Add Kotlin samples to docs

Issue: gh-5558
2020-02-26 10:11:24 -05:00 · 2020-02-26 10:11:24 -05:00 · bb72206eef
parent 87ca71473e
commit bb72206eef
2 changed files with 53 additions and 0 deletions
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
@ -47,6 +47,19 @@ protected void configure(HttpSecurity http) throws Exception {
 	<intercept-url pattern="/**" access="authenticated"/>
 </http>
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+fun configure(http: HttpSecurity) {
+    http {
+        // ...
+        authorizeRequests {
+            authorize(anyRequest, authenticated)
+        }
+    }
+}
+----
 ====

 We can configure Spring Security to have different rules by adding more rules in order of precedence.
@ -83,6 +96,24 @@ protected void configure(HttpSecurity http) throws Exception {
 	<intercept-url pattern="/**" access="denyAll"/> <!--5-->
 </http>
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+fun configure(http: HttpSecurity) {
+   http {
+        authorizeRequests { // <1>
+            authorize("/resources/**", permitAll) // <2>
+            authorize("/signup", permitAll)
+            authorize("/about", permitAll)
+
+            authorize("/admin/**", hasRole("ADMIN")) // <3>
+            authorize("/db/**", "hasRole('ADMIN') and hasRole('DBA')") // <4>
+            authorize(anyRequest, denyAll) // <5>
+        }
+    }
+}
+----
 ====
 <1> There are multiple authorization rules specified.
 Each rule is considered in the order they were declared.
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc
@ -67,6 +67,17 @@ public StrictHttpFirewall httpFirewall() {

 <http-firewall ref="httpFirewall"/>
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+@Bean
+fun httpFirewall(): StrictHttpFirewall {
+    val firewall = StrictHttpFirewall()
+    firewall.setAllowSemicolon(true)
+    return firewall
+}
+----
 ====

 The `StrictHttpFirewall` provides an allowed list of valid HTTP methods that are allowed to protect against https://www.owasp.org/index.php/Cross_Site_Tracing[Cross Site Tracing (XST)] and https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)[HTTP Verb Tampering].
@ -97,6 +108,17 @@ public StrictHttpFirewall httpFirewall() {

 <http-firewall ref="httpFirewall"/>
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+@Bean
+fun httpFirewall(): StrictHttpFirewall {
+    val firewall = StrictHttpFirewall()
+    firewall.setAllowedHttpMethods(listOf("GET", "POST"))
+    return firewall
+}
+----
 ====

 [TIP]