Luke Taylor (Migrated from SEC-1178) said:
The first 5 chapters are in reasonable shape (structurally speaking), but I'd like to restruture things beyond that. Something along the lines of
Provide overview of Web application features and supported authentication methods, rather than dealing with each authentication mechanism in an individual chapter.
Scrap current chapter 6&7. Move localization part elsewhere (either to tech intro or after everything else). Move filters, tag and channel stuff to web part.
Cut back general "authentication" part. Web authentication mechanisms can go in the web part. Retain general back-end information. Strip out UserDetails info, schema as already covered elsewhere. Remainder of ch 8 should go in web part. Concurrent session handling should be a separate topic. Rewrite DaoAuthenitcationProvider chapter (provide headings on PasswordEncoder for indexing). Scrap "anonymous authentication" chapter and cover it in earlier section. Explain purpose and use of a "deny by default" configuration approach. Mention servlet API compatibility.
Retain authorization part but restructure substantially. Refer back to intro and recap on main interfaces. Rewrite architecture section (voters and after-invocation) to include expression support. Explicitly configuring a FilterSecurityInterceptor should be covered in the web chapter (along with FilterChainProxy) and related to the namespace syntax. Correct interface and class names related to SecurityMetadataSource.
Advanced Features Part (new) - CAS, LDAP, pre-authentication setups, use of role hierarchies (or this may go in earlier). Tag libraries (not really advanced but may require prior knowledge of earlier chapters for full coverage).
Add new changes to namespace appendix.