From 31e596fb1eba69f8c9e8bbbb03f98a35f71054e5 Mon Sep 17 00:00:00 2001 From: Marcus Da Coregio Date: Mon, 25 Apr 2022 14:20:56 -0300 Subject: [PATCH] Add shouldFilterAllDispatcherTypes to Kotlin DSL Closes gh-11153 --- .../config/web/servlet/AuthorizeHttpRequestsDsl.kt | 12 ++++++++++++ .../authorization/authorize-http-requests.adoc | 14 ++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AuthorizeHttpRequestsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/AuthorizeHttpRequestsDsl.kt index 778380417b2..4aa2c4fb2c2 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AuthorizeHttpRequestsDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/AuthorizeHttpRequestsDsl.kt @@ -44,6 +44,7 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl() { HANDLER_MAPPING_INTROSPECTOR, AuthorizeHttpRequestsDsl::class.java.classLoader) private val PATTERN_TYPE = if (MVC_PRESENT) PatternType.MVC else PatternType.ANT + private var shouldFilterAllDispatcherTypes = false /** * Adds a request authorization rule. @@ -215,6 +216,16 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl() { return AuthorityAuthorizationManager.hasAnyRole(*roles) } + /** + * Sets whether all dispatcher types should be filtered. + * @param shouldFilter should filter all dispatcher types. Default is + * {@code false} + * @since 5.7 + */ + fun shouldFilterAllDispatcherTypes(shouldFilter: Boolean) { + this.shouldFilterAllDispatcherTypes = shouldFilter + } + /** * Specify that URLs are allowed by anyone. */ @@ -248,6 +259,7 @@ class AuthorizeHttpRequestsDsl : AbstractRequestMatcherDsl() { } } } + requests.shouldFilterAllDispatcherTypes(this.shouldFilterAllDispatcherTypes) } } } diff --git a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc index 0aea50e01db..d5c524b5cd1 100644 --- a/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc +++ b/docs/modules/ROOT/pages/servlet/authorization/authorize-http-requests.adoc @@ -190,4 +190,18 @@ SecurityFilterChain web(HttpSecurity http) throws Exception { return http.build(); } ---- +.Kotlin +[source,kotlin,role="secondary"] +---- +@Bean +open fun web(http: HttpSecurity): SecurityFilterChain { + http { + authorizeHttpRequests { + shouldFilterAllDispatcherTypes(true) + authorize(anyRequest, authenticated) + } + } + return http.build() +} +---- ====