Fix some typos and mistakes in docs

Author: di72nn

docs/manual/src/docs/asciidoc/_includes/about/authentication/password-storage.adoc

@@ -295,7 +295,7 @@ java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the i
 	at org.springframework.security.crypto.password.DelegatingPasswordEncoder.matches(DelegatingPasswordEncoder.java:196)
 ----
 
-The easiest way to resolve the error is to switch to explicitly provide the `PasswordEncoder` that you passwords are encoded with.
+The easiest way to resolve the error is to switch to explicitly providing the `PasswordEncoder` that your passwords are encoded with.
 The easiest way to resolve it is to figure out how your passwords are currently being stored and explicitly provide the correct `PasswordEncoder`.
 
 If you are migrating from Spring Security 4.2.x you can revert to the previous behavior by <<authentication-password-storage-configuration,exposing a `NoOpPasswordEncoder` bean>>.

docs/manual/src/docs/asciidoc/_includes/about/exploits/csrf.adoc

@@ -377,7 +377,7 @@ More information about using multipart forms with Spring can be found within the
 The first option is to include the actual CSRF token in the body of the request.
 By placing the CSRF token in the body, the body will be read before authorization is performed.
 This means that anyone can place temporary files on your server.
-However, only authorized users will be able to submit a File that is processed by your application.
+However, only authorized users will be able to submit a file that is processed by your application.
 In general, this is the recommended approach because the temporary file upload should have a negligible impact on most servers.
 
 [[csrf-considerations-multipart-url]]

docs/manual/src/docs/asciidoc/_includes/about/exploits/headers.adoc

@@ -384,7 +384,7 @@ This is a nice clean-up action to perform on logout.
 
 [NOTE]
 ====
-Refer to the relevant sections to see how to configure both <<servlet-headers-custom,servlet>> based applications.
+Refer to the relevant section to see how to configure <<servlet-headers-custom,servlet>> based applications.
 ====
 
 Spring Security has mechanisms to make it convenient to add the more common security headers to your application.

docs/manual/src/docs/asciidoc/_includes/about/exploits/http.adoc

@@ -20,7 +20,7 @@ Spring Security provides support for <<headers-hsts,Strict Transport Security>>
 == Proxy Server Configuration
 
 When using a proxy server it is important to ensure that you have configured your application properly.
-For example, many applications will have a load balancer that responds to request for https://example.com/ by forwarding the request to an application server at https://192.168.1:8080
+For example, many applications will have a load balancer that responds to request for https://example.com/ by forwarding the request to an application server at https://192.168.1:8080.
 Without proper configuration, the application server will not know that the load balancer exists and treat the request as though https://192.168.1:8080 was requested by the client.
 
 To fix this you can use https://tools.ietf.org/html/rfc7239[RFC 7239] to specify that a load balancer is being used.

docs/manual/src/docs/asciidoc/_includes/servlet/architecture/delegating-filter-proxy.adoc

@@ -41,6 +41,6 @@ fun doFilter(request: ServletRequest, response: ServletResponse, chain: FilterCh
 ----
 ====
 
-Another benefit of `DelegatingFilterProxy` is that it allows delaying looking `Filter` bean instances.
+Another benefit of `DelegatingFilterProxy` is that it allows delaying looking `Filter` bean instances up.
 This is important because the container needs to register the `Filter` instances before the container can startup.
 However, Spring typically uses a `ContextLoaderListener` to load the Spring Beans which will not be done until after the `Filter` instances need to be registered.

docs/manual/src/docs/asciidoc/_includes/servlet/architecture/exception-translation-filter.adoc

@@ -13,7 +13,7 @@ image::{figures}/exceptiontranslationfilter.png[]
 
 * image:{icondir}/number_1.png[] First, the `ExceptionTranslationFilter` invokes `FilterChain.doFilter(request, response)` to invoke the rest of the application.
 * image:{icondir}/number_2.png[] If the user is not authenticated or it is an `AuthenticationException`, then __Start Authentication__.
-** The <<servlet-authentication-securitycontextholder>> is cleared out
+** The <<servlet-authentication-securitycontextholder>> is cleared out.
 ** The `HttpServletRequest` is saved in the {security-api-url}org/springframework/security/web/savedrequest/RequestCache.html[`RequestCache`].
 When the user successfully authenticates, the `RequestCache` is used to replay the original request.
 // FIXME: add link to authentication success

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/anonymous.adoc

@@ -14,7 +14,7 @@ You could also omit these pages from the filter chain entirely, thus bypassing t
 This is what we mean by anonymous authentication.
 Note that there is no real conceptual difference between a user who is "anonymously authenticated" and an unauthenticated user.
 Spring Security's anonymous authentication just gives you a more convenient way to configure your access-control attributes.
-Calls to servlet API calls such as `getCallerPrincipal`, for example, will still return null even though there is actually an anonymous authentication object in the `SecurityContextHolder`.
+Calls to servlet API such as `getCallerPrincipal`, for example, will still return null even though there is actually an anonymous authentication object in the `SecurityContextHolder`.
 
 There are other situations where anonymous authentication is useful, such as when an auditing interceptor queries the `SecurityContextHolder` to identify which principal was responsible for a given operation.
 Classes can be authored more robustly if they know the `SecurityContextHolder` always contains an `Authentication` object, and never `null`.

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/architecture/security-context-holder.adoc

@@ -86,4 +86,4 @@ Other applications might want to have threads spawned by the secure thread also
 This is achieved by using `SecurityContextHolder.MODE_INHERITABLETHREADLOCAL`.
 You can change the mode from the default `SecurityContextHolder.MODE_THREADLOCAL` in two ways.
 The first is to set a system property, the second is to call a static method on `SecurityContextHolder`.
-Most applications won't need to change from the default, but if you do, take a look at the JavaDoc for `SecurityContextHolder` to learn more.
+Most applications won't need to change from the default, but if you do, take a look at the Javadoc for `SecurityContextHolder` to learn more.

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/logout.adoc

@@ -55,17 +55,17 @@ override fun configure(http: HttpSecurity) {
 This is automatically applied when using `WebSecurityConfigurerAdapter`.
 <2> The URL that triggers log out to occur (default is `/logout`).
 If CSRF protection is enabled (default), then the request must also be a POST.
-For more information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutUrl-java.lang.String-[JavaDoc].
+For more information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutUrl-java.lang.String-[Javadoc].
 <3> The URL to redirect to after logout has occurred.
 The default is `/login?logout`.
-For more information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutSuccessUrl-java.lang.String-[JavaDoc].
+For more information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutSuccessUrl-java.lang.String-[Javadoc].
 <4> Let's you specify a custom `LogoutSuccessHandler`.
 If this is specified, `logoutSuccessUrl()` is ignored.
-For more information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutSuccessHandler-org.springframework.security.web.authentication.logout.LogoutSuccessHandler-[JavaDoc].
+For more information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#logoutSuccessHandler-org.springframework.security.web.authentication.logout.LogoutSuccessHandler-[Javadoc].
 <5> Specify whether to invalidate the `HttpSession` at the time of logout.
 This is *true* by default.
 Configures the `SecurityContextLogoutHandler` under the covers.
-For more information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#invalidateHttpSession-boolean-[JavaDoc].
+For more information, please consult the {security-api-url}org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.html#invalidateHttpSession-boolean-[Javadoc].
 <6> Adds a `LogoutHandler`.
 `SecurityContextLogoutHandler` is added as the last `LogoutHandler` by default.
 <7> Allows specifying the names of cookies to be removed on logout success.

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/rememberme.adoc

@@ -34,7 +34,7 @@ Notably, this has a potential security issue in that a captured remember-me toke
 This is the same issue as with digest authentication.
 If a principal is aware a token has been captured, they can easily change their password and immediately invalidate all remember-me tokens on issue.
 If more significant security is needed you should use the approach described in the next section.
-Alternatively remember-me services should simply not be used at all.
+Alternatively, remember-me services should simply not be used at all.
 
 If you are familiar with the topics discussed in the chapter on <<ns-config,namespace configuration>>, you can enable remember-me authentication just by adding the `<remember-me>` element: