Saturday, October 07, 2017

Ruminating on Builder design pattern in Spring Security

While configuring Spring Security, you can use the properties file to configure the filters and other classes, but another popular option is declaring the configuration using code - using the Builder design pattern.

Understanding the way to use the builder is a bit tricky. Lets look at the below code and try to dissect it.

The 'http' object represents the org.springframework.security.config.annotation.web.builders.HttpSecurity object and is similar to Spring Security's XML element.
The .authorizeRequests() method returns the ExpressionInterceptUrlRegistry method that can be used to add HTTP URL matching patterns. After this, you can add additional information as required. 

A good blog-post explaining more such options is given here - https://www.javabullets.com/securing-urls-using-spring-security/