diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AbstractRequestMatcherDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/AbstractRequestMatcherDsl.kt index 799d0106bc..3fcf38fa38 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AbstractRequestMatcherDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/AbstractRequestMatcherDsl.kt @@ -25,6 +25,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher * @author Eleftheria Stein * @since 5.3 */ +@SecurityMarker abstract class AbstractRequestMatcherDsl { /** * Matches any request. diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AnonymousDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/AnonymousDsl.kt index 8190399ba4..89055ed025 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/AnonymousDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/AnonymousDsl.kt @@ -37,6 +37,7 @@ import org.springframework.security.web.authentication.AnonymousAuthenticationFi * @property authenticationFilter the [AnonymousAuthenticationFilter] used to populate * an anonymous user. */ +@SecurityMarker class AnonymousDsl { var key: String? = null var principal: Any? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/CorsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/CorsDsl.kt index f7f99a78fa..8d2825ffa6 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/CorsDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/CorsDsl.kt @@ -25,6 +25,7 @@ import org.springframework.security.config.annotation.web.configurers.CorsConfig * @author Eleftheria Stein * @since 5.3 */ +@SecurityMarker class CorsDsl { private var disabled = false diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/CsrfDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/CsrfDsl.kt index abbbc22f54..f0120e369d 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/CsrfDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/CsrfDsl.kt @@ -34,6 +34,7 @@ import javax.servlet.http.HttpServletRequest * determining when CSRF should be applied. * @property sessionAuthenticationStrategy the [SessionAuthenticationStrategy] to use. */ +@SecurityMarker class CsrfDsl { var csrfTokenRepository: CsrfTokenRepository? = null var requireCsrfProtectionMatcher: RequestMatcher? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/ExceptionHandlingDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/ExceptionHandlingDsl.kt index e419a63bc3..cba38265c7 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/ExceptionHandlingDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/ExceptionHandlingDsl.kt @@ -33,6 +33,7 @@ import java.util.* * @property accessDeniedHandler the [AccessDeniedHandler] to use * @property authenticationEntryPoint the [AuthenticationEntryPoint] to use */ +@SecurityMarker class ExceptionHandlingDsl { var accessDeniedPage: String? = null var accessDeniedHandler: AccessDeniedHandler? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/FormLoginDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/FormLoginDsl.kt index a935a7a5af..07077346b5 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/FormLoginDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/FormLoginDsl.kt @@ -38,6 +38,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand * @property permitAll whether to grant access to the urls for [failureUrl] as well as * for the [HttpSecurityBuilder], the [loginPage] and [loginProcessingUrl] for every user */ +@SecurityMarker class FormLoginDsl { var loginPage: String? = null var authenticationSuccessHandler: AuthenticationSuccessHandler? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt index 8542a116ee..2b3abfe8ee 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/HeadersDsl.kt @@ -29,6 +29,7 @@ import org.springframework.security.web.header.writers.frameoptions.XFrameOption * @since 5.3 * @property defaultsDisabled whether all of the default headers should be included in the response */ +@SecurityMarker class HeadersDsl { private var contentTypeOptions: ((HeadersConfigurer.ContentTypeOptionsConfig) -> Unit)? = null private var xssProtection: ((HeadersConfigurer.XXssConfig) -> Unit)? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpBasicDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpBasicDsl.kt index 8ecd076d82..7a1a1155dd 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpBasicDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpBasicDsl.kt @@ -35,6 +35,7 @@ import javax.servlet.http.HttpServletRequest * @property authenticationDetailsSource the custom [AuthenticationDetailsSource] to use for * basic authentication. */ +@SecurityMarker class HttpBasicDsl { var realmName: String? = null var authenticationEntryPoint: AuthenticationEntryPoint? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpSecurityDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpSecurityDsl.kt index 8447c7b6bf..6c672a8d1f 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpSecurityDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/HttpSecurityDsl.kt @@ -64,6 +64,7 @@ operator fun HttpSecurity.invoke(httpConfiguration: HttpSecurityDsl.() -> Unit) * @param http the [HttpSecurity] which all configurations will be applied to * @param init the configurations to apply to the provided [HttpSecurity] */ +@SecurityMarker class HttpSecurityDsl(private val http: HttpSecurity, private val init: HttpSecurityDsl.() -> Unit) { private val HANDLER_MAPPING_INTROSPECTOR = "org.springframework.web.servlet.handler.HandlerMappingIntrospector" diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/LogoutDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/LogoutDsl.kt index 5e4c6e9a47..133e45955a 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/LogoutDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/LogoutDsl.kt @@ -42,6 +42,7 @@ import javax.servlet.http.HttpSession * @property logoutSuccessHandler the [LogoutSuccessHandler] to use after logout has occurred. * If this is specified, [logoutSuccessUrl] is ignored. */ +@SecurityMarker class LogoutDsl { var clearAuthentication: Boolean? = null var invalidateHttpSession: Boolean? