Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Polish kotlin.adoc 

Issue gh-14384
This commit is contained in:
Steve Riesenberg 2023-12-29 10:55:42 -06:00
parent 63556b6636
commit 6f3a1fe1cd
No known key found for this signature in database
GPG Key ID: 3D0169B18AB8F0A9
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc
View File

@ -1,6 +1,7 @@
[[kotlin-config]] [[kotlin-config]]
= Kotlin Configuration = Kotlin Configuration
Spring Security Kotlin configuration has been available since Spring Security 5.3. Spring Security Kotlin configuration has been available since Spring Security 5.3.
It lets users configure Spring Security by using a native Kotlin DSL. It lets users configure Spring Security by using a native Kotlin DSL.
@ -23,19 +24,19 @@ import org.springframework.security.config.annotation.web.invoke
@Bean @Bean
open fun filterChain(http: HttpSecurity): SecurityFilterChain { open fun filterChain(http: HttpSecurity): SecurityFilterChain {
http { http {
authorizeHttpRequests { authorizeHttpRequests {
authorize(anyRequest, authenticated) authorize(anyRequest, authenticated)
} }
formLogin { } formLogin { }
httpBasic { } httpBasic { }
} }
return http.build() return http.build()
} }
---- ----
[NOTE] [NOTE]
Make sure that import the `invoke` function in your class, sometimes the IDE will not auto-import it causing compilation issues. Make sure to import the `invoke` function in your class, as the IDE will not always auto-import the method, causing compilation issues.
The default configuration (shown in the preceding listing): The default configuration (shown in the preceding listing):
@ -43,7 +44,7 @@ The default configuration (shown in the preceding listing):
* Lets users authenticate with form-based login * Lets users authenticate with form-based login
* Lets users authenticate with HTTP Basic authentication * Lets users authenticate with HTTP Basic authentication
Note that this configuration is parallels the XML namespace configuration: Note that this configuration parallels the XML namespace configuration:
[source,xml] [source,xml]
---- ----
@ -58,13 +59,13 @@ Note that this configuration is parallels the XML namespace configuration:
We can configure multiple `HttpSecurity` instances, just as we can have multiple `<http>` blocks. We can configure multiple `HttpSecurity` instances, just as we can have multiple `<http>` blocks.
The key is to register multiple `SecurityFilterChain` ``@Bean``s. The key is to register multiple `SecurityFilterChain` ``@Bean``s.
The following example has a different configuration for URL's that start with `/api/`: The following example has a different configuration for URLs that start with `/api/`:
[source,kotlin] [source,kotlin]
---- ----
@Configuration
import org.springframework.security.config.annotation.web.invoke import org.springframework.security.config.annotation.web.invoke
@Configuration
@EnableWebSecurity @EnableWebSecurity
class MultiHttpSecurityConfig { class MultiHttpSecurityConfig {
@Bean <1> @Bean <1>
@ -104,7 +105,7 @@ class MultiHttpSecurityConfig {
<1> Configure Authentication as usual. <1> Configure Authentication as usual.
<2> Create an instance of `SecurityFilterChain` that contains `@Order` to specify which `SecurityFilterChain` should be considered first. <2> Create an instance of `SecurityFilterChain` that contains `@Order` to specify which `SecurityFilterChain` should be considered first.
<3> The `http.antMatcher` states that this `HttpSecurity` is applicable only to URLs that start with `/api/` <3> The `http.securityMatcher` states that this `HttpSecurity` is applicable only to URLs that start with `/api/`
<4> Create another instance of `SecurityFilterChain`. <4> Create another instance of `SecurityFilterChain`.
If the URL does not start with `/api/`, this configuration is used. If the URL does not start with `/api/`, this configuration is used.
This configuration is considered after `apiFilterChain`, since it has an `@Order` value after `1` (no `@Order` defaults to last). This configuration is considered after `apiFilterChain`, since it has an `@Order` value after `1` (no `@Order` defaults to last).