From 146d9ba0bfa97d748e0e5fbbff3c1c187a6f22ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Labagnara?= Date: Mon, 13 Apr 2020 13:08:00 +0200 Subject: [PATCH] Add marker to make Kotlin DSL type safe. Fixes gh-8366 --- .../config/web/server/AuthorizeExchangeDsl.kt | 1 + .../config/web/server/ServerAnonymousDsl.kt | 1 + .../config/web/server/ServerCorsDsl.kt | 1 + .../config/web/server/ServerCsrfDsl.kt | 1 + .../web/server/ServerExceptionHandlingDsl.kt | 1 + .../config/web/server/ServerFormLoginDsl.kt | 1 + .../config/web/server/ServerHeadersDsl.kt | 1 + .../config/web/server/ServerHttpBasicDsl.kt | 1 + .../web/server/ServerHttpSecurityDsl.kt | 1 + .../web/server/ServerHttpsRedirectDsl.kt | 1 + .../config/web/server/ServerLogoutDsl.kt | 1 + .../web/server/ServerOAuth2ClientDsl.kt | 1 + .../config/web/server/ServerOAuth2LoginDsl.kt | 1 + .../server/ServerOAuth2ResourceServerDsl.kt | 1 + .../web/server/ServerRequestCacheDsl.kt | 1 + .../config/web/server/ServerSecurityMarker.kt | 26 +++++++++++++++++++ .../config/web/server/ServerX509Dsl.kt | 1 + .../server/headers/ServerCacheControlDsl.kt | 2 ++ .../headers/ServerContentSecurityPolicyDsl.kt | 2 ++ .../headers/ServerContentTypeOptionsDsl.kt | 2 ++ .../server/headers/ServerFrameOptionsDsl.kt | 2 ++ .../ServerHttpStrictTransportSecurityDsl.kt | 2 ++ .../server/headers/ServerReferrerPolicyDsl.kt | 2 ++ .../server/headers/ServerXssProtectionDsl.kt | 2 ++ .../oauth2/resourceserver/ServerJwtDsl.kt | 2 ++ .../resourceserver/ServerOpaqueTokenDsl.kt | 2 ++ 26 files changed, 60 insertions(+) create mode 100644 config/src/main/kotlin/org/springframework/security/config/web/server/ServerSecurityMarker.kt diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/AuthorizeExchangeDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/AuthorizeExchangeDsl.kt index 849413d2a8..8df31aaca5 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/AuthorizeExchangeDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/AuthorizeExchangeDsl.kt @@ -34,6 +34,7 @@ import reactor.core.publisher.Mono * @author Eleftheria Stein * @since 5.4 */ +@ServerSecurityMarker class AuthorizeExchangeDsl { private val authorizationRules = mutableListOf() diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerAnonymousDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerAnonymousDsl.kt index 912e9ea979..6f532691f2 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerAnonymousDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerAnonymousDsl.kt @@ -32,6 +32,7 @@ import org.springframework.security.web.server.authentication.AnonymousAuthentic * @property authenticationFilter the [AnonymousAuthenticationWebFilter] used to populate * an anonymous user. */ +@ServerSecurityMarker class ServerAnonymousDsl { var key: String? = null var principal: Any? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerCorsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerCorsDsl.kt index c227a6b336..897e6a3d6c 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerCorsDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerCorsDsl.kt @@ -26,6 +26,7 @@ import org.springframework.web.cors.reactive.CorsConfigurationSource * @since 5.4 * @property configurationSource the [CorsConfigurationSource] to use. */ +@ServerSecurityMarker class ServerCorsDsl { var configurationSource: CorsConfigurationSource? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerCsrfDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerCsrfDsl.kt index 14b6b10cc8..f23d58e556 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerCsrfDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerCsrfDsl.kt @@ -32,6 +32,7 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat * @property requireCsrfProtectionMatcher the [ServerWebExchangeMatcher] used to determine when CSRF protection * is enabled. */ +@ServerSecurityMarker class ServerCsrfDsl { var accessDeniedHandler: ServerAccessDeniedHandler? = null var csrfTokenRepository: ServerCsrfTokenRepository? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerExceptionHandlingDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerExceptionHandlingDsl.kt index bbaa8ff9a3..d4e4d72cd4 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerExceptionHandlingDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerExceptionHandlingDsl.kt @@ -30,6 +30,7 @@ import org.springframework.security.web.server.authorization.ServerAccessDeniedH * @property accessDeniedHandler the [ServerAccessDeniedHandler] to use when an * authenticated user does not hold a required authority */ +@ServerSecurityMarker class ServerExceptionHandlingDsl { var authenticationEntryPoint: ServerAuthenticationEntryPoint? = null var accessDeniedHandler: ServerAccessDeniedHandler? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerFormLoginDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerFormLoginDsl.kt index 71e9a9a945..89ccc633bd 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerFormLoginDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerFormLoginDsl.kt @@ -50,6 +50,7 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat * [ReactorContextWebFilter] must be configured to be able to load the value (they are not * implicitly linked). */ +@ServerSecurityMarker class ServerFormLoginDsl { var authenticationManager: ReactiveAuthenticationManager? = null var loginPage: String? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHeadersDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHeadersDsl.kt index ecf73bd566..e1672c5787 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHeadersDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHeadersDsl.kt @@ -25,6 +25,7 @@ import org.springframework.security.web.server.header.* * @author Eleftheria Stein * @since 5.4 */ +@ServerSecurityMarker class ServerHeadersDsl { private var contentTypeOptions: ((ServerHttpSecurity.HeaderSpec.ContentTypeOptionsSpec) -> Unit)? = null private var xssProtection: ((ServerHttpSecurity.HeaderSpec.XssProtectionSpec) -> Unit)? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpBasicDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpBasicDsl.kt index 2401b0c695..91b157c264 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpBasicDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpBasicDsl.kt @@ -38,6 +38,7 @@ import org.springframework.security.web.server.context.ServerSecurityContextRepo * @property authenticationEntryPoint the [ServerAuthenticationEntryPoint] to be * populated on [BasicAuthenticationFilter] in the event that authentication fails. */ +@ServerSecurityMarker class ServerHttpBasicDsl { var authenticationManager: ReactiveAuthenticationManager? = null var securityContextRepository: ServerSecurityContextRepository? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpSecurityDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpSecurityDsl.kt index 3f0fc3c76a..8f09f5589a 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpSecurityDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpSecurityDsl.kt @@ -57,6 +57,7 @@ operator fun ServerHttpSecurity.invoke(httpConfiguration: ServerHttpSecurityDsl. * @since 5.4 * @param init the configurations to apply to the provided [ServerHttpSecurity] */ +@ServerSecurityMarker class ServerHttpSecurityDsl(private val http: ServerHttpSecurity, private val init: ServerHttpSecurityDsl.() -> Unit) { /** diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpsRedirectDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpsRedirectDsl.kt index 135fded6f5..4cebc72fe3 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpsRedirectDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerHttpsRedirectDsl.kt @@ -28,6 +28,7 @@ import org.springframework.web.server.ServerWebExchange * @since 5.4 * @property portMapper the [PortMapper] that specifies a custom HTTPS port to redirect to. */ +@ServerSecurityMarker class ServerHttpsRedirectDsl { var portMapper: PortMapper? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerLogoutDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerLogoutDsl.kt index 47d3dbe349..021fb770d7 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerLogoutDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerLogoutDsl.kt @@ -32,6 +32,7 @@ import org.springframework.security.web.server.util.matcher.ServerWebExchangeMat * @property logoutSuccessHandler the [ServerLogoutSuccessHandler] to use after logout has * occurred. */ +@ServerSecurityMarker class ServerLogoutDsl { var logoutHandler: ServerLogoutHandler? = null var logoutUrl: String? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2ClientDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2ClientDsl.kt index 0aadac5b31..6751d24296 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2ClientDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2ClientDsl.kt @@ -38,6 +38,7 @@ import org.springframework.web.server.ServerWebExchange * @property authorizedClientRepository the repository for authorized client(s). * @property authorizationRequestRepository the repository to use for storing [OAuth2AuthorizationRequest]s. */ +@ServerSecurityMarker class ServerOAuth2ClientDsl { var authenticationManager: ReactiveAuthenticationManager? = null var authenticationConverter: ServerAuthenticationConverter? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2LoginDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2LoginDsl.kt index ba257541c6..0c24340fbb 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2LoginDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2LoginDsl.kt @@ -52,6 +52,7 @@ import org.springframework.web.server.ServerWebExchange * @property authenticationMatcher the [ServerWebExchangeMatcher] used for determining if the request is an * authentication request. */ +@ServerSecurityMarker class ServerOAuth2LoginDsl { var authenticationManager: ReactiveAuthenticationManager? = null var securityContextRepository: ServerSecurityContextRepository? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2ResourceServerDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2ResourceServerDsl.kt index f09d4cba05..b395b130e9 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2ResourceServerDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerOAuth2ResourceServerDsl.kt @@ -37,6 +37,7 @@ import org.springframework.web.server.ServerWebExchange * Bearer Tokens. * @property authenticationManagerResolver the [ReactiveAuthenticationManagerResolver] to use. */ +@ServerSecurityMarker class ServerOAuth2ResourceServerDsl { var accessDeniedHandler: ServerAccessDeniedHandler? = null var authenticationEntryPoint: ServerAuthenticationEntryPoint? