Add servlet CSRF Kotlin samples

Issue gh-8172

docs/manual/src/docs/asciidoc/_includes/servlet/exploits/csrf.adoc

@@ -59,9 +59,10 @@ If you do not need the ability to read the cookie with JavaScript directly, it i
 
 You can configure `CookieCsrfTokenRepository` in Java Configuration using:
 
-.Store CSRF Token in a Cookie with Java Configuration
+.Store CSRF Token in a Cookie
 ====
-[source,java]
+.Java
+[source,java,role="primary"]
 ----
 @EnableWebSecurity
 public class WebSecurityConfig extends
@@ -76,6 +77,22 @@ public class WebSecurityConfig extends
 	}
 }
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+@EnableWebSecurity
+class SecurityConfig : WebSecurityConfigurerAdapter() {
+
+    override fun configure(http: HttpSecurity) {
+       http {
+            csrf {
+                csrfTokenRepository = CookieCsrfTokenRepository.withHttpOnlyFalse()
+            }
+        }
+    }
+}
+----
 ====
 
 [NOTE]
@@ -106,9 +123,10 @@ The XML configuration below will disable CSRF protection.
 
 The Java configuration below will disable CSRF protection.
 
-.Disable CSRF Java Configuration
+.Disable CSRF
 ====
-[source,java]
+.Java
+[source,java,role="primary"]
 ----
 @Configuration
 @EnableWebSecurity
@@ -122,6 +140,23 @@ public class WebSecurityConfig extends
 	}
 }
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+@Configuration
+@EnableWebSecurity
+class SecurityConfig : WebSecurityConfigurerAdapter() {
+
+    override fun configure(http: HttpSecurity) {
+       http {
+            csrf {
+                disable()
+            }
+        }
+    }
+}
+----
 ====
 
 [[servlet-csrf-include]]
@@ -291,7 +326,8 @@ For example, the following Java Configuration will perform logout with the URL `
 
 .Log out with HTTP GET
 ====
-[source,java]
+.Java
+[source,java,role="primary"]
 ----
 @EnableWebSecurity
 public class WebSecurityConfig extends
@@ -306,6 +342,22 @@ public class WebSecurityConfig extends
 	}
 }
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+@EnableWebSecurity
+class SecurityConfig : WebSecurityConfigurerAdapter() {
+
+    override fun configure(http: HttpSecurity) {
+       http {
+            logout {
+                logoutRequestMatcher = AntPathRequestMatcher("/logout")
+            }
+        }
+    }
+}
+----
 ====
 
 
@@ -354,7 +406,8 @@ To ensure `MultipartFilter` is specified before the Spring Security filter with
 
 .Initializer MultipartFilter
 ====
-[source,java]
+.Java
+[source,java,role="primary"]
 ----
 public class SecurityApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
 
@@ -364,6 +417,16 @@ public class SecurityApplicationInitializer extends AbstractSecurityWebApplicati
 	}
 }
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+class SecurityApplicationInitializer : AbstractSecurityWebApplicationInitializer() {
+    override fun beforeSpringSecurityFilterChain(servletContext: ServletContext?) {
+        insertFilters(servletContext, MultipartFilter())
+    }
+}
+----
 ====
 
 To ensure `MultipartFilter` is specified before the Spring Security filter with XML configuration, users can ensure the <filter-mapping> element of the `MultipartFilter` is placed before the springSecurityFilterChain within the web.xml as shown below: