Match request method with Kotlin DSL for Spring Security

Question

Spring Security provided Kotlin DSL for easier configuration. Here's an example from Spring Blog:

override fun configure(http: HttpSecurity?) {
    http {
        httpBasic {}
        authorizeRequests {
            authorize("/greetings/**", hasAuthority("ROLE_ADMIN"))
            authorize("/**", permitAll)
        }
    }
}

I want to allow only POST request to a particular path. In Java, you can do:

http
  .httpBasic().and()
  .authorizeRequests()
    .antMatchers(HttpMethod.POST, "/greetings").hasRole("ADMIN");

Any examples using Kotlin DSL?

score 5 · Accepted Answer · answered Aug 25 '20 at 10:15

Asked too early. Seems like I've found the solution after looking through source.

Adding for future reference:

override fun configure(http: HttpSecurity) {
    http {
        csrf { disable() }
        httpBasic {}
        authorizeRequests {
            authorize(AntPathRequestMatcher("/greetings", HttpMethod.POST.name),  hasRole("ADMIN"))
            authorize("/**", denyAll)
        }
    }
}

Match request method with Kotlin DSL for Spring Security

1 Answers1