProviderManager`]（../architecture.html# Servlet-assertification-providerManager）实现的。
+![number 1](https://docs.spring.io/spring-security/reference/_images/icons/number_1.png)来自[读取用户名和密码](index.html#servlet-authentication-unpwd-input)的身份验证`Filter`将一个`UsernamePasswordAuthenticationToken`传递到`AuthenticationManager`，这是由[`ProviderManager`]（../architecture.html# Servlet-assertification-providerManager）实现的。

-![number 2](../../../_images/icons/number_2.png)`ProviderManager`被配置为使用[身份验证提供者](../architecture.html#servlet-authentication-authenticationprovider)类型的`DaoAuthenticationProvider`。
+![number 2](https://docs.spring.io/spring-security/reference/_images/icons/number_2.png)`ProviderManager`被配置为使用[身份验证提供者](../architecture.html#servlet-authentication-authenticationprovider)类型的`DaoAuthenticationProvider`。

-![number 3](../../../_images/icons/number_3.png)`DaoAuthenticationProvider`从`UserDetailsService`中查找`UserDetails`。
+![number 3](https://docs.spring.io/spring-security/reference/_images/icons/number_3.png)`DaoAuthenticationProvider`从`UserDetailsService`中查找`UserDetails`。

-![number 4](../../../_images/icons/number_4.png)`DaoAuthenticationProvider`然后使用[`PasswordEncoder`]（password-encoder.html# Servlet-authentication-password-storage）在上一步返回的`UserDetails`上验证密码。
+![number 4](https://docs.spring.io/spring-security/reference/_images/icons/number_4.png)`DaoAuthenticationProvider`然后使用[`PasswordEncoder`]（password-encoder.html# Servlet-authentication-password-storage）在上一步返回的`UserDetails`上验证密码。

-![number 5](../../../_images/icons/number_5.png)当身份验证成功时，返回的[`Authentication`]（../architecture.html# Servlet-Authentication-Authentication）类型为`UsernamePasswordAuthenticationToken`，并且具有一个主体，即配置的`UserDetailsService`返回的`UserDetails`。最终，返回的`UsernamePasswordAuthenticationToken`将由身份验证`Filter`设置在[`SecurityContextHolder`]（../architecture.html# Servlet-authentication-securitycontextholder）上。
+![number 5](https://docs.spring.io/spring-security/reference/_images/icons/number_5.png)当身份验证成功时，返回的[`Authentication`]（../architecture.html# Servlet-Authentication-Authentication）类型为`UsernamePasswordAuthenticationToken`，并且具有一个主体，即配置的`UserDetailsService`返回的`UserDetails`。最终，返回的`UsernamePasswordAuthenticationToken`将由身份验证`Filter`设置在[`SecurityContextHolder`]（../architecture.html# Servlet-authentication-securitycontextholder）上。

 [PasswordEncoder ](password-encoder.html)[LDAP](ldap.html)

--- a/docs/spring-security/servlet-authorization-architecture.md
+++ b/docs/spring-security/servlet-authorization-architecture.md
@@ -49,7 +49,7 @@ default AuthorizationDecision verify(Supplier<Authentication> authentication, Ob

 [授权管理器实现](#authz-authorization-manager-implementations)说明了相关的类。

-![授权层次结构](../../_images/servlet/authorization/authorizationhierarchy.png)
+![授权层次结构](https://docs.spring.io/spring-security/reference/_images/servlet/authorization/authorizationhierarchy.png)

 图 1。授权管理器实现

@@ -207,7 +207,7 @@ boolean supports(Class clazz);

 虽然用户可以实现他们自己的`AccessDecisionManager`以控制授权的所有方面， Spring 安全性包括几个基于投票的`AccessDecisionManager`实现。[投票决策经理](#authz-access-voting)举例说明了相关的类。

-![访问决定投票](../../_images/servlet/authorization/access-decision-voting.png)
+![访问决定投票](https://docs.spring.io/spring-security/reference/_images/servlet/authorization/access-decision-voting.png)

 图 2。投票决策经理

@@ -245,7 +245,7 @@ Spring 安全性提供的最常用的`AccessDecisionVoter`是简单的`RoleVoter

 显然，你还可以实现一个自定义`AccessDecisionVoter`，并且你可以在其中放入你想要的任何访问控制逻辑。它可能是特定于你的应用程序的（与业务逻辑相关的），或者它可能实现一些安全管理逻辑。例如，你将在 Spring 网站上找到一个[博客文章](https://spring.io/blog/2009/01/03/spring-security-customization-part-2-adjusting-secured-session-in-real-time)，该网站描述了如何使用投票器实时拒绝帐户已被暂停的用户的访问。

