5 ani în urmă · bb72206eef
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
@@ -47,6 +47,19 @@ protected void configure(HttpSecurity http) throws Exception {
 
				 	<intercept-url pattern="/**" access="authenticated"/>
			
 
				 </http>
			
 
				 ----
			
 
				+
			
 
				+.Kotlin
			
 
				+[source,kotlin,role="secondary"]
			
 
				+----
			
 
				+fun configure(http: HttpSecurity) {
			
 
				+    http {
			
 
				+        // ...
			
 
				+        authorizeRequests {
			
 
				+            authorize(anyRequest, authenticated)
			
 
				+        }
			
 
				+    }
			
 
				+}
			
 
				+----
			
 
				 ====
			
 
				 
			
 
				 We can configure Spring Security to have different rules by adding more rules in order of precedence.
			
@@ -83,6 +96,24 @@ protected void configure(HttpSecurity http) throws Exception {
 
				 	<intercept-url pattern="/**" access="denyAll"/> <!--5-->
			
 
				 </http>
			
 
				 ----
			
 
				+
			
 
				+.Kotlin
			
 
				+[source,kotlin,role="secondary"]
			
 
				+----
			
 
				+fun configure(http: HttpSecurity) {
			
 
				+   http {
			
 
				+        authorizeRequests { // <1>
			
 
				+            authorize("/resources/**", permitAll) // <2>
			
 
				+            authorize("/signup", permitAll)
			
 
				+            authorize("/about", permitAll)
			
 
				+
			
 
				+            authorize("/admin/**", hasRole("ADMIN")) // <3>
			
 
				+            authorize("/db/**", "hasRole('ADMIN') and hasRole('DBA')") // <4>
			
 
				+            authorize(anyRequest, denyAll) // <5>
			
 
				+        }
			
 
				+    }
			
 
				+}
			
 
				+----
			
 
				 ====
			
 
				 <1> There are multiple authorization rules specified.
			
 
				 Each rule is considered in the order they were declared.
			
--- a/docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc
+++ b/docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc
@@ -67,6 +67,17 @@ public StrictHttpFirewall httpFirewall() {
 
				 
			
 
				 <http-firewall ref="httpFirewall"/>
			
 
				 ----
			
 
				+
			
 
				+.Kotlin
			
 
				+[source,kotlin,role="secondary"]
			
 
				+----
			
 
				+@Bean
			
 
				+fun httpFirewall(): StrictHttpFirewall {
			
 
				+    val firewall = StrictHttpFirewall()
			
 
				+    firewall.setAllowSemicolon(true)
			
 
				+    return firewall
			
 
				+}
			
 
				+----
			
 
				 ====
			
 
				 
			
 
				 The `StrictHttpFirewall` provides an allowed list of valid HTTP methods that are allowed to protect against https://www.owasp.org/index.php/Cross_Site_Tracing[Cross Site Tracing (XST)] and https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)[HTTP Verb Tampering].
			
@@ -97,6 +108,17 @@ public StrictHttpFirewall httpFirewall() {
 
				 
			
 
				 <http-firewall ref="httpFirewall"/>
			
 
				 ----
			
 
				+
			
 
				+.Kotlin
			
 
				+[source,kotlin,role="secondary"]
			
 
				+----
			
 
				+@Bean
			
 
				+fun httpFirewall(): StrictHttpFirewall {
			
 
				+    val firewall = StrictHttpFirewall()
			
 
				+    firewall.setAllowedHttpMethods(listOf("GET", "POST"))
			
 
				+    return firewall
			
 
				+}
			
 
				+----
			
 
				 ====
			
 
				 
			
 
				 [TIP]