Add Kotlin expression-based authorization

Issue gh-8172
2025-05-30 08:42:13 +00:00 · 2020-07-06 13:13:57 +02:00 · 2020-07-06 13:13:57 +02:00 · f479f0ea49
commit f479f0ea49
parent 0bdf6859be
1 changed files with 48 additions and 23 deletions
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/authorization/expression-based.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/authorization/expression-based.adoc
@ -125,7 +125,20 @@ public class WebSecurity {

 You could refer to the method using:

-[source,xml]
+.Refer to method
+====
+.Java
+[source,java,role="primary"]
+----
+http
+    .authorizeRequests(authorize -> authorize
+        .antMatchers("/user/**").access("@webSecurity.check(authentication,request)")
+        ...
+    )
+----
+
+.XML
+[source,xml,role="secondary"]
 ----
 <http>
 	<intercept-url pattern="/user/**"
@ -134,17 +147,16 @@ You could refer to the method using:
 </http>
 ----

-or in Java configuration
-
-
-[source,java]
+.Kotlin
+[source,kotlin,role="secondary"]
 ----
-http
-    .authorizeRequests(authorize -> authorize
-        .antMatchers("/user/**").access("@webSecurity.check(authentication,request)")
-        ...
-    )
+http {
+    authorizeRequests {
+        authorize("/user/**", "@webSecurity.check(authentication,request)")
+    }
+}
 ----
+====

 [[el-access-web-path-variables]]
 ==== Path Variables in Web Security Expressions
@ -166,18 +178,10 @@ public class WebSecurity {

 You could refer to the method using:

-[source,xml,attrs="-attributes"]
----
-<http>
-	<intercept-url pattern="/user/{userId}/**"
-		access="@webSecurity.checkUserId(authentication,#userId)"/>
-	...
-</http>
----
-
-or in Java configuration
-
-[source,java,attrs="-attributes"]
+.Path Variables
+====
+.Java
+[source,java,role="primary",attrs="-attributes"]
 ----
 http
 	.authorizeRequests(authorize -> authorize
@ -186,7 +190,28 @@ http
 	);
 ----

-In both configurations URLs that match would pass in the path variable (and convert it) into checkUserId method.
+.XML
+[source,xml,role="secondary",attrs="-attributes"]
+----
+<http>
+	<intercept-url pattern="/user/{userId}/**"
+		access="@webSecurity.checkUserId(authentication,#userId)"/>
+	...
+</http>
+----
+
+.Kotlin
+[source,kotlin,role="secondary",attrs="-attributes"]
+----
+http {
+    authorizeRequests {
+        authorize("/user/{userId}/**", "@webSecurity.checkUserId(authentication,#userId)")
+    }
+}
+----
+====
+
+In this configuration URLs that match would pass in the path variable (and convert it) into checkUserId method.
 For example, if the URL were `/user/123/resource`, then the id passed in would be `123`.

 === Method Security Expressions