-![调用后](../../_images/servlet/authorization/after-invocation.png)
+![调用后](https://docs.spring.io/spring-security/reference/_images/servlet/authorization/after-invocation.png)

 图 3。调用实现之后


--- a/docs/spring-security/servlet-authorization-authorize-http-requests.md
+++ b/docs/spring-security/servlet-authorization-authorize-http-requests.md
@@ -36,19 +36,19 @@ SecurityFilterChain web(HttpSecurity http) throws AuthenticationException {

 当使用`authorizeHttpRequests`而不是`authorizeRequests`时，则使用[`AuthorizationFilter`]（https://DOCS. Spring.io/ Spring-security/site/DOCS/5.6.2/api/org/springframework/security/web/access/intercept/Authorizationfilter.html）代替[<<<requests.html>]（authority-requests.html# Servlet-authority-filtersecurityptor）。

-![授权过滤器](../../_images/servlet/authorization/authorizationfilter.png)
+![授权过滤器](https://docs.spring.io/spring-security/reference/_images/servlet/authorization/authorizationfilter.png)

 图 1。授权 HttpServletRequest

-* ![number 1](../../_images/icons/number_1.png)首先，`AuthorizationFilter`从[SecurityContextholder](../authentication/architecture.html#servlet-authentication-securitycontextholder)得到[认证](../authentication/architecture.html#servlet-authentication-authentication)。它将此包在`Supplier`中，以延迟查找。
+* ![number 1](https://docs.spring.io/spring-security/reference/_images/icons/number_1.png)首先，`AuthorizationFilter`从[SecurityContextholder](../authentication/architecture.html#servlet-authentication-securitycontextholder)得到[认证](../authentication/architecture.html#servlet-authentication-authentication)。它将此包在`Supplier`中，以延迟查找。

-* ![number 2](../../_images/icons/number_2.png)秒，`AuthorizationFilter`从`HttpServletRequest`、`FilterInvocation`、<DOCS. Spring.io/ Spring-security/site/DOCS/5.6.2/api/org/springframework/security/web/filterinvocation.html）中创建一个[`HttpServletRequest`、`HttpServletResponse`和`FilterChain`。
+* ![number 2](https://docs.spring.io/spring-security/reference/_images/icons/number_2.png)秒，`AuthorizationFilter`从`HttpServletRequest`、`FilterInvocation`、<DOCS. Spring.io/ Spring-security/site/DOCS/5.6.2/api/org/springframework/security/web/filterinvocation.html）中创建一个[`HttpServletRequest`、`HttpServletResponse`和`FilterChain`。

-* ![number 3](../../_images/icons/number_3.png)接下来，它将`Supplier<Authentication>`和`FilterInvocation`传递给[`AuthorizationManager`]。
+* ![number 3](https://docs.spring.io/spring-security/reference/_images/icons/number_3.png)接下来，它将`Supplier<Authentication>`和`FilterInvocation`传递给[`AuthorizationManager`]。

-  * ![number 4](../../_images/icons/number_4.png)如果拒绝授权，将抛出`AccessDeniedException`。在这种情况下，[`ExceptionTranslationFilter`]（../architecture.html# Servlet-ExceptionTranslationFilter）处理`AccessDeniedException`。
+  * ![number 4](https://docs.spring.io/spring-security/reference/_images/icons/number_4.png)如果拒绝授权，将抛出`AccessDeniedException`。在这种情况下，[`ExceptionTranslationFilter`]（../architecture.html# Servlet-ExceptionTranslationFilter）处理`AccessDeniedException`。

-  * ![number 5](../../_images/icons/number_5.png)如果访问被授予，`AuthorizationFilter`继续使用[滤清链](../architecture.html#servlet-filters-review)，这允许应用程序正常处理。
+  * ![number 5](https://docs.spring.io/spring-security/reference/_images/icons/number_5.png)如果访问被授予，`AuthorizationFilter`继续使用[滤清链](../architecture.html#servlet-filters-review)，这允许应用程序正常处理。

 通过按优先级顺序添加更多规则，我们可以将安全性配置为具有不同的规则。


--- a/docs/spring-security/servlet-authorization-authorize-requests.md
+++ b/docs/spring-security/servlet-authorization-authorize-requests.md
@@ -7,21 +7,21 @@

