Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-22 20:12:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix MVC Documentation for Kotlin

Browse Source 
Closes gh-16426
This commit is contained in:
Josh Cummings 2025-01-15 17:45:05 -07:00
parent 443af32314
commit 7b8ff72c4e
No known key found for this signature in database
GPG Key ID: 869B37A20E876129
1 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
docs/modules/ROOT/pages/servlet/integrations/mvc.adoc
View File

@ -199,12 +199,10 @@ We could add additional rules for all the permutations of Spring MVC, but this w
Fortunately, when using the `requestMatchers` DSL method, Spring Security automatically creates a `MvcRequestMatcher` if it detects that Spring MVC is available in the classpath.
Therefore, it will protect the same URLs that Spring MVC will match on by using Spring MVC to match on the URL.
One common requirement when using Spring MVC is to specify the servlet path property, for that you can use the `MvcRequestMatcher.Builder` to create multiple `MvcRequestMatcher` instances that share the same servlet path:
One common requirement when using Spring MVC is to specify the servlet path property.
For Java-based Configuration, you can use the `MvcRequestMatcher.Builder` to create multiple `MvcRequestMatcher` instances that share the same servlet path:
[tabs]
======
Java::
+
[source,java,role="primary"]
----
@Bean
@ -219,32 +217,36 @@ public SecurityFilterChain filterChain(HttpSecurity http, HandlerMappingIntrospe
}
----
For Kotlin and XML, this happens when you specify the servlet path for each path like so:
[tabs]
======
Kotlin::
+
[source,kotlin,role="secondary"]
----
@Bean
open fun filterChain(http: HttpSecurity, introspector: HandlerMappingIntrospector): SecurityFilterChain {
val mvcMatcherBuilder = MvcRequestMatcher.Builder(introspector)
open fun filterChain(http: HttpSecurity): SecurityFilterChain {
http {
authorizeHttpRequests {
authorize(mvcMatcherBuilder.pattern("/admin"), hasRole("ADMIN"))
authorize(mvcMatcherBuilder.pattern("/user"), hasRole("USER"))
authorize("/admin/**", "/mvc", hasRole("ADMIN"))
authorize("/user/**", "/mvc", hasRole("USER"))
}
}
return http.build()
}
----
======
The following XML has the same effect:
[source,xml]
Xml::
+
[source,xml, role="secondary"]
----
<http request-matcher="mvc">
<intercept-url pattern="/admin" access="hasRole('ADMIN')"/>
<intercept-url pattern="/admin/**" servlet-path="/mvc" access="hasRole('ADMIN')"/>
<intercept-url pattern="/user/**" servlet-path="/mvc" access="hasRole('USER')"/>
</http>
----
======
[[mvc-authentication-principal]]
== @AuthenticationPrincipal