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerRequestCacheDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerRequestCacheDsl.kt index 7f0fc76a5d..59d25ad054 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerRequestCacheDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerRequestCacheDsl.kt @@ -25,6 +25,7 @@ import org.springframework.security.web.server.savedrequest.ServerRequestCache * @since 5.4 * @property requestCache allows explicit configuration of the [ServerRequestCache] to be used. */ +@ServerSecurityMarker class ServerRequestCacheDsl { var requestCache: ServerRequestCache? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerSecurityMarker.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerSecurityMarker.kt new file mode 100644 index 0000000000..29fbdde03f --- /dev/null +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerSecurityMarker.kt @@ -0,0 +1,26 @@ +/* + * Copyright 2002-2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.config.web.server + +/** + * Marker annotation indicating that the annotated class is part of the security DSL for server configuration. + * + * @author Loïc Labagnara + * @since 5.4 + */ +@DslMarker +annotation class ServerSecurityMarker diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerX509Dsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerX509Dsl.kt index 8d6f885a09..a970bd1b51 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/ServerX509Dsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/ServerX509Dsl.kt @@ -29,6 +29,7 @@ import org.springframework.security.web.authentication.preauth.x509.X509Principa * @property authenticationManager the [ReactiveAuthenticationManager] used to determine if the provided * [Authentication] can be authenticated. */ +@ServerSecurityMarker class ServerX509Dsl { var principalExtractor: X509PrincipalExtractor? = null var authenticationManager: ReactiveAuthenticationManager? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerCacheControlDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerCacheControlDsl.kt index 519432021c..87554a0e16 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerCacheControlDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerCacheControlDsl.kt @@ -17,6 +17,7 @@ package org.springframework.security.config.web.server.headers import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.config.web.server.ServerSecurityMarker /** * A Kotlin DSL to configure the [ServerHttpSecurity] cache control headers using @@ -25,6 +26,7 @@ import org.springframework.security.config.web.server.ServerHttpSecurity * @author Eleftheria Stein * @since 5.4 */ +@ServerSecurityMarker class ServerCacheControlDsl { private var disabled = false diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerContentSecurityPolicyDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerContentSecurityPolicyDsl.kt index 003e8a98c1..73a1f8c6c9 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerContentSecurityPolicyDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerContentSecurityPolicyDsl.kt @@ -17,6 +17,7 @@ package org.springframework.security.config.web.server.headers import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.config.web.server.ServerSecurityMarker /** * A Kotlin DSL to configure the [ServerHttpSecurity] Content-Security-Policy header using @@ -25,6 +26,7 @@ import org.springframework.security.config.web.server.ServerHttpSecurity * @author Eleftheria Stein * @since 5.4 */ +@ServerSecurityMarker class ServerContentSecurityPolicyDsl { var policyDirectives: String? = null var reportOnly: Boolean? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerContentTypeOptionsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerContentTypeOptionsDsl.kt index 4a3f4fc1f0..6815b65914 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerContentTypeOptionsDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerContentTypeOptionsDsl.kt @@ -17,6 +17,7 @@ package org.springframework.security.config.web.server.headers import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.config.web.server.ServerSecurityMarker /** * A Kotlin DSL to configure the [ServerHttpSecurity] the content type options header @@ -25,6 +26,7 @@ import org.springframework.security.config.web.server.ServerHttpSecurity * @author Eleftheria Stein * @since 5.4 */ +@ServerSecurityMarker class ServerContentTypeOptionsDsl { private var disabled = false diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerFrameOptionsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerFrameOptionsDsl.kt index 767bdfe8ff..c2d8c3f3f7 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerFrameOptionsDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerFrameOptionsDsl.kt @@ -17,6 +17,7 @@ package org.springframework.security.config.web.server.headers import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.config.web.server.ServerSecurityMarker import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter /** @@ -27,6 +28,7 @@ import org.springframework.security.web.server.header.XFrameOptionsServerHttpHea * @since 5.4 * @property mode the X-Frame-Options mode to set in the response header. */ +@ServerSecurityMarker class ServerFrameOptionsDsl { var mode: XFrameOptionsServerHttpHeadersWriter.Mode? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerHttpStrictTransportSecurityDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerHttpStrictTransportSecurityDsl.kt index 815ed23f42..2737e7673a 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerHttpStrictTransportSecurityDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerHttpStrictTransportSecurityDsl.kt @@ -17,6 +17,7 @@ package org.springframework.security.config.web.server.headers import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.config.web.server.ServerSecurityMarker import java.time.Duration /** @@ -30,6 +31,7 @@ import java.time.Duration * @property includeSubdomains if true, subdomains should be considered HSTS Hosts too. * @property preload if true, preload will be included in HSTS Header. */ +@ServerSecurityMarker class ServerHttpStrictTransportSecurityDsl { var maxAge: Duration? = null var includeSubdomains: Boolean? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerReferrerPolicyDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerReferrerPolicyDsl.kt index 7e6ff46ce1..e4c4ea7536 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerReferrerPolicyDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerReferrerPolicyDsl.kt @@ -17,6 +17,7 @@ package org.springframework.security.config.web.server.headers import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.config.web.server.ServerSecurityMarker import org.springframework.security.web.server.header.ReferrerPolicyServerHttpHeadersWriter /** @@ -27,6 +28,7 @@ import org.springframework.security.web.server.header.ReferrerPolicyServerHttpHe * @since 5.4 * @property policy the policy to be used in the response header. */ +@ServerSecurityMarker class ServerReferrerPolicyDsl { var policy: ReferrerPolicyServerHttpHeadersWriter.ReferrerPolicy? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerXssProtectionDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerXssProtectionDsl.kt index 257ac3c3bc..32485c5ac3 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerXssProtectionDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/headers/ServerXssProtectionDsl.kt @@ -17,6 +17,7 @@ package org.springframework.security.config.web.server.headers import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.config.web.server.ServerSecurityMarker /** * A Kotlin DSL to configure the [ServerHttpSecurity] XSS protection header using @@ -25,6 +26,7 @@ import org.springframework.security.config.web.server.ServerHttpSecurity * @author Eleftheria Stein * @since 5.4 */ +@ServerSecurityMarker class ServerXssProtectionDsl { private var disabled = false diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/oauth2/resourceserver/ServerJwtDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/oauth2/resourceserver/ServerJwtDsl.kt index fdb26dacf9..19349562b1 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/oauth2/resourceserver/ServerJwtDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/oauth2/resourceserver/ServerJwtDsl.kt @@ -20,6 +20,7 @@ import org.springframework.core.convert.converter.Converter import org.springframework.security.authentication.AbstractAuthenticationToken import org.springframework.security.authentication.ReactiveAuthenticationManager import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.config.web.server.ServerSecurityMarker import org.springframework.security.core.Authentication import org.springframework.security.oauth2.jwt.Jwt import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder @@ -40,6 +41,7 @@ import java.security.interfaces.RSAPublicKey * @property jwkSetUri configures a [ReactiveJwtDecoder] using a * JSON Web Key (JWK) URL */ +@ServerSecurityMarker class ServerJwtDsl { private var _jwtDecoder: ReactiveJwtDecoder? = null private var _publicKey: RSAPublicKey? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/server/oauth2/resourceserver/ServerOpaqueTokenDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/server/oauth2/resourceserver/ServerOpaqueTokenDsl.kt index de772ecf79..2ff5f57365 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/server/oauth2/resourceserver/ServerOpaqueTokenDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/server/oauth2/resourceserver/ServerOpaqueTokenDsl.kt @@ -17,6 +17,7 @@ package org.springframework.security.config.web.server.oauth2.resourceserver import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.config.web.server.ServerSecurityMarker import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector /** @@ -27,6 +28,7 @@ import org.springframework.security.oauth2.server.resource.introspection.Reactiv * @property introspectionUri the URI of the Introspection endpoint. * @property introspector the [ReactiveOpaqueTokenIntrospector] to use. */ +@ServerSecurityMarker class ServerOpaqueTokenDsl { private var _introspectionUri: String? = null private var _introspector: ReactiveOpaqueTokenIntrospector? = null