Home Explore Help
Register Sign In
github
/
spring-security
mirror of https://github.com/spring-projects/spring-security
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add Kotlin samples to docs

Issue: gh-5558
Eleftheria Stein 5 years ago
parent
87ca71473e
commit
bb72206eef
2 changed files with 53 additions and 0 deletions
Unified View Show Diff Stats
  1. 31 0
      docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
  2. 22 0
      docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc

+ 31 - 0
docs/manual/src/docs/asciidoc/_includes/servlet/authorization/authorize-requests.adoc
View File 

@@ -47,6 +47,19 @@ protected void configure(HttpSecurity http) throws Exception {
 
 	<intercept-url pattern="/**" access="authenticated"/>
 
 	<intercept-url pattern="/**" access="authenticated"/>
 
 </http>
 
 </http>
 
 ----
 
 ----
 
+
 
+.Kotlin
 
+[source,kotlin,role="secondary"]
 
+----
 
+fun configure(http: HttpSecurity) {
 
+    http {
 
+        // ...
 
+        authorizeRequests {
 
+            authorize(anyRequest, authenticated)
 
+        }
 
+    }
 
+}
 
+----
 
 ====
 
 ====
 
 
 
 We can configure Spring Security to have different rules by adding more rules in order of precedence.
 
 We can configure Spring Security to have different rules by adding more rules in order of precedence.
 
@@ -83,6 +96,24 @@ protected void configure(HttpSecurity http) throws Exception {
 
 	<intercept-url pattern="/**" access="denyAll"/> <!--5-->
 
 	<intercept-url pattern="/**" access="denyAll"/> <!--5-->
 
 </http>
 
 </http>
 
 ----
 
 ----
 
+
 
+.Kotlin
 
+[source,kotlin,role="secondary"]
 
+----
 
+fun configure(http: HttpSecurity) {
 
+   http {
 
+        authorizeRequests { // <1>
 
+            authorize("/resources/**", permitAll) // <2>
 
+            authorize("/signup", permitAll)
 
+            authorize("/about", permitAll)
 
+
 
+            authorize("/admin/**", hasRole("ADMIN")) // <3>
 
+            authorize("/db/**", "hasRole('ADMIN') and hasRole('DBA')") // <4>
 
+            authorize(anyRequest, denyAll) // <5>
 
+        }
 
+    }
 
+}
 
+----
 
 ====
 
 ====
 
 <1> There are multiple authorization rules specified.
 
 <1> There are multiple authorization rules specified.
 
 Each rule is considered in the order they were declared.
 
 Each rule is considered in the order they were declared.

+ 22 - 0
docs/manual/src/docs/asciidoc/_includes/servlet/exploits/firewall.adoc
View File 

@@ -67,6 +67,17 @@ public StrictHttpFirewall httpFirewall() {
 
 
 
 <http-firewall ref="httpFirewall"/>
 
 <http-firewall ref="httpFirewall"/>
 
 ----
 
 ----
 
+
 
+.Kotlin
 
+[source,kotlin,role="secondary"]
 
+----
 
+@Bean
 
+fun httpFirewall(): StrictHttpFirewall {
 
+    val firewall = StrictHttpFirewall()
 
+    firewall.setAllowSemicolon(true)
 
+    return firewall
 
+}
 
+----
 
 ====
 
 ====
 
 
 
 The `StrictHttpFirewall` provides an allowed list of valid HTTP methods that are allowed to protect against https://www.owasp.org/index.php/Cross_Site_Tracing[Cross Site Tracing (XST)] and https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)[HTTP Verb Tampering].
 
 The `StrictHttpFirewall` provides an allowed list of valid HTTP methods that are allowed to protect against https://www.owasp.org/index.php/Cross_Site_Tracing[Cross Site Tracing (XST)] and https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)[HTTP Verb Tampering].
 
@@ -97,6 +108,17 @@ public StrictHttpFirewall httpFirewall() {
 
 
 
 <http-firewall ref="httpFirewall"/>
 
 <http-firewall ref="httpFirewall"/>
 
 ----
 
 ----
 
+
 
+.Kotlin
 
+[source,kotlin,role="secondary"]
 
+----
 
+@Bean
 
+fun httpFirewall(): StrictHttpFirewall {
 
+    val firewall = StrictHttpFirewall()
 
+    firewall.setAllowedHttpMethods(listOf("GET", "POST"))
 
+    return firewall
 
+}
 
+----
 
 ====
 
 ====
 
 
 
 [TIP]
 
 [TIP]