Add with() method to apply Custom DSLs returning the builder

[bwgjoseph]

Given that and() is stated for removal, does it mean that in the future, I cannot chain the HttpSecurity?

// not possible
@Bean
public SecurityFilterChain docsFilterChain(HttpSecurity http) throws Exception {
    return http
        .apply(CustomDSL.customDSL()) //.and() deprecated
        .build();
}

// good to go
@Bean
public SecurityFilterChain docsFilterChain(HttpSecurity http) throws Exception {
    http
        .apply(CustomDSL.customDSL());

    return http.build();
}

[jzheaux]

Thanks for reaching out, @bwgjoseph, I think you make a good point that HttpSecurity#apply may not be suitable since it returns the given configurer instead of HttpSecurity. I'll reach out to the team for some thoughts and then get back to you.

[marcusdacoregio]

Hi @bwgjoseph, thank you so much for the report.

After talking to @jzheaux, we decided that we want to add a new with(...) method that returns the HttpSecurity in that case. It would look something like this:

public <C extends SecurityConfigurerAdapter<O, B>> B with(C configurer) throws Exception {
	configurer.addObjectPostProcessor(this.objectPostProcessor);
	configurer.setBuilder((B) this);
	add(configurer);
	return (B) this;
}

Then you can do:

http
	.with(new CustomDsl().myMethod())
	.formLogin(Customizer.withDefaults())
	.httpBasic(Customizer.withDefaults());

I already prioritized this for 6.2. I'll update the issue's title to align better with the problem if you are okay with it.

As of now, you can create a new method inside your custom DSL that returns the builder:

static class CustomDsl extends AbstractHttpConfigurer<CustomDsl, HttpSecurity> {

    // ...

    public HttpSecurity build() {
        return getBuilder();
    }

}

// then

http
    .apply(new CustomDsl()
        .myMethod()
        .myOtherMethod()
        .build())
    .formLogin(...)
    // ...

[bwgjoseph]

Thank you, this new way looks good.

I just tried what you suggested but encounter some error.

The method apply(C) in the type AbstractConfiguredSecurityBuilder<DefaultSecurityFilterChain,HttpSecurity> is not applicable for the arguments (HttpSecurity)

public class DummyDsl extends AbstractHttpConfigurer<DummyDsl, HttpSecurity> {
    @Override
    public void init(HttpSecurity http) throws Exception {
        http.formLogin(AbstractHttpConfigurer::disable);
    }

    public static DummyDsl dummyDsl() {
        return new DummyDsl();
    }

    public HttpSecurity build() {
        return getBuilder();
    }
}

[marcusdacoregio]

What I meant is to replace .and() with that method

http.apply(new DummyDsl()).build()
  .formLogin(...)
  .build();

I realize that the name of the method might be somewhat confusing. You might call it different than build().

[bwgjoseph]

Great, I think it works now.

Thanks for the great work 👏