首頁 探索 說明
註冊 登入
github
/
spring-security
镜像来自 https://github.com/spring-projects/spring-security
2
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Add Kotlin samples to docs

Issue: gh-5558
Eleftheria Stein 5 年之前
父節點
87ca71473e
當前提交
bb72206eef
共有 2 個文件被更改,包括 53 次插入0 次删除
統一視圖 顯示文件統計
  1. 31 0
      docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
  2. 22 0
      docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc

+ 31 - 0
docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
查看文件 

@@ -47,6 +47,19 @@ protected void configure(HttpSecurity http) throws Exception {
 
 	<intercept-url pattern="/**" access="authenticated"/>
 
 	<intercept-url pattern="/**" access="authenticated"/>
 
 </http>
 
 </http>
 
 ----
 
 ----
 
+
 
+.Kotlin
 
+[source,kotlin,role="secondary"]
 
+----
 
+fun configure(http: HttpSecurity) {
 
+    http {
 
+        // ...
 
+        authorizeRequests {
 
+            authorize(anyRequest, authenticated)
 
+        }
 
+    }
 
+}
 
+----
 
 ====
 
 ====
 
 
 
 We can configure Spring Security to have different rules by adding more rules in order of precedence.
 
 We can configure Spring Security to have different rules by adding more rules in order of precedence.
 
@@ -83,6 +96,24 @@ protected void configure(HttpSecurity http) throws Exception {
 
 	<intercept-url pattern="/**" access="denyAll"/> <!--5-->
 
 	<intercept-url pattern="/**" access="denyAll"/> <!--5-->
 
 </http>
 
 </http>
 
 ----
 
 ----
 
+
 
+.Kotlin
 
+[source,kotlin,role="secondary"]
 
+----
 
+fun configure(http: HttpSecurity) {
 
+   http {
 
+        authorizeRequests { // <1>
 
+            authorize("/resources/**", permitAll) // <2>
 
+            authorize("/signup", permitAll)
 
+            authorize("/about", permitAll)
 
+
 
+            authorize("/admin/**", hasRole("ADMIN")) // <3>
 
+            authorize("/db/**", "hasRole('ADMIN') and hasRole('DBA')") // <4>
 
+            authorize(anyRequest, denyAll) // <5>
 
+        }
 
+    }
 
+}
 
+----
 
 ====
 
 ====
 
 <1> There are multiple authorization rules specified.
 
 <1> There are multiple authorization rules specified.
 
 Each rule is considered in the order they were declared.
 
 Each rule is considered in the order they were declared.

+ 22 - 0
docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc
查看文件 

@@ -67,6 +67,17 @@ public StrictHttpFirewall httpFirewall() {
 
 
 
 <http-firewall ref="httpFirewall"/>
 
 <http-firewall ref="httpFirewall"/>
 
 ----
 
 ----
 
+
 
+.Kotlin
 
+[source,kotlin,role="secondary"]
 
+----
 
+@Bean
 
+fun httpFirewall(): StrictHttpFirewall {
 
+    val firewall = StrictHttpFirewall()
 
+    firewall.setAllowSemicolon(true)
 
+    return firewall
 
+}
 
+----
 
 ====
 
 ====
 
 
 
 The `StrictHttpFirewall` provides an allowed list of valid HTTP methods that are allowed to protect against https://www.owasp.org/index.php/Cross_Site_Tracing[Cross Site Tracing (XST)] and https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)[HTTP Verb Tampering].
 
 The `StrictHttpFirewall` provides an allowed list of valid HTTP methods that are allowed to protect against https://www.owasp.org/index.php/Cross_Site_Tracing[Cross Site Tracing (XST)] and https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)[HTTP Verb Tampering].
 
@@ -97,6 +108,17 @@ public StrictHttpFirewall httpFirewall() {
 
 
 
 <http-firewall ref="httpFirewall"/>
 
 <http-firewall ref="httpFirewall"/>
 
 ----
 
 ----
 
+
 
+.Kotlin
 
+[source,kotlin,role="secondary"]
 
+----
 
+@Bean
 
+fun httpFirewall(): StrictHttpFirewall {
 
+    val firewall = StrictHttpFirewall()
 
+    firewall.setAllowedHttpMethods(listOf("GET", "POST"))
 
+    return firewall
 
+}
 
+----
 
 ====
 
 ====
 
 
 
 [TIP]
 
 [TIP]