Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-05-31 17:22:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Kotlin expression-based authorization

Browse Source 
Issue gh-8172
This commit is contained in:
Eleftheria Stein 2020-07-06 13:13:57 +02:00
parent 0bdf6859be
commit f479f0ea49
1 changed files with 48 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
docs/manual/src/docs/asciidoc/_includes/servlet/authorization/expression-based.adoc
View File

@ -125,7 +125,20 @@ public class WebSecurity {
You could refer to the method using: You could refer to the method using:
[source,xml] .Refer to method
====
.Java
[source,java,role="primary"]
----
http
.authorizeRequests(authorize -> authorize
.antMatchers("/user/**").access("@webSecurity.check(authentication,request)")
...
)
----
.XML
[source,xml,role="secondary"]
---- ----
<http> <http>
<intercept-url pattern="/user/**" <intercept-url pattern="/user/**"
@ -134,17 +147,16 @@ You could refer to the method using:
</http> </http>
---- ----
or in Java configuration .Kotlin
[source,kotlin,role="secondary"]
[source,java]
---- ----
http http {
.authorizeRequests(authorize -> authorize authorizeRequests {
.antMatchers("/user/**").access("@webSecurity.check(authentication,request)") authorize("/user/**", "@webSecurity.check(authentication,request)")
... }
) }
---- ----
====
[[el-access-web-path-variables]] [[el-access-web-path-variables]]
==== Path Variables in Web Security Expressions ==== Path Variables in Web Security Expressions
@ -166,18 +178,10 @@ public class WebSecurity {
You could refer to the method using: You could refer to the method using:
[source,xml,attrs="-attributes"] .Path Variables
---- ====
<http> .Java
<intercept-url pattern="/user/{userId}/**" [source,java,role="primary",attrs="-attributes"]
access="@webSecurity.checkUserId(authentication,#userId)"/>
...
</http>
----
or in Java configuration
[source,java,attrs="-attributes"]
---- ----
http http
.authorizeRequests(authorize -> authorize .authorizeRequests(authorize -> authorize
@ -186,7 +190,28 @@ http
); );
---- ----
In both configurations URLs that match would pass in the path variable (and convert it) into checkUserId method. .XML
[source,xml,role="secondary",attrs="-attributes"]
----
<http>
<intercept-url pattern="/user/{userId}/**"
access="@webSecurity.checkUserId(authentication,#userId)"/>
...
</http>
----
.Kotlin
[source,kotlin,role="secondary",attrs="-attributes"]
----
http {
authorizeRequests {
authorize("/user/{userId}/**", "@webSecurity.checkUserId(authentication,#userId)")
}
}
----
====
In this configuration URLs that match would pass in the path variable (and convert it) into checkUserId method.
For example, if the URL were `/user/123/resource`, then the id passed in would be `123`. For example, if the URL were `/user/123/resource`, then the id passed in would be `123`.
=== Method Security Expressions === Method Security Expressions