Spring Security Idiomatic Kotlin DSL for configuring HTTP security

there are some exciting options for DSL designers in the Kotlin world. It'd be nice to support a Kotlin-DSL that does in a more idiomatic way what Spring Security does.

It would be able to take advantage of nested builder DSLs, like this

Comment From: metacubed

@eleftherias and @joshlong, what do you think about simplifying this further?

override fun configure(http: HttpSecurity) {
    http {
        authorizeRequests {
            + "/path" to permitAll
            + "/user/{userName}" to "#userName == 'user'"
            + RegexRequestMatcher(".*", null) to authenticated
        }
    }
}

This option implements a + operator as an alternative to the authorize method. This would only be executed at config/startup time, so the additional Pair creation would probably be ok.

Comment From: eleftherias

Thanks for the suggestion @metacubed. I would refrain from using the + operator in this context, because it is already a well defined infix binary operator. Using it at the start of the line with only one parameter strays from its intended use-case and may confuse users.

Comment From: eleftherias

A native Kotlin DSL for servlet based applications is available as of Spring Security 5.3. The native Kotlin DSL for WebFlux based applications will be part of Spring Security 5.4. Spring Security 5.4.0.M1 is scheduled for 2020/05/06.