Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix code formatting in documentation #15572

Merged
merged 1 commit into from
Aug 12, 2024
Merged

Fix code formatting in documentation #15572

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 30 additions & 17 deletions docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -546,8 +546,10 @@ And even though xref:servlet/authentication/architecture.adoc#servlet-authentica
To address that, you can configure Spring Security Java configuration to allow dispatcher types like `FORWARD` and `ERROR`, like so:

.Match by Dispatcher Type
====
.Java
[tabs]
======
Java::
+
[source,java,role="secondary"]
----
http
Expand All @@ -558,7 +560,8 @@ http
)
----

.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
http {
Expand All @@ -570,7 +573,7 @@ http {
}
}
----
====
======

[[match-by-mvc]]
=== Using an MvcRequestMatcher
Expand All @@ -584,8 +587,10 @@ For example, if Spring MVC is mapped to `/spring-mvc` instead of `/` (the defaul
You need to use `MvcRequestMatcher` to split the servlet path and the controller path in your configuration like so:

.Match by MvcRequestMatcher
====
.Java
[tabs]
======
Java::
+
[source,java,role="primary"]
----
@Bean
Expand All @@ -605,7 +610,8 @@ SecurityFilterChain appEndpoints(HttpSecurity http, MvcRequestMatcher.Builder mv
}
----

.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
@Bean
Expand All @@ -622,15 +628,16 @@ fun appEndpoints(http: HttpSecurity, mvc: MvcRequestMatcher.Builder): SecurityFi
}
----

.Xml
Xml::
+
[source,xml,role="secondary"]
----
<http>
<intercept-url servlet-path="/spring-mvc" pattern="/my/controller/**" access="hasAuthority('controller')"/>
<intercept-url pattern="/**" access="authenticated"/>
</http>
----
====
======

This need can arise in at least two different ways:

Expand All @@ -646,8 +653,10 @@ This feature is not currently supported in XML
In Java configuration, you can create your own javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] and supply it to the DSL like so:

.Authorize by Dispatcher Type
====
.Java
[tabs]
======
Java::
+
[source,java,role="secondary"]
----
RequestMatcher printview = (request) -> request.getParameter("print") != null;
Expand All @@ -658,7 +667,8 @@ http
)
----

.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
val printview: RequestMatcher = { (request) -> request.getParameter("print") != null }
Expand All @@ -669,7 +679,7 @@ http {
}
}
----
====
======

[TIP]
Because javadoc:org.springframework.security.web.util.matcher.RequestMatcher[] is a functional interface, you can supply it as a lambda in the DSL.
Expand Down Expand Up @@ -889,8 +899,10 @@ When you have static resources it can be tempting to configure the filter chain
A more secure approach is to permit them using `permitAll` like so:

.Permit Static Resources
====
.Java
[tabs]
======
Java::
+
[source,java,role="secondary"]
----
http
Expand All @@ -900,7 +912,8 @@ http
)
----

.Kotlin
Kotlin::
+
[source,kotlin,role="secondary"]
----
http {
Expand All @@ -910,7 +923,7 @@ http {
}
}
----
====
======

It's more secure because even with static resources it's important to write secure headers, which Spring Security cannot do if the request is ignored.

Expand Down