This is an automated email from the ASF dual-hosted git repository. papegaaij pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/wicket.git
commit 2034316f9fd7a834185790e60014b9be048d83db Author: Emond Papegaaij <[email protected]> AuthorDate: Sun Feb 23 20:45:05 2020 +0100 WICKET-6747: updated summary with CSP --- wicket-user-guide/src/main/asciidoc/security/security_9.adoc | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/wicket-user-guide/src/main/asciidoc/security/security_9.adoc b/wicket-user-guide/src/main/asciidoc/security/security_9.adoc index d9b77c3..74acf19 100644 --- a/wicket-user-guide/src/main/asciidoc/security/security_9.adoc +++ b/wicket-user-guide/src/main/asciidoc/security/security_9.adoc @@ -4,10 +4,8 @@ The central element of authorization mechanism is the interface _IAuthorizationS Wicket natively supports role-based authorizations with strategies _MetaDataRoleAuthorizationStrategy_ and _AnnotationsRoleAuthorizationStrategy_. The difference between these two strategies is that the first offers a programmatic approach for role handling while the second promotes a declarative approach using built-in annotations. -After having explored how Wicket internally implements authentication and authorization, in the last part of the chapter we have learnt how to configure our applications to support HTTPS and how to specify which pages must be served over this protocol. - -In the last paragraph we have seen how Wicket protects package resources with a guard entity that allows us to decide which package resources can be accessed from users. - - +After having explored how Wicket internally implements authentication and authorization, we continued with how to configure our applications to support HTTPS and how to specify which pages must be served over this protocol. +We've explored the protection Wicket offers against CSRF attacks with URL encryption and the _CsrfPreventionRequestCycleListener_. This was followed by an explanation of the Content Security Policy used by Wicket and how to tune this for your application. +In the last paragraph we have seen how Wicket protects package resources with a guard entity that allows us to decide which package resources can be accessed from users.