 [`FilterSecurityInterceptor`]（https://DOCS. Spring.io/ Spring-security/site/DOCS/5.6.2/api/org/springframework/security/web/access/intercept/filtersecurityinterceptor.html）为`HttpServletRequest`s 提供[授权](index.html#servlet-authorization)。它作为[安全过滤器](../architecture.html#servlet-security-filters)中的一个插入到[FilterchainProxy](../architecture.html#servlet-filterchainproxy)中。

-![过滤安全拦截器](../../_images/servlet/authorization/filtersecurityinterceptor.png)
+![过滤安全拦截器](https://docs.spring.io/spring-security/reference/_images/servlet/authorization/filtersecurityinterceptor.png)

 图 1。授权 HttpServletRequest

-* ![number 1](../../_images/icons/number_1.png)首先，`FilterSecurityInterceptor`从[SecurityContextholder](../authentication/architecture.html#servlet-authentication-securitycontextholder)得到一个[认证](../authentication/architecture.html#servlet-authentication-authentication)。
+* ![number 1](https://docs.spring.io/spring-security/reference/_images/icons/number_1.png)首先，`FilterSecurityInterceptor`从[SecurityContextholder](../authentication/architecture.html#servlet-authentication-securitycontextholder)得到一个[认证](../authentication/architecture.html#servlet-authentication-authentication)。

-* ![number 2](../../_images/icons/number_2.png)第二，`FilterSecurityInterceptor`从`HttpServletRequest`、`HttpServletResponse`和`FilterChain`中创建一个[`FilterChain`（https://DOCS. Spring.io/ Spring-security/site/site/DOCS/5.6.2/api/org/springframework/security/web/filterinvocation.html），并传递到`HttpServletRequest`中的`HttpServletResponse`和`FilterChain`中。
+* ![number 2](https://docs.spring.io/spring-security/reference/_images/icons/number_2.png)第二，`FilterSecurityInterceptor`从`HttpServletRequest`、`HttpServletResponse`和`FilterChain`中创建一个[`FilterChain`（https://DOCS. Spring.io/ Spring-security/site/site/DOCS/5.6.2/api/org/springframework/security/web/filterinvocation.html），并传递到`HttpServletRequest`中的`HttpServletResponse`和`FilterChain`中。

-* ![number 3](../../_images/icons/number_3.png)下一步，它将`FilterInvocation`传递到`SecurityMetadataSource`，得到`ConfigAttribute`s。
+* ![number 3](https://docs.spring.io/spring-security/reference/_images/icons/number_3.png)下一步，它将`FilterInvocation`传递到`SecurityMetadataSource`，得到`ConfigAttribute`s。

-* ![number 4](../../_images/icons/number_4.png)最后，它将`Authentication`、`FilterInvocation`和`ConfigAttribute`s 传递给 Xref: Servlet/授权。ADOC#authz-access-decision-manager`AccessDecisionManager`。
+* ![number 4](https://docs.spring.io/spring-security/reference/_images/icons/number_4.png)最后，它将`Authentication`、`FilterInvocation`和`ConfigAttribute`s 传递给 Xref: Servlet/授权。ADOC#authz-access-decision-manager`AccessDecisionManager`。

-  * ![number 5](../../_images/icons/number_5.png)如果拒绝授权，将抛出`AccessDeniedException`。在这种情况下，[`ExceptionTranslationFilter`]（../architecture.html# Servlet-ExceptionTranslationFilter）处理`AccessDeniedException`。
+  * ![number 5](https://docs.spring.io/spring-security/reference/_images/icons/number_5.png)如果拒绝授权，将抛出`AccessDeniedException`。在这种情况下，[`ExceptionTranslationFilter`]（../architecture.html# Servlet-ExceptionTranslationFilter）处理`AccessDeniedException`。

-  * ![number 6](../../_images/icons/number_6.png)如果访问被授予，`FilterSecurityInterceptor`继续使用[滤清链](../architecture.html#servlet-filters-review)，这允许应用程序正常处理。
+  * ![number 6](https://docs.spring.io/spring-security/reference/_images/icons/number_6.png)如果访问被授予，`FilterSecurityInterceptor`继续使用[滤清链](../architecture.html#servlet-filters-review)，这允许应用程序正常处理。

 默认情况下， Spring Security 的授权将要求对所有请求进行身份验证。显式配置如下所示：