'How to enable spring security kotlin DSL?

How can we enable support for the spring security kotlin DSL?

As you can see from the Screenshot of the IDE (IntelliJ), the DSL is not available:

enter image description here

This is the full SecurityConfig.kt file:

package com.example.backend.core

import org.springframework.context.annotation.Bean
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
import org.springframework.security.config.web.server.ServerHttpSecurity
import org.springframework.security.web.server.SecurityWebFilterChain

@EnableWebFluxSecurity
class SecurityConfig {

  @Bean
  fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain? {
    return http {
      csrf { disable() }
      formLogin { disable() }
      httpBasic { disable() }
      // ...
    }
  }

}

This is our build.gradle.kts

import org.jetbrains.kotlin.gradle.tasks.KotlinCompile

val springBootVersion = "2.4.2"

plugins {
    id("org.springframework.boot") version "2.4.2"
    id("io.spring.dependency-management") version "1.0.11.RELEASE"
    kotlin("jvm") version "1.4.21"
    kotlin("plugin.spring") version "1.4.21"
}

group = "com.example"
version = "0.0.1-SNAPSHOT"
java.sourceCompatibility = JavaVersion.VERSION_11

configurations {
    compileOnly {
        extendsFrom(configurations.annotationProcessor.get())
    }
}

repositories {
    mavenCentral()
}

dependencies {
    implementation("org.springframework.boot:spring-boot-starter-actuator")
    implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
    implementation("org.springframework.boot:spring-boot-starter-security")
    implementation("org.springframework.boot:spring-boot-starter-webflux")
    implementation("com.fasterxml.jackson.module:jackson-module-kotlin")
    implementation("io.projectreactor.kotlin:reactor-kotlin-extensions")
    implementation("org.flywaydb:flyway-core")
    implementation("org.jetbrains.kotlin:kotlin-reflect")
    implementation("org.jetbrains.kotlin:kotlin-stdlib-jdk8")
    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor")
    developmentOnly("org.springframework.boot:spring-boot-devtools")
    runtimeOnly("io.micrometer:micrometer-registry-prometheus")
    runtimeOnly("org.postgresql:postgresql")
    annotationProcessor("org.springframework.boot:spring-boot-configuration-processor")
    testImplementation("org.springframework.boot:spring-boot-starter-test")
    testImplementation("io.projectreactor:reactor-test")
    testImplementation("org.springframework.security:spring-security-test")
}

tasks.withType<KotlinCompile> {
    kotlinOptions {
        freeCompilerArgs = listOf("-Xjsr305=strict")
        jvmTarget = "11"
    }
}

tasks.withType<Test> {
    useJUnitPlatform()
}

And this is the intellij version:

IntelliJ IDEA 2020.3 (Community Edition)
Build #IC-203.5981.155, built on November 30, 2020
Runtime version: 11.0.9+11-b1145.21 amd64
VM: OpenJDK 64-Bit Server VM by JetBrains s.r.o.
Linux 5.4.0-64-generic
GC: ParNew, ConcurrentMarkSweep
Memory: 1979M
Cores: 12
Registry: compiler.automake.allow.when.app.running=true
Non-Bundled Plugins: Key Promoter X, Dart, io.flutter, Lombook Plugin, org.jetbrains.kotlin
Current Desktop: X-Cinnamon

Do we miss some dependency? Does it require any specific intellij setup?

spring-bootkotlinintellij-ideaspring-security


Solution 1:[1]

You need to manually import the ServerHttpSecurity invoke.

import org.springframework.security.config.web.server.invoke

Because of this Kotlin issue in 1.4, the IDE does not suggest it to you as it should.

This is scheduled to be fixed in Kotlin 1.4.30.

Solution 2:[2]

I noticed your question was regarding WebFlux, but just complementing @Eleftheria's answer.

For WebMvc folks you should import:

import org.springframework.security.config.web.servlet.invoke

(servlet vs server)

Solution 3:[3]

This DSL is built in starting since Spring Security 5.3 version. For example the org.springframework.security:spring-security-config:5.3.4.RELEASE library has it: org.springframework.security.config.web.servlet.HttpSecurityDsl#csrf And for example the

compile group: 'org.springframework.boot', name: 'spring-boot-starter-security', version: '2.3.3.RELEASE'

library will contain it.

Solution 4:[4]

What worked for me was to explicitly call the .invoke method on the HttpSecurity object:

http.invoke {
    csrf { disable }
}

which will force my IDE (I'm using IntelliJ) to import the .invoke.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Eleftheria Stein-Kousathana
Solution 2 albertocavalcante
Solution 3 Andrey
Solution 4 remykarem

Related Questions

IntelliJ Scala so slow on fast CPU with 32GB ram

Error when trying to update IntelliJ IDEA

SSL certificate problem: self signed certificate in certificate chain

How to fix "plugin was not found in any of the following sources"

“Unregistered Git root detected” because parent directory of project is versioned by Git

Can not open project with IntelliJ IDEA

How to Save PyCharm Embedded Terminal Tabs?

How can I enter a literal <TAB> character in IntelliJ/IDEA/PyCharm?

IntelliJ does not show project folders

Is there a way to sync settings across JetBrains IDEs?

How to switch existing Intellij IDEA projects from SVN to Git SVN

Trying ES6 style import gives 'Cannot use import statement outside a module'

Multi-line block select using the keyboard in IntelliJ IDEA on a Mac OS X

IntelliJ shows method parameter hints on usage - How to disable it

Java project folder structure in IntelliJ IDEA