Add servlet HTTP exploit samples

Issue gh-8172
2020-09-18 14:44:33 +02:00 · 2020-09-18 14:44:33 +02:00 · 019c27b0a0
parent f26387a4b7
commit 019c27b0a0
1 changed files with 21 additions and 2 deletions
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/exploits/http.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/exploits/http.adoc
@ -12,9 +12,10 @@ If a client makes a request using HTTP rather than HTTPS, Spring Security can be

 For example, the following Java configuration will redirect any HTTP requests to HTTPS:

-.Redirect to HTTPS with Java Configuration
+.Redirect to HTTPS
 ====
-[source,java]
+.Java
+[source,java,role="primary"]
 ----
@Configuration
@EnableWebSecurity
@ -31,6 +32,24 @@ public class WebSecurityConfig extends
 	}
 }
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+@Configuration
+@EnableWebSecurity
+class SecurityConfig : WebSecurityConfigurerAdapter() {
+
+    override fun configure(http: HttpSecurity) {
+        http {
+            // ...
+            requiresChannel {
+                secure(AnyRequestMatcher.INSTANCE, "REQUIRES_SECURE_CHANNEL")
+            }
+        }
+    }
+}
+----
 ====

 The following XML configuration will redirect all HTTP requests to HTTPS