Fix typos in documentation

Author: ahrytsiuk

docs/articles/src/docbook/codebase-structure.xml

@@ -94,7 +94,7 @@
 						<tbody>
 							<row>
 								<entry valign="middle">spring-security-core</entry>
-								<entry>Core authentication and access-contol classes and interfaces.
+								<entry>Core authentication and access-control classes and interfaces.
 									Remoting support and basic provisioning APIs.</entry>
 								<entry>Required by any application which uses Spring Security.
 									Supports standalone applications, remote clients, method
@@ -174,7 +174,7 @@
 				The <filename>core</filename> package and sub packages contain the basic classes and
 				interfaces which are used throughout the framework and the other two main packages
 				within the core jar are <filename>authentication</filename> and
-					<filename>access</filename>. The <filename>access</filename> package containst
+					<filename>access</filename>. The <filename>access</filename> package contains
 				access-control/authorization code such as the
 					<interfacename>AccessDecisionManager</interfacename> and related voter-based
 				implementations, the interception and method security infrastructure, annotation

docs/guides/src/docs/asciidoc/form-javaconfig.asc

@@ -199,7 +199,7 @@ Our existing configuration means that all we need to do is create a *login.html*
 
 IMPORTANT: Do not display details about why authentication failed. For example, we do not want to display that the user does not exist as this will tell an attacker that they should try a different username.
 
-TIP: We use Thymeleaf to automatically add the CSRF token to our form. If we were not using Thymleaf or Spring MVCs taglib we could also manually add the CSRF token using `<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>`.
+TIP: We use Thymeleaf to automatically add the CSRF token to our form. If we were not using Thymeleaf or Spring MVCs taglib we could also manually add the CSRF token using `<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>`.
 
 Start up the server and try visiting http://localhost:8080/sample/ to see the updates to our configuration. We now see our login page, but it does not look very pretty. The issue is that we have not granted access to the css files.
 

docs/guides/src/docs/asciidoc/helloworld-boot.asc

@@ -66,7 +66,7 @@ in order to utilize the _sec:authentication_ and _sec:authorize_ attributes.
 <3> Displays the authorities of the currently authenticated principal.
 <4> The logout form.
 
-TIP: Thymeleaf will automatically add the CSRF token to our logout form. If we were not using Thymleaf or Spring MVCs taglib we could also manually add the CSRF token using `<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>`.
+TIP: Thymeleaf will automatically add the CSRF token to our logout form. If we were not using Thymeleaf or Spring MVCs taglib we could also manually add the CSRF token using `<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>`.
 
 ==== Update the _secured_ page
 

docs/manual/src/docs/asciidoc/_includes/about/exploits/csrf.adoc

@@ -378,7 +378,7 @@ The first option is to include the actual CSRF token in the body of the request.
 By placing the CSRF token in the body, the body will be read before authorization is performed.
 This means that anyone can place temporary files on your server.
 However, only authorized users will be able to submit a File that is processed by your application.
-In general, this is the recommended approach because the temporary file uplaod should have a negligible impact on most servers.
+In general, this is the recommended approach because the temporary file upload should have a negligible impact on most servers.
 
 [[csrf-considerations-multipart-url]]
 ==== Include CSRF Token in URL

docs/manual/src/docs/asciidoc/_includes/reactive/exploits/csrf.adoc

@@ -130,7 +130,7 @@ Next we will discuss various ways of including the CSRF token in a form as a hid
 Spring Security's CSRF support provides integration with Spring's https://docs.spring.io/spring/docs/current/javadoc-api/org/springframework/web/reactive/result/view/RequestDataValueProcessor.html[RequestDataValueProcessor] via its https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.html[CsrfRequestDataValueProcessor].
 In order for `CsrfRequestDataValueProcessor` to work, the `Mono<CsrfToken>` must be subscribed to and the `CsrfToken` must be <<webflux-csrf-include-subscribe,exposed as an attribute>> that matches https://docs.spring.io/spring-security/site/docs/current/api/org/springframework/security/web/reactive/result/view/CsrfRequestDataValueProcessor.html#DEFAULT_CSRF_ATTR_NAME[DEFAULT_CSRF_ATTR_NAME].
 
-Fortunately, Thymleaf https://www.thymeleaf.org/doc/tutorials/2.1/thymeleafspring.html#integration-with-requestdatavalueprocessor[provides support] to take care of all the boilerplate for you by integrating with `RequestDataValueProcessor` to ensure that forms that have an unsafe HTTP method (i.e. post) will automatically include the actual CSRF token.
+Fortunately, Thymeleaf https://www.thymeleaf.org/doc/tutorials/2.1/thymeleafspring.html#integration-with-requestdatavalueprocessor[provides support] to take care of all the boilerplate for you by integrating with `RequestDataValueProcessor` to ensure that forms that have an unsafe HTTP method (i.e. post) will automatically include the actual CSRF token.
 
 [[webflux-csrf-include-form-attr]]
 ===== CsrfToken Request Attribute

docs/manual/src/docs/asciidoc/_includes/servlet/appendix/faq.adoc

@@ -77,9 +77,9 @@ It should also be compatible with applications using Spring 2.5.x.
 ==== I'm new to Spring Security and I need to build an application that supports CAS single sign-on over HTTPS, while allowing Basic authentication locally for certain URLs, authenticating against multiple back end user information sources (LDAP and JDBC). I've copied some configuration files I found but it doesn't work.
 What could be wrong?
 
-Or subsititute an alternative complex scenario...
+Or substitute an alternative complex scenario...
 
-Realistically, you need an understanding of the technolgies you are intending to use before you can successfully build applications with them.
+Realistically, you need an understanding of the technologies you are intending to use before you can successfully build applications with them.
 Security is complicated.
 Setting up a simple configuration using a login form and some hard-coded users using Spring Security's namespace is reasonably straightforward.
 Moving to using a backed JDBC database is also easy enough.
@@ -131,7 +131,7 @@ If you are using hashed passwords, make sure the value stored in your database i
 [[appendix-faq-login-loop]]
 ==== My application goes into an "endless loop" when I try to login, what's going on?
 
-A common user problem with infinite loop and redirecting to the login page is caused by accidently configuring the login page as a "secured" resource.
+A common user problem with infinite loop and redirecting to the login page is caused by accidentally configuring the login page as a "secured" resource.
 Make sure your configuration allows anonymous access to the login page, either by excluding it from the security filter chain or marking it as requiring ROLE_ANONYMOUS.
 
 If your AccessDecisionManager includes an AuthenticatedVoter, you can use the attribute "IS_AUTHENTICATED_ANONYMOUSLY". This is automatically available if you are using the standard namespace configuration setup.
@@ -387,7 +387,7 @@ Any which are marked as "optional" in the Spring Security POM files will have to
 [[appendix-faq-apacheds-deps]]
 ==== What dependencies are needed to run an embedded ApacheDS LDAP server?
 
-If you are using Maven, you need to add the folowing to your pom dependencies:
+If you are using Maven, you need to add the following to your pom dependencies:
 
 [source]
 ----

docs/manual/src/docs/asciidoc/_includes/servlet/appendix/namespace.adoc

@@ -517,11 +517,11 @@ Select the `AllowFromStrategy` to use when using the ALLOW-FROM policy.
 
 ** `static` Use a single static ALLOW-FROM value.
 The value can be set through the <<nsa-frame-options-value,value>> attribute.
-** `regexp` Use a regelur expression to validate incoming requests and if they are allowed.
+** `regexp` Use a regular expression to validate incoming requests and if they are allowed.
 The regular expression can be set through the <<nsa-frame-options-value,value>> attribute.
 The request parameter used to retrieve the value to validate can be specified using the <<nsa-frame-options-from-parameter,from-parameter>>.
-** `whitelist` A comma-seperated list containing the allowed domains.
-The comma-seperated list can be set through the <<nsa-frame-options-value,value>> attribute.
+** `whitelist` A comma-separated list containing the allowed domains.
+The comma-separated list can be set through the <<nsa-frame-options-value,value>> attribute.
 The request parameter used to retrieve the value to validate can be specified using the <<nsa-frame-options-from-parameter,from-parameter>>.
 
 

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/cas.adoc

@@ -235,7 +235,7 @@ With the configuration above, the flow of logout would be:
 * The logout success page, `/cas-logout.jsp`, should instruct the user to click a link pointing to `/logout/cas` in order to logout out of all applications.
 * When the user clicks the link, the user is redirected to the CAS single logout URL (https://localhost:9443/cas/logout).
 * On the CAS Server side, the CAS single logout URL then submits single logout requests to all the CAS Services.
-On the CAS Service side, JASIG's `SingleSignOutFilter` processes the logout request by invaliditing the original session.
+On the CAS Service side, JASIG's `SingleSignOutFilter` processes the logout request by invalidating the original session.
 
 
 

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/digest.adoc

@@ -76,7 +76,7 @@ protected void configure(HttpSecurity http) throws Exception {
 
 <b:bean id="digestEntryPoint"
         class="org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint"
-    p:realmName="My App Relam"
+    p:realmName="My App Realm"
 	p:key="3028472b-da34-4501-bfd8-a355c42bdf92"
 />
 

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/unpwd/in-memory.adoc

@@ -82,7 +82,7 @@ public UserDetailsService users() {
 		.password("password")
 		.roles("USER")
 		.build();
-	UserDetails user = users
+	UserDetails admin = users
 		.username("admin")
 		.password("password")
 		.roles("USER", "ADMIN")