CODEWITHSUNDEEP
spring-bootkotlinintellij-ideaspring-security
Stuck
Stuck

Reputation: 12292

How to enable spring security kotlin DSL?

How can we enable support for the spring security kotlin DSL?

As you can see from the Screenshot of the IDE (IntelliJ), the DSL is not available:

enter image description here

This is the full SecurityConfig.kt file:

package com.example.backend.core

import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
import org.springframework.security.config.web.server.ServerHttpSecurity
import org.springframework.security.web.server.SecurityWebFilterChain

@EnableWebFluxSecurity
class SecurityConfig {

  @Bean
  fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain? {
    return http {
      csrf { disable() }
      formLogin { disable() }
      httpBasic { disable() }
      // ...
    }
  }

}

This is our build.gradle.kts

import org.jetbrains.kotlin.gradle.tasks.KotlinCompile

val springBootVersion = "2.4.2"

plugins {
    id("org.springframework.boot") version "2.4.2"
    id("io.spring.dependency-management") version "1.0.11.RELEASE"
    kotlin("jvm") version "1.4.21"
    kotlin("plugin.spring") version "1.4.21"
}

group = "com.example"
version = "0.0.1-SNAPSHOT"
java.sourceCompatibility = JavaVersion.VERSION_11

configurations {
    compileOnly {
        extendsFrom(configurations.annotationProcessor.get())
    }
}

repositories {
    mavenCentral()
}

dependencies {
    implementation("org.springframework.boot:spring-boot-starter-actuator")
    implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
    implementation("org.springframework.boot:spring-boot-starter-security")
    implementation("org.springframework.boot:spring-boot-starter-webflux")
    implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
    implementation("io.projectreactor.kotlin:reactor-kotlin-extensions")
    implementation("org.flywaydb:flyway-core")
    implementation("org.jetbrains.kotlin:kotlin-reflect")
    implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor")
    developmentOnly("org.springframework.boot:spring-boot-devtools")
    runtimeOnly("io.micrometer:micrometer-registry-prometheus")
    runtimeOnly("org.postgresql:postgresql")
    annotationProcessor("org.springframework.boot:spring-boot-configuration-processor")
    testImplementation("org.springframework.boot:spring-boot-starter-test")
    testImplementation("io.projectreactor:reactor-test")
    testImplementation("org.springframework.security:spring-security-test")
}

tasks.withType<KotlinCompile> {
    kotlinOptions {
        freeCompilerArgs = listOf("-Xjsr305=strict")
        jvmTarget = "11"
    }
}

tasks.withType<Test> {
    useJUnitPlatform()
}

And this is the intellij version:

IntelliJ IDEA 2020.3 (Community Edition)
Build #IC-203.5981.155, built on November 30, 2020
Runtime version: 11.0.9+11-b1145.21 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Linux 5.4.0-64-generic
GC: ParNew, ConcurrentMarkSweep
Memory: 1979M
Cores: 12
Registry: compiler.automake.allow.when.app.running=true
Non-Bundled Plugins: Key Promoter X, Dart, io.flutter, Lombook Plugin, org.jetbrains.kotlin
Current Desktop: X-Cinnamon

Do we miss some dependency? Does it require any specific intellij setup?

Upvotes: 25

Views: 6018

Answers (5)

leonidv
leonidv

Reputation: 1412

Magic import for Spring Boot 3.2.1, Spring Security 6.2.1

import org.springframework.security.config.annotation.web.invoke

Upvotes: 2

remykarem
remykarem

Reputation: 2469

What worked for me was to explicitly call the .invoke method on the HttpSecurity object:

http.invoke {
    csrf { disable }
}

which will force my IDE (I'm using IntelliJ) to import the .invoke.

Upvotes: 9

albertocavalcante
albertocavalcante

Reputation: 611

I noticed your question was regarding WebFlux, but just complementing @Eleftheria's answer.

For WebMvc folks you should import:

import org.springframework.security.config.web.servlet.invoke

(servlet vs server)

Upvotes: 15

Eleftheria Stein-Kousathana
Eleftheria Stein-Kousathana

Reputation: 6479

You need to manually import the ServerHttpSecurity invoke.

import org.springframework.security.config.web.server.invoke

Because of this Kotlin issue in 1.4, the IDE does not suggest it to you as it should.

This is scheduled to be fixed in Kotlin 1.4.30.

Upvotes: 28

Andrey
Andrey

Reputation: 16391

This DSL is built in starting since Spring Security 5.3 version. For example the org.springframework.security:spring-security-config:5.3.4.RELEASE library has it: org.springframework.security.config.web.servlet.HttpSecurityDsl#csrf And for example the

compile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: '2.3.3.RELEASE'

library will contain it.

Upvotes: 2

Related Questions