Resolve package tangles with security marker annotation

2020-05-21 10:19:59 -04:00 · 2020-05-21 10:19:59 -04:00 · 67d2efde1c
parent bc272ddf73
commit 67d2efde1c
22 changed files with 147 additions and 34 deletions
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.headers

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker

 /**
 * A Kotlin DSL to configure the [HttpSecurity] cache control headers using idiomatic
@ -27,7 +26,7 @@ import org.springframework.security.config.web.servlet.SecurityMarker
 * @author Eleftheria Stein
 * @since 5.3
 */
-@SecurityMarker
+@HeadersSecurityMarker
 class CacheControlDsl {
    private var disabled = false

--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.headers

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker

 /**
 * A Kotlin DSL to configure the [HttpSecurity] Content-Security-Policy header using
@ -29,7 +28,7 @@ import org.springframework.security.config.web.servlet.SecurityMarker
 * @property policyDirectives the security policy directive(s) to be used in the response header.
 * @property reportOnly includes the Content-Security-Policy-Report-Only header in the response.
 */
-@SecurityMarker
+@HeadersSecurityMarker
 class ContentSecurityPolicyDsl {
    var policyDirectives: String? = null
    var reportOnly: Boolean? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.headers

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker

 /**
 * A Kotlin DSL to configure [HttpSecurity] X-Content-Type-Options header using idiomatic
@ -27,7 +26,7 @@ import org.springframework.security.config.web.servlet.SecurityMarker
 * @author Eleftheria Stein
 * @since 5.3
 */
-@SecurityMarker
+@HeadersSecurityMarker
 class ContentTypeOptionsDsl {
    private var disabled = false

--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.headers

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker

 /**
 * A Kotlin DSL to configure the [HttpSecurity] X-Frame-Options header using
@ -30,7 +29,7 @@ import org.springframework.security.config.web.servlet.SecurityMarker
 * application.
 * @property deny deny framing any content from this application.
 */
-@SecurityMarker
+@HeadersSecurityMarker
 class FrameOptionsDsl {
    var sameOrigin: Boolean? = null
    var deny: Boolean? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HeadersSecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HeadersSecurityMarker.kt
@ -0,0 +1,26 @@
+/*
+ * Copyright 2002-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.web.servlet.headers
+
+/**
+ * Marker annotation indicating that the annotated class is part of the headers security DSL.
+ *
+ * @author Eleftheria Stein
+ * @since 5.4
+ */
+@DslMarker
+annotation class HeadersSecurityMarker
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.headers

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker

 /**
 * A Kotlin DSL to configure the [HttpSecurity] HTTP Public Key Pinning header using
@ -35,7 +34,7 @@ import org.springframework.security.config.web.servlet.SecurityMarker
 * the server.
 * @property reportUri the URI to which the browser should report pin validation failures.
 */
-@SecurityMarker
+@HeadersSecurityMarker
 class HttpPublicKeyPinningDsl {
    var pins: Map<String, String>? = null
    var maxAgeInSeconds: Long? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.headers

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker
 import org.springframework.security.web.util.matcher.RequestMatcher

 /**
@ -35,7 +34,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher
 * @property includeSubDomains if true, subdomains should be considered HSTS Hosts too.
 * @property preload if true, preload will be included in HSTS Header.
 */
-@SecurityMarker
+@HeadersSecurityMarker
 class HttpStrictTransportSecurityDsl {
    var maxAgeInSeconds: Long? = null
    var requestMatcher: RequestMatcher? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.headers

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker
 import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter

 /**
@ -29,7 +28,7 @@ import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWrite
 * @since 5.3
 * @property policy the policy to be used in the response header.
 */
-@SecurityMarker
+@HeadersSecurityMarker
 class ReferrerPolicyDsl {
    var policy: ReferrerPolicyHeaderWriter.ReferrerPolicy? = null

--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.headers

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker

 /**
 * A Kotlin DSL to configure the [HttpSecurity] XSS protection header using
@ -30,7 +29,7 @@ import org.springframework.security.config.web.servlet.SecurityMarker
 * @property xssProtectionEnabled if true, the header value will contain a value of 1.
 * If false, will explicitly disable specify that X-XSS-Protection is disabled.
 */
-@SecurityMarker
+@HeadersSecurityMarker
 class XssProtectionConfigDsl {
    var block: Boolean? = null
    var xssProtectionEnabled: Boolean? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.oauth2.client

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
@ -35,7 +34,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 * @property accessTokenResponseClient the client used for requesting the access token credential
 * from the Token Endpoint.
 */
-@SecurityMarker
+@OAuth2ClientSecurityMarker
 class AuthorizationCodeGrantDsl {
    var authorizationRequestResolver: OAuth2AuthorizationRequestResolver? = null
    var authorizationRequestRepository: AuthorizationRequestRepository<OAuth2AuthorizationRequest>? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/OAuth2ClientSecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/OAuth2ClientSecurityMarker.kt
@ -0,0 +1,26 @@
+/*
+ * Copyright 2002-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.web.servlet.oauth2.client
+
+/**
+ * Marker annotation indicating that the annotated class is part of the OAuth 2.0 client security DSL.
+ *
+ * @author Eleftheria Stein
+ * @since 5.4
+ */
+@DslMarker
+annotation class OAuth2ClientSecurityMarker
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.oauth2.login