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ClientDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ClientDsl.kt index a47234dadc..2681ed4e19 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ClientDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ClientDsl.kt @@ -50,6 +50,7 @@ import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepo * @property authorizedClientRepository the repository for authorized client(s). * @property authorizedClientService the service for authorized client(s). */ +@SecurityMarker class OAuth2ClientDsl { var clientRegistrationRepository: ClientRegistrationRepository? = null var authorizedClientRepository: OAuth2AuthorizedClientRepository? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2LoginDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2LoginDsl.kt index 3c505484cd..b61fed4026 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2LoginDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2LoginDsl.kt @@ -48,6 +48,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand * @property permitAll whether to grant access to the urls for [failureUrl] as well as * for the [HttpSecurityBuilder], the [loginPage] and [loginProcessingUrl] for every user */ +@SecurityMarker class OAuth2LoginDsl { var clientRegistrationRepository: ClientRegistrationRepository? = null var authorizedClientRepository: OAuth2AuthorizedClientRepository? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ResourceServerDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ResourceServerDsl.kt index 0487f1fee2..9473eba17a 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ResourceServerDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/OAuth2ResourceServerDsl.kt @@ -37,6 +37,7 @@ import org.springframework.security.web.access.AccessDeniedHandler * @property bearerTokenResolver the [BearerTokenResolver] to use for requests authenticating * with Bearer Tokens. */ +@SecurityMarker class OAuth2ResourceServerDsl { var accessDeniedHandler: AccessDeniedHandler? = null var authenticationEntryPoint: AuthenticationEntryPoint? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/PortMapperDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/PortMapperDsl.kt index 4ad9954fe3..d23f584fe0 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/PortMapperDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/PortMapperDsl.kt @@ -28,6 +28,7 @@ import org.springframework.security.web.PortMapper * @since 5.3 * @property portMapper allows specifying the [PortMapper] instance. */ +@SecurityMarker class PortMapperDsl { private val mappings = mutableListOf>() diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/RequestCacheDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/RequestCacheDsl.kt index b3cc6aa67c..b57f017538 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/RequestCacheDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/RequestCacheDsl.kt @@ -28,6 +28,7 @@ import org.springframework.security.web.savedrequest.RequestCache * @since 5.3 * @property requestCache allows explicit configuration of the [RequestCache] to be used */ +@SecurityMarker class RequestCacheDsl { var requestCache: RequestCache? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/Saml2Dsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/Saml2Dsl.kt index 5475e1fab5..01dec52b63 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/Saml2Dsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/Saml2Dsl.kt @@ -42,6 +42,7 @@ import org.springframework.security.web.authentication.AuthenticationSuccessHand * @property permitAll whether to grant access to the urls for [failureUrl] as well as * for the [HttpSecurityBuilder], the [loginPage] and [loginProcessingUrl] for every user */ +@SecurityMarker class Saml2Dsl { var relyingPartyRegistrationRepository: RelyingPartyRegistrationRepository? = null var loginPage: String? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/SecurityMarker.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/SecurityMarker.kt new file mode 100644 index 0000000000..d86554668e --- /dev/null +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/SecurityMarker.kt @@ -0,0 +1,26 @@ +/* + * Copyright 2002-2020 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security.config.web.servlet + +/** + * Marker annotation indicating that the annotated class is part of the security DSL. + * + * @author Eleftheria Stein + * @since 5.3 + */ +@DslMarker +annotation class SecurityMarker diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/SessionManagementDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/SessionManagementDsl.kt index d7fed24d0d..c0405ff4f8 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/SessionManagementDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/SessionManagementDsl.kt @@ -32,6 +32,7 @@ import org.springframework.security.web.session.InvalidSessionStrategy * @author Eleftheria Stein * @since 5.3 */ +@SecurityMarker class SessionManagementDsl { var invalidSessionUrl: String? = null var invalidSessionStrategy: InvalidSessionStrategy? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/X509Dsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/X509Dsl.kt index bf41b4ec25..5abcb3a518 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/X509Dsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/X509Dsl.kt @@ -44,6 +44,7 @@ import javax.servlet.http.HttpServletRequest * @property authenticationUserDetailsService the [AuthenticationUserDetailsService] to use * @property subjectPrincipalRegex the regex to extract the principal from the certificate */ +@SecurityMarker class X509Dsl { var x509AuthenticationFilter: X509AuthenticationFilter? = null var x509PrincipalExtractor: X509PrincipalExtractor? