Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix: Adjusted code formatting to remaining code examples.

This commit is contained in:
Robert Danczak 2024-08-12 08:15:10 +02:00 committed by Marcus Hert Da Coregio
parent b6922d22fa
commit 12a9f9240c
1 changed files with 30 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
View File

@ -546,8 +546,10 @@ And even though xref:servlet/authentication/architecture.adoc#servlet-authentica
To address that, you can configure Spring Security Java configuration to allow dispatcher types like `FORWARD` and `ERROR`, like so:
.Match by Dispatcher Type
====
.Java
[tabs]
======
Java::
+
[source,java,role="secondary"]
----
http
@ -558,7 +560,8 @@ http
)
----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
http {
@ -570,7 +573,7 @@ http {
}
}
----
====
======
[[match-by-mvc]]
=== Using an MvcRequestMatcher
@ -584,8 +587,10 @@ For example, if Spring MVC is mapped to `/spring-mvc` instead of `/` (the defaul
You need to use `MvcRequestMatcher` to split the servlet path and the controller path in your configuration like so:
.Match by MvcRequestMatcher
====
.Java
[tabs]
======
Java::
+
[source,java,role="primary"]
----
@Bean
@ -605,7 +610,8 @@ SecurityFilterChain appEndpoints(HttpSecurity http, MvcRequestMatcher.Builder mv
}
----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
@Bean
@ -622,7 +628,8 @@ fun appEndpoints(http: HttpSecurity, mvc: MvcRequestMatcher.Builder): SecurityFi
}
----
.Xml
Xml::
+
[source,xml,role="secondary"]
----
<http>
@ -630,7 +637,7 @@ fun appEndpoints(http: HttpSecurity, mvc: MvcRequestMatcher.Builder): SecurityFi
<intercept-url pattern="/**" access="authenticated"/>
</http>
----
====
======
This need can arise in at least two different ways:
@ -646,8 +653,10 @@ This feature is not currently supported in XML
In Java configuration, you can create your own javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] and supply it to the DSL like so:
.Authorize by Dispatcher Type
====
.Java
[tabs]
======
Java::
+
[source,java,role="secondary"]
----
RequestMatcher printview = (request) -> request.getParameter("print") != null;
@ -658,7 +667,8 @@ http
)
----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
val printview: RequestMatcher = { (request) -> request.getParameter("print") != null }
@ -669,7 +679,7 @@ http {
}
}
----
====
======
[TIP]
Because javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] is a functional interface, you can supply it as a lambda in the DSL.
@ -889,8 +899,10 @@ When you have static resources it can be tempting to configure the filter chain
A more secure approach is to permit them using `permitAll` like so:
.Permit Static Resources
====
.Java
[tabs]
======
Java::
+
[source,java,role="secondary"]
----
http
@ -900,7 +912,8 @@ http
)
----
.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
http {
@ -910,7 +923,7 @@ http {
}
}
----
====
======
It's more secure because even with static resources it's important to write secure headers, which Spring Security cannot do if the request is ignored.