Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix: Adjusted code formatting to remaining code examples.

This commit is contained in:
Robert Danczak 2024-08-12 08:15:10 +02:00 committed by Marcus Hert Da Coregio
parent b6922d22fa
commit 12a9f9240c
1 changed files with 30 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
View File

@ -546,8 +546,10 @@ And even though xref:servlet/authentication/architecture.adoc#servlet-authentica
To address that, you can configure Spring Security Java configuration to allow dispatcher types like `FORWARD` and `ERROR`, like so: To address that, you can configure Spring Security Java configuration to allow dispatcher types like `FORWARD` and `ERROR`, like so:
.Match by Dispatcher Type .Match by Dispatcher Type
==== [tabs]
.Java ======
Java::
+
[source,java,role="secondary"] [source,java,role="secondary"]
---- ----
http http
@ -558,7 +560,8 @@ http
) )
---- ----
.Kotlin Kotlin::
+
[source,kotlin,role="secondary"] [source,kotlin,role="secondary"]
---- ----
http { http {
@ -570,7 +573,7 @@ http {
} }
} }
---- ----
==== ======
[[match-by-mvc]] [[match-by-mvc]]
=== Using an MvcRequestMatcher === Using an MvcRequestMatcher
@ -584,8 +587,10 @@ For example, if Spring MVC is mapped to `/spring-mvc` instead of `/` (the defaul
You need to use `MvcRequestMatcher` to split the servlet path and the controller path in your configuration like so: You need to use `MvcRequestMatcher` to split the servlet path and the controller path in your configuration like so:
.Match by MvcRequestMatcher .Match by MvcRequestMatcher
==== [tabs]
.Java ======
Java::
+
[source,java,role="primary"] [source,java,role="primary"]
---- ----
@Bean @Bean
@ -605,7 +610,8 @@ SecurityFilterChain appEndpoints(HttpSecurity http, MvcRequestMatcher.Builder mv
} }
---- ----
.Kotlin Kotlin::
+
[source,kotlin,role="secondary"] [source,kotlin,role="secondary"]
---- ----
@Bean @Bean
@ -622,7 +628,8 @@ fun appEndpoints(http: HttpSecurity, mvc: MvcRequestMatcher.Builder): SecurityFi
} }
---- ----
.Xml Xml::
+
[source,xml,role="secondary"] [source,xml,role="secondary"]
---- ----
<http> <http>
@ -630,7 +637,7 @@ fun appEndpoints(http: HttpSecurity, mvc: MvcRequestMatcher.Builder): SecurityFi
<intercept-url pattern="/**" access="authenticated"/> <intercept-url pattern="/**" access="authenticated"/>
</http> </http>
---- ----
==== ======
This need can arise in at least two different ways: This need can arise in at least two different ways:
@ -646,8 +653,10 @@ This feature is not currently supported in XML
In Java configuration, you can create your own javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] and supply it to the DSL like so: In Java configuration, you can create your own javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] and supply it to the DSL like so:
.Authorize by Dispatcher Type .Authorize by Dispatcher Type
==== [tabs]
.Java ======
Java::
+
[source,java,role="secondary"] [source,java,role="secondary"]
---- ----
RequestMatcher printview = (request) -> request.getParameter("print") != null; RequestMatcher printview = (request) -> request.getParameter("print") != null;
@ -658,7 +667,8 @@ http
) )
---- ----
.Kotlin Kotlin::
+
[source,kotlin,role="secondary"] [source,kotlin,role="secondary"]
---- ----
val printview: RequestMatcher = { (request) -> request.getParameter("print") != null } val printview: RequestMatcher = { (request) -> request.getParameter("print") != null }
@ -669,7 +679,7 @@ http {
} }
} }
---- ----
==== ======
[TIP] [TIP]
Because javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] is a functional interface, you can supply it as a lambda in the DSL. Because javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] is a functional interface, you can supply it as a lambda in the DSL.
@ -889,8 +899,10 @@ When you have static resources it can be tempting to configure the filter chain
A more secure approach is to permit them using `permitAll` like so: A more secure approach is to permit them using `permitAll` like so:
.Permit Static Resources .Permit Static Resources
==== [tabs]
.Java ======
Java::
+
[source,java,role="secondary"] [source,java,role="secondary"]
---- ----
http http
@ -900,7 +912,8 @@ http
) )
---- ----
.Kotlin Kotlin::
+
[source,kotlin,role="secondary"] [source,kotlin,role="secondary"]
---- ----
http { http {
@ -910,7 +923,7 @@ http {
} }
} }
---- ----
==== ======
It's more secure because even with static resources it's important to write secure headers, which Spring Security cannot do if the request is ignored. It's more secure because even with static resources it's important to write secure headers, which Spring Security cannot do if the request is ignored.