Spring Security allows you to write your own Domain Specific Language (DSL), which can be used to configure security in your application. We have already seen a custom DSL in action when we implemented SAML authentication using OKTA. We used an OKTA-provided custom DSL to configure Spring Security.

To write your own custom DSL, you can extend the AbstractHttpConfigurer class and override a few of it's methods, as shown here:

public class CustomDSL extends AbstractHttpConfigurer<CustomDSL, HttpSecurity> {
    @Override
    public void init(HttpSecurity builder) throws Exception {
       // Any configurations that you would like to do (say as default) can be  
       configured here
    }

    @Override
    public void configure(HttpSecurity builder) throws Exception {
       // Can add anything specific to your application and this will be honored
    }
}

In your Spring Security configuration class (the configure method), you can then use your custom DSL, as shown here:

@Override
 protected void configure(HttpSecurity http) throws Exception {
     http
         .apply(<invoke custom DSL>)
         ...;
 }

When Spring Security sees a custom DSL setup, the execution of code is as follows:

1. Invoke the Spring Security configuration class's configure method
2. Invoke the custom DSL init method
3. Invoke the custom DSL configure method

Spring Security uses this approach to implement authorizeRequests().