Eleftheria Stein
parent
1d6fdd249b
commit
fde3ccb8b3
|
|
@ -25,6 +25,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher
|
|||
* @author Eleftheria Stein
|
||||
* @since 5.3
|
||||
*/
|
||||
@SecurityMarker
|
||||
abstract class AbstractRequestMatcherDsl {
|
||||
/**
|
||||
* Matches any request.
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ import org.springframework.security.web.authentication.AnonymousAuthenticationFi
|
|||
* @property authenticationFilter the [AnonymousAuthenticationFilter] used to populate
|
||||
* an anonymous user.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class AnonymousDsl {
|
||||
var key: String? = null
|
||||
var principal: Any? = null
|
||||
|
|
|
|||
|
|
@ -25,6 +25,7 @@ import org.springframework.security.config.annotation.web.configurers.CorsConfig
|
|||
* @author Eleftheria Stein
|
||||
* @since 5.3
|
||||
*/
|
||||
@SecurityMarker
|
||||
class CorsDsl {
|
||||
private var disabled = false
|
||||
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletRequest
|
|||
* determining when CSRF should be applied.
|
||||
* @property sessionAuthenticationStrategy the [SessionAuthenticationStrategy] to use.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class CsrfDsl {
|
||||
var csrfTokenRepository: CsrfTokenRepository? = null
|
||||
var requireCsrfProtectionMatcher: RequestMatcher? = null
|
||||
|
|
|
|||
|
|
@ -33,6 +33,7 @@ import java.util.*
|
|||
* @property accessDeniedHandler the [AccessDeniedHandler] to use
|
||||
* @property authenticationEntryPoint the [AuthenticationEntryPoint] to use
|
||||
*/
|
||||
@SecurityMarker
|
||||
class ExceptionHandlingDsl {
|
||||
var accessDeniedPage: String? = null
|
||||
var accessDeniedHandler: AccessDeniedHandler? = null
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
|
|||
* @property permitAll whether to grant access to the urls for [failureUrl] as well as
|
||||
* for the [HttpSecurityBuilder], the [loginPage] and [loginProcessingUrl] for every user
|
||||
*/
|
||||
@SecurityMarker
|
||||
class FormLoginDsl {
|
||||
var loginPage: String? = null
|
||||
var authenticationSuccessHandler: AuthenticationSuccessHandler? = null
|
||||
|
|
|
|||
|
|
@ -29,6 +29,7 @@ import org.springframework.security.web.header.writers.frameoptions.XFrameOption
|
|||
* @since 5.3
|
||||
* @property defaultsDisabled whether all of the default headers should be included in the response
|
||||
*/
|
||||
@SecurityMarker
|
||||
class HeadersDsl {
|
||||
private var contentTypeOptions: ((HeadersConfigurer<HttpSecurity>.ContentTypeOptionsConfig) -> Unit)? = null
|
||||
private var xssProtection: ((HeadersConfigurer<HttpSecurity>.XXssConfig) -> Unit)? = null
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ import javax.servlet.http.HttpServletRequest
|
|||
* @property authenticationDetailsSource the custom [AuthenticationDetailsSource] to use for
|
||||
* basic authentication.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class HttpBasicDsl {
|
||||
var realmName: String? = null
|
||||
var authenticationEntryPoint: AuthenticationEntryPoint? = null
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ operator fun HttpSecurity.invoke(httpConfiguration: HttpSecurityDsl.() -> Unit)
|
|||
* @param http the [HttpSecurity] which all configurations will be applied to
|
||||
* @param init the configurations to apply to the provided [HttpSecurity]
|
||||
*/
|
||||
@SecurityMarker
|
||||
class HttpSecurityDsl(private val http: HttpSecurity, private val init: HttpSecurityDsl.() -> Unit) {
|
||||
private val HANDLER_MAPPING_INTROSPECTOR = "org.springframework.web.servlet.handler.HandlerMappingIntrospector"
|
||||
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ import javax.servlet.http.HttpSession
|
|||
* @property logoutSuccessHandler the [LogoutSuccessHandler] to use after logout has occurred.
|
||||
* If this is specified, [logoutSuccessUrl] is ignored.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class LogoutDsl {
|
||||
var clearAuthentication: Boolean? = null
|
||||
var invalidateHttpSession: Boolean? = null
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepo
|
|||
* @property authorizedClientRepository the repository for authorized client(s).
