Merge Project Modules and Dependencies Section of the docs

Closes gh-8199

Author: unix1982

docs/manual/src/docs/asciidoc/_includes/about/modules.adoc

@@ -1,11 +1,21 @@
 // FIXME: This might make sense in Getting Spring Security along with the artifact information
 
 [[modules]]
-= Project Modules
+= Project Modules and Dependencies
 In Spring Security 3.0, the codebase was sub-divided into separate jars which more clearly separate different functionality areas and third-party dependencies.
 If you use Maven to build your project, these are the modules you should add to your `pom.xml`.
 Even if you do not use Maven, we recommend that you consult the `pom.xml` files to get an idea of third-party dependencies and versions.
 Another good idea is to examine the libraries that are included in the sample applications.
+This section provides a reference of the modules in Spring Security and the additional dependencies that they require in order to function in a running application.
+We don't include dependencies that are only used when building or testing Spring Security itself.
+Nor do we include transitive dependencies which are required by external dependencies.
+
+The version of Spring required is listed on the project website, so the specific versions are omitted for Spring dependencies below.
+Note that some of the dependencies listed as "optional" below may still be required for other non-security functionality in a Spring application.
+Also dependencies listed as "optional" may not actually be marked as such in the project's Maven POM files if they are used in most applications.
+They are "optional" only in the sense that you don't need them unless you are using the specified functionality.
+
+Where a module depends on another Spring Security module, the non-optional dependencies of the module it depends on are also assumed to be required and are not listed separately.
 
 
 [[spring-security-core]]
@@ -20,12 +30,62 @@ It contains the following top-level packages:
 * `org.springframework.security.authentication`
 * `org.springframework.security.provisioning`
 
+.Core Dependencies
+|===
+| Dependency | Version | Description
+
+| ehcache
+| 1.6.2
+| Required if the Ehcache-based user cache implementation is used (optional).
+
+| spring-aop
+|
+| Method security is based on Spring AOP
+
+| spring-beans
+|
+| Required for Spring configuration
+
+| spring-expression
+|
+| Required for expression-based method security (optional)
+
+| spring-jdbc
+|
+| Required if using a database to store user data (optional).
+
+| spring-tx
+|
+| Required if using a database to store user data (optional).
+
+| aspectjrt
+| 1.6.10
+| Required if using AspectJ support (optional).
+
+| jsr250-api
+| 1.0
+| Required if you are using JSR-250 method-security annotations (optional).
+|===
+
+
 [[spring-security-remoting]]
 == Remoting -- `spring-security-remoting.jar`
 This module provides integration with Spring Remoting.
 You do not need this unless you are writing a remote client that uses Spring Remoting.
 The main package is `org.springframework.security.remoting`.
 
+.Remoting Dependencies
+|===
+| Dependency | Version | Description
+
+| spring-security-core
+|
+|
+
+| spring-web
+|
+| Required for clients which use HTTP remoting support.
+|===
 
 [[spring-security-web]]
 == Web -- `spring-security-web.jar`
@@ -34,6 +94,26 @@ It contains anything with a servlet API dependency.
 You need it if you require Spring Security web authentication services and URL-based access-control.
 The main package is `org.springframework.security.web`.
 
+.Web Dependencies
+|===
+| Dependency | Version | Description
+
+| spring-security-core
+|
+|
+
+| spring-web
+|
+| Spring web support classes are used extensively.
+
+| spring-jdbc
+|
+| Required for JDBC-based persistent remember-me token repository (optional).
+
+| spring-tx
+|
+| Required by remember-me persistent token repository implementations (optional).
+|===
 
 [[spring-security-config]]
 == Config -- `spring-security-config.jar`
@@ -42,13 +122,67 @@ You need it if you use the Spring Security XML namespace for configuration or Sp
 The main package is `org.springframework.security.config`.
 None of the classes are intended for direct use in an application.
 
+.Config Dependencies
+|===
+| Dependency | Version | Description
+
+| spring-security-core
+|
+|
+
+| spring-security-web
+|
+| Required if you are using any web-related namespace configuration (optional).
+
+| spring-security-ldap
+|
+| Required if you are using the LDAP namespace options (optional).
+
+| spring-security-openid
+|
+| Required if you are using OpenID authentication (optional).
+
+| aspectjweaver
+| 1.6.10
+| Required if using the protect-pointcut namespace syntax (optional).
+|===
 
 [[spring-security-ldap]]
 == LDAP -- `spring-security-ldap.jar`
 This module provides LDAP authentication and provisioning code.
 It is required if you need to use LDAP authentication or manage LDAP user entries.
 The top-level package is `org.springframework.security.ldap`.
 
+.LDAP Dependencies
+|===
+| Dependency | Version | Description
+
+| spring-security-core
+|
+|
+
+| spring-ldap-core
+| 1.3.0
+| LDAP support is based on Spring LDAP.
+
+| spring-tx
+|
+| Data exception classes are required.
+
+| apache-ds footnote:[The modules `apacheds-core`, `apacheds-core-entry`, `apacheds-protocol-shared`, `apacheds-protocol-ldap` and `apacheds-server-jndi` are required.
+]
+| 1.5.5
+| Required if you are using an embedded LDAP server (optional).
+
+| shared-ldap
+| 0.9.15
+| Required if you are using an embedded LDAP server (optional).
+
+| ldapsdk
+| 4.1
+| Mozilla LdapSDK.
+Used for decoding LDAP password policy controls if you are using password-policy functionality with OpenLDAP, for example.
+|===
 
 [[spring-security-oauth2-core]]
 == OAuth 2.0 Core -- `spring-security-oauth2-core.jar`
@@ -92,13 +226,54 @@ This module contains a specialized domain object ACL implementation.
 It is used to apply security to specific domain object instances within your application.
 The top-level package is `org.springframework.security.acls`.
 
+.ACL Dependencies
+|===
+| Dependency | Version | Description
+
+| spring-security-core
+|
+|
+
+| ehcache
+| 1.6.2
+| Required if the Ehcache-based ACL cache implementation is used (optional if you are using your own implementation).
+
+| spring-jdbc
+|
+| Required if you are using the default JDBC-based AclService (optional if you implement your own).
+
+| spring-tx
+|
+| Required if you are using the default JDBC-based AclService (optional if you implement your own).
+|===
 
 [[spring-security-cas]]
 == CAS -- `spring-security-cas.jar`
 This module contains Spring Security's CAS client integration.
 You should use it if you want to use Spring Security web authentication with a CAS single sign-on server.
 The top-level package is `org.springframework.security.cas`.
 
+.CAS Dependencies
+|===
+| Dependency | Version | Description
+
+| spring-security-core
+|
+|
+
+| spring-security-web
+|
+|
+
+| cas-client-core
+| 3.1.12
+| The JA-SIG CAS Client.
+This is the basis of the Spring Security integration.
+
+| ehcache
+| 1.6.2
+| Required if you are using the Ehcache-based ticket cache (optional).
+|===
 
 [[spring-security-openid]]
 == OpenID -- `spring-security-openid.jar`
@@ -110,7 +285,57 @@ It is used to authenticate users against an external OpenID server.
 The top-level package is `org.springframework.security.openid`.
 It requires OpenID4Java.
 
+.OpenID Dependencies
+|===
+| Dependency | Version | Description
+
+| spring-security-core
+|
+|
+
+| spring-security-web
+|
+|
+
+| openid4java-nodeps
+| 0.9.6
+| Spring Security's OpenID integration uses OpenID4Java.
+
+| httpclient
+| 4.1.1
+| openid4java-nodeps depends on HttpClient 4.
+
+| guice
+| 2.0
+| openid4java-nodeps depends on Guice 2.
+|===
+
 
 [[spring-security-test]]
 == Test -- `spring-security-test.jar`
 This module contains support for testing with Spring Security.
+
+[[spring-security-taglibs]]
+== Taglibs -- `spring-secuity-taglibs.jar`
+Provides Spring Security's JSP tag implementations.
+
+.Taglib Dependencies
+|===
+| Dependency | Version | Description
+
+| spring-security-core
+|
+|
+
+| spring-security-web
+|
+|
+
+| spring-security-acl
+|
+| Required if you are using the `accesscontrollist` tag or `hasPermission()` expressions with ACLs (optional).
+
+| spring-expression
+|
+| Required if you are using SPEL expressions in your tag access constraints.
+|===