Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Kotlin samples to docs 

Issue: gh-5558
This commit is contained in:
Eleftheria Stein 2020-02-26 10:11:24 -05:00
parent 87ca71473e
commit bb72206eef
2 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
View File

@ -47,6 +47,19 @@ protected void configure(HttpSecurity http) throws Exception {
<intercept-url pattern="/**" access="authenticated"/> <intercept-url pattern="/**" access="authenticated"/>
</http> </http>
---- ----
.Kotlin
[source,kotlin,role="secondary"]
----
fun configure(http: HttpSecurity) {
http {
// ...
authorizeRequests {
authorize(anyRequest, authenticated)
}
}
}
----
==== ====
We can configure Spring Security to have different rules by adding more rules in order of precedence. We can configure Spring Security to have different rules by adding more rules in order of precedence.
@ -83,6 +96,24 @@ protected void configure(HttpSecurity http) throws Exception {
<intercept-url pattern="/**" access="denyAll"/> <!--5--> <intercept-url pattern="/**" access="denyAll"/> <!--5-->
</http> </http>
---- ----
.Kotlin
[source,kotlin,role="secondary"]
----
fun configure(http: HttpSecurity) {
http {
authorizeRequests { // <1>
authorize("/resources/**", permitAll) // <2>
authorize("/signup", permitAll)
authorize("/about", permitAll)
authorize("/admin/**", hasRole("ADMIN")) // <3>
authorize("/db/**", "hasRole('ADMIN') and hasRole('DBA')") // <4>
authorize(anyRequest, denyAll) // <5>
}
}
}
----
==== ====
<1> There are multiple authorization rules specified. <1> There are multiple authorization rules specified.
Each rule is considered in the order they were declared. Each rule is considered in the order they were declared.

22
docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc
View File

@ -67,6 +67,17 @@ public StrictHttpFirewall httpFirewall() {
<http-firewall ref="httpFirewall"/> <http-firewall ref="httpFirewall"/>
---- ----
.Kotlin
[source,kotlin,role="secondary"]
----
@Bean
fun httpFirewall(): StrictHttpFirewall {
val firewall = StrictHttpFirewall()
firewall.setAllowSemicolon(true)
return firewall
}
----
==== ====
The `StrictHttpFirewall` provides an allowed list of valid HTTP methods that are allowed to protect against https://www.owasp.org/index.php/Cross_Site_Tracing[Cross Site Tracing (XST)] and https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)[HTTP Verb Tampering]. The `StrictHttpFirewall` provides an allowed list of valid HTTP methods that are allowed to protect against https://www.owasp.org/index.php/Cross_Site_Tracing[Cross Site Tracing (XST)] and https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)[HTTP Verb Tampering].
@ -97,6 +108,17 @@ public StrictHttpFirewall httpFirewall() {
<http-firewall ref="httpFirewall"/> <http-firewall ref="httpFirewall"/>
---- ----
.Kotlin
[source,kotlin,role="secondary"]
----
@Bean
fun httpFirewall(): StrictHttpFirewall {
val firewall = StrictHttpFirewall()
firewall.setAllowedHttpMethods(listOf("GET", "POST"))
return firewall
}
----
==== ====
[TIP] [TIP]