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker
 import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
@ -33,7 +32,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
 * @property authorizationRequestResolver the resolver used for resolving [OAuth2AuthorizationRequest]'s.
 * @property authorizationRequestRepository the repository used for storing [OAuth2AuthorizationRequest]'s.
 */
-@SecurityMarker
+@OAuth2LoginSecurityMarker
 class AuthorizationEndpointDsl {
    var baseUri: String? = null
    var authorizationRequestResolver: OAuth2AuthorizationRequestResolver? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/OAuth2LoginSecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/OAuth2LoginSecurityMarker.kt
@ -0,0 +1,26 @@
+/*
+ * Copyright 2002-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.web.servlet.oauth2.login
+
+/**
+ * Marker annotation indicating that the annotated class is part of the OAuth 2.0 login security DSL.
+ *
+ * @author Eleftheria Stein
+ * @since 5.4
+ */
+@DslMarker
+annotation class OAuth2LoginSecurityMarker
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.oauth2.login

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker

 /**
 * A Kotlin DSL to configure the Authorization Server's Redirection Endpoint using
@ -28,7 +27,7 @@ import org.springframework.security.config.web.servlet.SecurityMarker
 * @since 5.3
 * @property baseUri the URI where the authorization response will be processed.
 */
-@SecurityMarker
+@OAuth2LoginSecurityMarker
 class RedirectionEndpointDsl {
    var baseUri: String? = null

--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.oauth2.login

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker
 import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
 import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest

@ -31,7 +30,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo
 * @property accessTokenResponseClient the client used for requesting the access token credential
 * from the Token Endpoint.
 */
-@SecurityMarker
+@OAuth2LoginSecurityMarker
 class TokenEndpointDsl {
    var accessTokenResponseClient: OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>? = null

--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.oauth2.login

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker
 import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper
 import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest
 import org.springframework.security.oauth2.client.registration.ClientRegistration
@ -39,7 +38,7 @@ import org.springframework.security.oauth2.core.user.OAuth2User
 * End-User from the UserInfo Endpoint.
 * @property userAuthoritiesMapper the [GrantedAuthoritiesMapper] used for mapping [OAuth2User.getAuthorities]
 */
-@SecurityMarker
+@OAuth2LoginSecurityMarker
 class UserInfoEndpointDsl {
    var userService: OAuth2UserService<OAuth2UserRequest, OAuth2User>? = null
    var oidcUserService: OAuth2UserService<OidcUserRequest, OidcUser>? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDsl.kt
@ -20,7 +20,6 @@ import org.springframework.core.convert.converter.Converter
 import org.springframework.security.authentication.AbstractAuthenticationToken
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker
 import org.springframework.security.oauth2.jwt.Jwt
 import org.springframework.security.oauth2.jwt.JwtDecoder

@ -35,7 +34,7 @@ import org.springframework.security.oauth2.jwt.JwtDecoder
 * @property jwkSetUri configures a [JwtDecoder] using a
 * <a target="_blank" href="https://tools.ietf.org/html/rfc7517">JSON Web Key (JWK)</a> URL
 */
-@SecurityMarker
+@OAuth2ResourceServerSecurityMarker
 class JwtDsl {
    private var _jwtDecoder: JwtDecoder? = null
    private var _jwkSetUri: String? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OAuth2ResourceServerSecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OAuth2ResourceServerSecurityMarker.kt
@ -0,0 +1,26 @@
+/*
+ * Copyright 2002-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.web.servlet.oauth2.resourceserver
+
+/**
+ * Marker annotation indicating that the annotated class is part of the OAuth 2.0 resource server security DSL.
+ *
+ * @author Eleftheria Stein
+ * @since 5.4
+ */
+@DslMarker
+annotation class OAuth2ResourceServerSecurityMarker
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.oauth2.resourceserver

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector

 /**
@ -29,7 +28,7 @@ import org.springframework.security.oauth2.server.resource.introspection.OpaqueT
 * @property introspectionUri the URI of the Introspection endpoint.
 * @property introspector the [OpaqueTokenIntrospector] to use.
 */
-@SecurityMarker
+@OAuth2ResourceServerSecurityMarker
 class OpaqueTokenDsl {
    private var _introspectionUri: String? = null
    private var _introspector: OpaqueTokenIntrospector? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.session

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker
 import org.springframework.security.core.session.SessionRegistry
 import org.springframework.security.web.session.SessionInformationExpiredStrategy

@ -38,7 +37,7 @@ import org.springframework.security.web.session.SessionInformationExpiredStrateg
 * is allowed access and an existing user's session is expired.
 * @property sessionRegistry the [SessionRegistry] implementation used.
 */
-@SecurityMarker
+@SessionSecurityMarker
 class SessionConcurrencyDsl {
    var maximumSessions: Int? = null
    var expiredUrl: String? = null
--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDsl.kt
@ -18,7 +18,6 @@ package org.springframework.security.config.web.servlet.session

 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
-import org.springframework.security.config.web.servlet.SecurityMarker
 import javax.servlet.http.HttpServletRequest
 import javax.servlet.http.HttpSession

@ -29,7 +28,7 @@ import javax.servlet.http.HttpSession
 * @author Eleftheria Stein
 * @since 5.3
 */
-@SecurityMarker
+@SessionSecurityMarker
 class SessionFixationDsl {
    private var strategy: SessionFixationStrategy? = null

--- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionSecurityMarker.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionSecurityMarker.kt
@ -0,0 +1,26 @@
+/*
+ * Copyright 2002-2020 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.config.web.servlet.session
+
+/**
+ * Marker annotation indicating that the annotated class is part of the session security DSL.
+ *
+ * @author Eleftheria Stein
+ * @since 5.4
+ */
+@DslMarker
+annotation class SessionSecurityMarker