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDsl.kt index 611d98b25a..7525348bd0 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/CacheControlDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker /** * A Kotlin DSL to configure the [HttpSecurity] cache control headers using idiomatic @@ -26,6 +27,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon * @author Eleftheria Stein * @since 5.3 */ +@SecurityMarker class CacheControlDsl { private var disabled = false diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDsl.kt index 48c64a76b0..1a27e5c197 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentSecurityPolicyDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker /** * A Kotlin DSL to configure the [HttpSecurity] Content-Security-Policy header using @@ -28,6 +29,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon * @property policyDirectives the security policy directive(s) to be used in the response header. * @property reportOnly includes the Content-Security-Policy-Report-Only header in the response. */ +@SecurityMarker class ContentSecurityPolicyDsl { var policyDirectives: String? = null var reportOnly: Boolean? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDsl.kt index 1cdff0356e..5ef495a2c5 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ContentTypeOptionsDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker /** * A Kotlin DSL to configure [HttpSecurity] X-Content-Type-Options header using idiomatic @@ -26,6 +27,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon * @author Eleftheria Stein * @since 5.3 */ +@SecurityMarker class ContentTypeOptionsDsl { private var disabled = false diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDsl.kt index dec22a52e3..b16f2d0b23 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/FrameOptionsDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker /** * A Kotlin DSL to configure the [HttpSecurity] X-Frame-Options header using @@ -29,6 +30,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon * application. * @property deny deny framing any content from this application. */ +@SecurityMarker class FrameOptionsDsl { var sameOrigin: Boolean? = null var deny: Boolean? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDsl.kt index d3d25532fa..5307351781 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpPublicKeyPinningDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker /** * A Kotlin DSL to configure the [HttpSecurity] HTTP Public Key Pinning header using @@ -34,6 +35,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon * the server. * @property reportUri the URI to which the browser should report pin validation failures. */ +@SecurityMarker class HttpPublicKeyPinningDsl { var pins: Map? = null var maxAgeInSeconds: Long? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDsl.kt index 92c8da1530..a1e109f94e 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/HttpStrictTransportSecurityDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker import org.springframework.security.web.util.matcher.RequestMatcher /** @@ -34,6 +35,7 @@ import org.springframework.security.web.util.matcher.RequestMatcher * @property includeSubDomains if true, subdomains should be considered HSTS Hosts too. * @property preload if true, preload will be included in HSTS Header. */ +@SecurityMarker class HttpStrictTransportSecurityDsl { var maxAgeInSeconds: Long? = null var requestMatcher: RequestMatcher? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDsl.kt index 226891e2d5..944407dc12 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/ReferrerPolicyDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWriter /** @@ -28,6 +29,7 @@ import org.springframework.security.web.header.writers.ReferrerPolicyHeaderWrite * @since 5.3 * @property policy the policy to be used in the response header. */ +@SecurityMarker class ReferrerPolicyDsl { var policy: ReferrerPolicyHeaderWriter.ReferrerPolicy? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDsl.kt index 3b919ef9c1..b023e8db35 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/headers/XssProtectionConfigDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.headers import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker /** * A Kotlin DSL to configure the [HttpSecurity] XSS protection header using @@ -29,6 +30,7 @@ import org.springframework.security.config.annotation.web.configurers.HeadersCon * @property xssProtectionEnabled if true, the header value will contain a value of 1. * If false, will explicitly disable specify that X-XSS-Protection is disabled. */ +@SecurityMarker class XssProtectionConfigDsl { var block: Boolean? = null var xssProtectionEnabled: Boolean? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDsl.kt index ea0b6ae143..6e04aae818 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/client/AuthorizationCodeGrantDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.client import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2ClientConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository @@ -34,6 +35,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ * @property accessTokenResponseClient the client used for requesting the access token credential * from the Token Endpoint. */ +@SecurityMarker class AuthorizationCodeGrantDsl { var authorizationRequestResolver: OAuth2AuthorizationRequestResolver? = null var authorizationRequestRepository: AuthorizationRequestRepository? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDsl.kt index b78928ee5f..c416adea91 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/AuthorizationEndpointDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.login import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest @@ -32,6 +33,7 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequ * @property authorizationRequestResolver the resolver used for resolving [OAuth2AuthorizationRequest]'s. * @property authorizationRequestRepository the repository used for storing [OAuth2AuthorizationRequest]'s. */ +@SecurityMarker class AuthorizationEndpointDsl { var baseUri: String? = null var authorizationRequestResolver: OAuth2AuthorizationRequestResolver? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDsl.kt index 929e464260..a15d6e419e 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/RedirectionEndpointDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.login import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker /** * A Kotlin DSL to configure the Authorization Server's Redirection Endpoint using @@ -27,6 +28,7 @@ import org.springframework.security.config.annotation.web.configurers.oauth2.cli * @since 5.3 * @property baseUri the URI where the authorization response will be processed. */ +@SecurityMarker class RedirectionEndpointDsl { var baseUri: String? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDsl.kt index 79aadfc15f..0997c15e87 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/TokenEndpointDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.login import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest @@ -30,6 +31,7 @@ import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCo * @property accessTokenResponseClient the client used for requesting the access token credential * from the Token Endpoint. */ +@SecurityMarker class TokenEndpointDsl { var accessTokenResponseClient: OAuth2AccessTokenResponseClient? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDsl.kt index 892753f1ce..f2e30083d6 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/login/UserInfoEndpointDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.login import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.oauth2.client.OAuth2LoginConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest import org.springframework.security.oauth2.client.registration.ClientRegistration @@ -38,6 +39,7 @@ import org.springframework.security.oauth2.core.user.OAuth2User * End-User from the UserInfo Endpoint. * @property userAuthoritiesMapper the [GrantedAuthoritiesMapper] used for mapping [OAuth2User.getAuthorities] */ +@SecurityMarker class UserInfoEndpointDsl { var userService: OAuth2UserService? = null var oidcUserService: OAuth2UserService? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDsl.kt index ce9d7a6912..2236aa4d10 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/JwtDsl.kt @@ -20,6 +20,7 @@ import org.springframework.core.convert.converter.Converter import org.springframework.security.authentication.AbstractAuthenticationToken import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker import org.springframework.security.oauth2.jwt.Jwt import org.springframework.security.oauth2.jwt.JwtDecoder @@ -34,6 +35,7 @@ import org.springframework.security.oauth2.jwt.JwtDecoder * @property jwkSetUri configures a [JwtDecoder] using a * JSON Web Key (JWK) URL */ +@SecurityMarker class JwtDsl { private var _jwtDecoder: JwtDecoder? = null private var _jwkSetUri: String? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDsl.kt index a6829b7e0c..062509cb0e 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/oauth2/resourceserver/OpaqueTokenDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.oauth2.resourceserver import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector /** @@ -28,6 +29,7 @@ import org.springframework.security.oauth2.server.resource.introspection.OpaqueT * @property introspectionUri the URI of the Introspection endpoint. * @property introspector the [OpaqueTokenIntrospector] to use. */ +@SecurityMarker class OpaqueTokenDsl { private var _introspectionUri: String? = null private var _introspector: OpaqueTokenIntrospector? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDsl.kt index 5be837c81f..d673cccb69 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionConcurrencyDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.session import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker import org.springframework.security.core.session.SessionRegistry import org.springframework.security.web.session.SessionInformationExpiredStrategy @@ -36,8 +37,8 @@ import org.springframework.security.web.session.SessionInformationExpiredStrateg * [maximumSessions] has been reached. Otherwise (default), the user who authenticates * is allowed access and an existing user's session is expired. * @property sessionRegistry the [SessionRegistry] implementation used. - * */ +@SecurityMarker class SessionConcurrencyDsl { var maximumSessions: Int? = null var expiredUrl: String? = null diff --git a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDsl.kt b/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDsl.kt index 7fa4c3d5cd..a5ee7188a0 100644 --- a/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDsl.kt +++ b/config/src/main/kotlin/org/springframework/security/config/web/servlet/session/SessionFixationDsl.kt @@ -18,6 +18,7 @@ package org.springframework.security.config.web.servlet.session import org.springframework.security.config.annotation.web.builders.HttpSecurity import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer +import org.springframework.security.config.web.servlet.SecurityMarker import javax.servlet.http.HttpServletRequest import javax.servlet.http.HttpSession @@ -28,6 +29,7 @@ import javax.servlet.http.HttpSession * @author Eleftheria Stein * @since 5.3 */ +@SecurityMarker class SessionFixationDsl { private var strategy: SessionFixationStrategy? = null