diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
index aaaaef18ff..69e979181f 100644
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
@@ -47,6 +47,19 @@ protected void configure(HttpSecurity http) throws Exception {
 	<intercept-url pattern="/**" access="authenticated"/>
 </http>
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+fun configure(http: HttpSecurity) {
+    http {
+        // ...
+        authorizeRequests {
+            authorize(anyRequest, authenticated)
+        }
+    }
+}
+----
 ====
 
 We can configure Spring Security to have different rules by adding more rules in order of precedence.
@@ -83,6 +96,24 @@ protected void configure(HttpSecurity http) throws Exception {
 	<intercept-url pattern="/**" access="denyAll"/> <!--5-->
 </http>
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+fun configure(http: HttpSecurity) {
+   http {
+        authorizeRequests { // <1>
+            authorize("/resources/**", permitAll) // <2>
+            authorize("/signup", permitAll)
+            authorize("/about", permitAll)
+
+            authorize("/admin/**", hasRole("ADMIN")) // <3>
+            authorize("/db/**", "hasRole('ADMIN') and hasRole('DBA')") // <4>
+            authorize(anyRequest, denyAll) // <5>
+        }
+    }
+}
+----
 ====
 <1> There are multiple authorization rules specified.
 Each rule is considered in the order they were declared.
diff --git a/docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc b/docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc
index 26690705f8..fb1653478b 100644
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc
@@ -67,6 +67,17 @@ public StrictHttpFirewall httpFirewall() {
 
 <http-firewall ref="httpFirewall"/>
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+@Bean
+fun httpFirewall(): StrictHttpFirewall {
+    val firewall = StrictHttpFirewall()
+    firewall.setAllowSemicolon(true)
+    return firewall
+}
+----
 ====
 
 The `StrictHttpFirewall` provides an allowed list of valid HTTP methods that are allowed to protect against https://www.owasp.org/index.php/Cross_Site_Tracing[Cross Site Tracing (XST)] and https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)[HTTP Verb Tampering].
@@ -97,6 +108,17 @@ public StrictHttpFirewall httpFirewall() {
 
 <http-firewall ref="httpFirewall"/>
 ----
+
+.Kotlin
+[source,kotlin,role="secondary"]
+----
+@Bean
+fun httpFirewall(): StrictHttpFirewall {
+    val firewall = StrictHttpFirewall()
+    firewall.setAllowedHttpMethods(listOf("GET", "POST"))
+    return firewall
+}
+----
 ====
 
 [TIP]