Skip to content

Use AuthorizationManagerFactory in Kotlin DSL #17860

New issue
New issue
Closed
Closed
Use AuthorizationManagerFactory in Kotlin DSL#17860
Assignees
rwinch
Labels
in: configAn issue in spring-security-configtype: enhancementA general enhancement
Milestone
7.0.0-RC1
@sjohnr

Description

@sjohnr
sjohnr
opened on Sep 9, 2025

Currently, the Kotlin DSL for authorizeHttpRequests internally invokes the following static factory methods that should be replaced with calls to AuthorizationManagerFactory:

  • AuthorityAuthorizationManager.hasAuthority()
  • AuthorityAuthorizationManager.hasAnyRole()
  • IpAddressAuthorizationManager.hasIpAddress() (though this method is not part of AuthorizationManagerFactory so no changes needed here)
  • AuthenticatedAuthorizationManager.authenticated()
  • AuthenticatedAuthorizationManager.fullyAuthenticated()

Additionally, the permitAll and denyAll fields create inline AuthorizationManagers. The DSL doesn't currently appear to directly support anonymous() or rememberMe().

See this comment for context.

Related gh-17585

Metadata

Metadata

Assignees

Labels

in: configAn issue in spring-security-configtype: enhancementA general enhancement

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions