Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Kotlin DSL Marker Annotations to prevent scope leaking in WebFlux DSL #8366

Closed
eleftherias opened this issue Apr 9, 2020 · 0 comments
Closed

Use Kotlin DSL Marker Annotations to prevent scope leaking in WebFlux DSL #8366

eleftherias opened this issue Apr 9, 2020 · 0 comments
Assignees
@eleftherias
Labels
in: config An issue in spring-security-config status: first-timers-only An issue that can only be worked on by brand new contributors type: enhancement A general enhancement
Milestone
5.4.0-M1

Comments

@eleftherias
Copy link
Contributor

Summary

The Kotlin DSL is designed with a specific hierarchy in mind.
However, the hierarchy is not enforced.

The following configuration should not compile, but currently it does.

@EnableWebFluxSecurity
class SecurityConfig {

    @Bean
    fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
        return http {
            authorizeExchange {
                    authorizeExchange { }
            }
        }
    }
}

Kotlin allows the creation of DSL markers, to control the scope in which a function is available.

We can use a DSL marker to annotate all classes that belong to the server HTTP security DSL and prevent scope leaking.

For this we will need a new DSL marker, similar to @SecurityMarker.
A possible name for the new marker is @ServerSecurityMarker.

See fde3ccb for the changes that introduced the @SecurityMarker.
@eleftherias eleftherias added in: config An issue in spring-security-config type: enhancement A general enhancement status: first-timers-only An issue that can only be worked on by brand new contributors labels Apr 9, 2020
@eleftherias eleftherias self-assigned this Apr 9, 2020
@LLabagnara LLabagnara mentioned this issue Apr 13, 2020
Merged
LLabagnara added a commit to LLabagnara/spring-security that referenced this issue Apr 14, 2020
@LLabagnara
Add marker to make Kotlin DSL type safe.
0020b02 
Fixes spring-projectsgh-8366
@eleftherias eleftherias added this to the 5.4.0.M1 milestone Apr 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

Labels
in: config An issue in spring-security-config status: first-timers-only An issue that can only be worked on by brand new contributors type: enhancement A general enhancement
Projects
None yet
Milestone
5.4.0-M1
Development

No branches or pull requests
1 participant
@eleftherias