Add section on web security

rstoyanchev · rstoyanchev · commit 8e38b7ede675 · 2014-07-29T16:56:37.000-04:00
Issue: SPR-6125
diff --git a/src/asciidoc/index.adoc b/src/asciidoc/index.adoc
@@ -31703,6 +31703,24 @@ or in a JSP:
 ----
 
 
+[[mvc-web-security]]
+=== Web Security
+
+The http://projects.spring.io/spring-security/[Spring Security] project provides features
+to protect web applications from malicious exploits. Check out the reference documentation in the sections on
+http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#csrf["CSRF protection"],
+http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#headers["Security Response Headers"], and also
+http://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#mvc["Spring MVC Integration"].
+Note that using Spring Security to secure the application is not necessarily required for all features.
+For example CSRF protection can be added simply by adding the `CsrfFilter` and
+`CsrfRequestDataValueProcessor` to your configuration. See the
+https://github.com/spring-projects/spring-mvc-showcase/commit/361adc124c05a8187b84f25e8a57550bb7d9f8e4[Spring MVC Showcase]
+for an example.
+
+Another option is to use a framework dedicated to Web Security.
+http://hdiv.org/[HDIV] is one such framework and integrates with Spring MVC.
+
+
 
 
 [[mvc-coc]]
@@ -32882,8 +32900,6 @@ declaration.
 
 
 
-
-
 [[view]]
 == View technologies
 