|
||||
* @property authorizedClientService the service for authorized client(s).
|
||||
*/
|
||||
@SecurityMarker
|
||||
class OAuth2ClientDsl {
|
||||
var clientRegistrationRepository: ClientRegistrationRepository? = null
|
||||
var authorizedClientRepository: OAuth2AuthorizedClientRepository? = null
|
||||
|
|
|
|||
|
|
@ -48,6 +48,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
|
|||
* @property permitAll whether to grant access to the urls for [failureUrl] as well as
|
||||
* for the [HttpSecurityBuilder], the [loginPage] and [loginProcessingUrl] for every user
|
||||
*/
|
||||
@SecurityMarker
|
||||
class OAuth2LoginDsl {
|
||||
var clientRegistrationRepository: ClientRegistrationRepository? = null
|
||||
var authorizedClientRepository: OAuth2AuthorizedClientRepository? = null
|
||||
|
|
|
|||
|
|
@ -37,6 +37,7 @@ import org.springframework.security.web.access.AccessDeniedHandler
|
|||
* @property bearerTokenResolver the [BearerTokenResolver] to use for requests authenticating
|
||||
* with <a href="https://tools.ietf.org/html/rfc6750#section-1.2" target="_blank">Bearer Token</a>s.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class OAuth2ResourceServerDsl {
|
||||
var accessDeniedHandler: AccessDeniedHandler? = null
|
||||
var authenticationEntryPoint: AuthenticationEntryPoint? = null
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.springframework.security.web.PortMapper
|
|||
* @since 5.3
|
||||
* @property portMapper allows specifying the [PortMapper] instance.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class PortMapperDsl {
|
||||
private val mappings = mutableListOf<Pair<Int, Int>>()
|
||||
|
||||
|
|
|
|||
|
|
@ -28,6 +28,7 @@ import org.springframework.security.web.savedrequest.RequestCache
|
|||
* @since 5.3
|
||||
* @property requestCache allows explicit configuration of the [RequestCache] to be used
|
||||
*/
|
||||
@SecurityMarker
|
||||
class RequestCacheDsl {
|
||||
var requestCache: RequestCache? = null
|
||||
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand
|
|||
* @property permitAll whether to grant access to the urls for [failureUrl] as well as
|
||||
* for the [HttpSecurityBuilder], the [loginPage] and [loginProcessingUrl] for every user
|
||||
*/
|
||||
@SecurityMarker
|
||||
class Saml2Dsl {
|
||||
var relyingPartyRegistrationRepository: RelyingPartyRegistrationRepository? = null
|
||||
var loginPage: String? = null
|
||||
|
|
|
|||
|
|
@ -0,0 +1,26 @@
|
|||
/*
|
||||
* Copyright 2002-2020 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.security.config.web.servlet
|
||||
|
||||
/**
|
||||
* Marker annotation indicating that the annotated class is part of the security DSL.
|
||||
*
|
||||
* @author Eleftheria Stein
|
||||
* @since 5.3
|
||||
*/
|
||||
@DslMarker
|
||||
annotation class SecurityMarker
|
||||
|
|
@ -32,6 +32,7 @@ import org.springframework.security.web.session.InvalidSessionStrategy
|
|||
* @author Eleftheria Stein
|
||||
* @since 5.3
|
||||
*/
|
||||
@SecurityMarker
|
||||
class SessionManagementDsl {
|
||||
var invalidSessionUrl: String? = null
|
||||
var invalidSessionStrategy: InvalidSessionStrategy? = null
|
||||
|
|
|
|||
|
|
@ -44,6 +44,7 @@ import javax.servlet.http.HttpServletRequest
|
|||
* @property authenticationUserDetailsService the [AuthenticationUserDetailsService] to use
|
||||
* @property subjectPrincipalRegex the regex to extract the principal from the certificate
|
||||
*/
|
||||
@SecurityMarker
|
||||
class X509Dsl {
|
||||
var x509AuthenticationFilter: X509AuthenticationFilter? = null
|
||||
var x509PrincipalExtractor: X509PrincipalExtractor? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
|
||||
/**
|
||||
* A Kotlin DSL to configure the [HttpSecurity] cache control headers using idiomatic
|
||||
|
|
@ -26,6 +27,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon
|
|||
* @author Eleftheria Stein
|
||||
* @since 5.3
|
||||
*/
|
||||
@SecurityMarker
|
||||
class CacheControlDsl {
|
||||
private var disabled = false
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
|
||||
/**
|
||||
* A Kotlin DSL to configure the [HttpSecurity] Content-Security-Policy header using
|
||||
|
|
@ -28,6 +29,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon
|
|||
* @property policyDirectives the security policy directive(s) to be used in the response header.
|
||||
* @property reportOnly includes the Content-Security-Policy-Report-Only header in the response.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class ContentSecurityPolicyDsl {
|
||||
var policyDirectives: String? = null
|
||||
var reportOnly: Boolean? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
|
||||
/**
|
||||
* A Kotlin DSL to configure [HttpSecurity] X-Content-Type-Options header using idiomatic
|
||||
|
|
@ -26,6 +27,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon
|
|||
* @author Eleftheria Stein
|
||||
* @since 5.3
|
||||
*/
|
||||
@SecurityMarker
|
||||
class ContentTypeOptionsDsl {
|
||||
private var disabled = false
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
|
||||
/**
|
||||
* A Kotlin DSL to configure the [HttpSecurity] X-Frame-Options header using
|
||||
|
|
@ -29,6 +30,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon
|
|||
* application.
|
||||
* @property deny deny framing any content from this application.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class FrameOptionsDsl {
|
||||
var sameOrigin: Boolean? = null
|
||||
var deny: Boolean? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
|
||||
/**
|
||||
* A Kotlin DSL to configure the [HttpSecurity] HTTP Public Key Pinning header using
|
||||
|
|
@ -34,6 +35,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon
|
|||
* the server.
|
||||
* @property reportUri the URI to which the browser should report pin validation failures.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class HttpPublicKeyPinningDsl {
|
||||
var pins: Map<String, String>? = null
|
||||
var maxAgeInSeconds: Long? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher
|
||||
|
||||
/**
|
||||
|
|
@ -34,6 +35,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher
|
|||
* @property includeSubDomains if true, subdomains should be considered HSTS Hosts too.
|
||||
* @property preload if true, preload will be included in HSTS Header.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class HttpStrictTransportSecurityDsl {
|
||||
var maxAgeInSeconds: Long? = null
|
||||
var requestMatcher: RequestMatcher? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter
|
||||
|
||||
/**
|
||||
|
|
@ -28,6 +29,7 @@ import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWrite
|
|||
* @since 5.3
|
||||
* @property policy the policy to be used in the response header.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class ReferrerPolicyDsl {
|
||||
var policy: ReferrerPolicyHeaderWriter.ReferrerPolicy? = null
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
|
||||
/**
|
||||
* A Kotlin DSL to configure the [HttpSecurity] XSS protection header using
|
||||
|
|
@ -29,6 +30,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon
|
|||
* @property xssProtectionEnabled if true, the header value will contain a value of 1.
|
||||
* If false, will explicitly disable specify that X-XSS-Protection is disabled.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class XssProtectionConfigDsl {
|
||||
var block: Boolean? = null
|
||||
var xssProtectionEnabled: Boolean? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.client
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
|
||||
|
|
@ -34,6 +35,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
|
|||
* @property accessTokenResponseClient the client used for requesting the access token credential
|
||||
* from the Token Endpoint.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class AuthorizationCodeGrantDsl {
|
||||
var authorizationRequestResolver: OAuth2AuthorizationRequestResolver? = null
|
||||
var authorizationRequestRepository: AuthorizationRequestRepository<OAuth2AuthorizationRequest>? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.login
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository
|
||||
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
|
||||
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest
|
||||
|
|
@ -32,6 +33,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ
|
|||
* @property authorizationRequestResolver the resolver used for resolving [OAuth2AuthorizationRequest]'s.
|
||||
* @property authorizationRequestRepository the repository used for storing [OAuth2AuthorizationRequest]'s.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class AuthorizationEndpointDsl {
|
||||
var baseUri: String? = null
|
||||
var authorizationRequestResolver: OAuth2AuthorizationRequestResolver? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.login
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
|
||||
/**
|
||||
* A Kotlin DSL to configure the Authorization Server's Redirection Endpoint using
|
||||
|
|
@ -27,6 +28,7 @@ import org.springframework.security.config.annotation.web.configurers.oauth2.cli
|
|||
* @since 5.3
|
||||
* @property baseUri the URI where the authorization response will be processed.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class RedirectionEndpointDsl {
|
||||
var baseUri: String? = null
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.login
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
|
||||
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest
|
||||
|
||||
|
|
@ -30,6 +31,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo
|
|||
* @property accessTokenResponseClient the client used for requesting the access token credential
|
||||
* from the Token Endpoint.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class TokenEndpointDsl {
|
||||
var accessTokenResponseClient: OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest>? = null
|
||||
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.login
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper
|
||||
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest
|
||||
import org.springframework.security.oauth2.client.registration.ClientRegistration
|
||||
|
|
@ -38,6 +39,7 @@ import org.springframework.security.oauth2.core.user.OAuth2User
|
|||
* End-User from the UserInfo Endpoint.
|
||||
* @property userAuthoritiesMapper the [GrantedAuthoritiesMapper] used for mapping [OAuth2User.getAuthorities]
|
||||
*/
|
||||
@SecurityMarker
|
||||
class UserInfoEndpointDsl {
|
||||
var userService: OAuth2UserService<OAuth2UserRequest, OAuth2User>? = null
|
||||
var oidcUserService: OAuth2UserService<OidcUserRequest, OidcUser>? = null
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import org.springframework.core.convert.converter.Converter
|
|||
import org.springframework.security.authentication.AbstractAuthenticationToken
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
import org.springframework.security.oauth2.jwt.Jwt
|
||||
import org.springframework.security.oauth2.jwt.JwtDecoder
|
||||
|
||||
|
|
@ -34,6 +35,7 @@ import org.springframework.security.oauth2.jwt.JwtDecoder
|
|||
* @property jwkSetUri configures a [JwtDecoder] using a
|
||||
* <a target="_blank" href="https://tools.ietf.org/html/rfc7517">JSON Web Key (JWK)</a> URL
|
||||
*/
|
||||
@SecurityMarker
|
||||
class JwtDsl {
|
||||
private var _jwtDecoder: JwtDecoder? = null
|
||||
private var _jwkSetUri: String? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.resourceserver
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector
|
||||
|
||||
/**
|
||||
|
|
@ -28,6 +29,7 @@ import org.springframework.security.oauth2.server.resource.introspection.OpaqueT
|
|||
* @property introspectionUri the URI of the Introspection endpoint.
|
||||
* @property introspector the [OpaqueTokenIntrospector] to use.
|
||||
*/
|
||||
@SecurityMarker
|
||||
class OpaqueTokenDsl {
|
||||
private var _introspectionUri: String? = null
|
||||
private var _introspector: OpaqueTokenIntrospector? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.session
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
import org.springframework.security.core.session.SessionRegistry
|
||||
import org.springframework.security.web.session.SessionInformationExpiredStrategy
|
||||
|
||||
|
|
@ -36,8 +37,8 @@ import org.springframework.security.web.session.SessionInformationExpiredStrateg
|
|||
* [maximumSessions] has been reached. Otherwise (default), the user who authenticates
|
||||
* is allowed access and an existing user's session is expired.
|
||||
* @property sessionRegistry the [SessionRegistry] implementation used.
|
||||
*
|
||||
*/
|
||||
@SecurityMarker
|
||||
class SessionConcurrencyDsl {
|
||||
var maximumSessions: Int? = null
|
||||
var expiredUrl: String? = null
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.session
|
|||
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity
|
||||
import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer
|
||||
import org.springframework.security.config.web.servlet.SecurityMarker
|
||||
import javax.servlet.http.HttpServletRequest
|
||||
import javax.servlet.http.HttpSession
|
||||
|
||||
|
|
@ -28,6 +29,7 @@ import javax.servlet.http.HttpSession
|
|||
* @author Eleftheria Stein
|
||||
* @since 5.3
|
||||
*/
|
||||
@SecurityMarker
|
||||
class SessionFixationDsl {
|
||||
private var strategy: SessionFixationStrategy? = null
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue