Spring Security allows you to write your own Domain Specific Language (DSL), which can be used to configure security in your application. We have already seen a custom DSL in action when we implemented SAML authentication using OKTA. We used an OKTA-provided custom DSL to configure Spring Security.
To write your own custom DSL, you can extend the AbstractHttpConfigurer class and override a few of it's methods, as shown here:
public class CustomDSL extends AbstractHttpConfigurer<CustomDSL, HttpSecurity> {
@Override
public void init(HttpSecurity builder) throws Exception {
// Any configurations that you would like to do (say as default) can be
configured here
}
@Override
public void configure(HttpSecurity builder) throws Exception {
// Can add anything specific to your application and this will be honored
}
}
In your Spring Security configuration class (the configure method), you can then use your custom DSL, as shown here:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.apply(<invoke custom DSL>)
...;
}
When Spring Security sees a custom DSL setup, the execution of code is as follows:
- Invoke the Spring Security configuration class's configure method
- Invoke the custom DSL init method
- Invoke the custom DSL configure method
Spring Security uses this approach to implement authorizeRequests().