How to do Conditional Method chaining in Java 8

Question

I have a spring security config method. I want a particular method to be chained antMatchers("/**/**").permitAll() only if a condition matches. something like this {dev == true ? .antMatchers("/**/**").permitAll(): ()->{}} . Ofcourse it's not a valid syntax , what is the MOST CONSISE way of doing it . Looking for a menimum coding .

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .csrf().disable()
            .cors().disable()
            .authorizeRequests()
            {dev == true ? .antMatchers("/**/**").permitAll(): ()->{}} //dev only. NEVER enable on prod 
                .antMatchers("/", "/signup", "/static/**", "/api/sigin", "/api/signup", "**/favicon.ico").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/")
                .loginProcessingUrl("/api/signin")
                .successHandler(authSuccessHandler())
                .failureHandler(authFailureHandler())
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }

Reconsider having a flag in your code that turns off auth. That's a disastrous waiting to happen. — Boris the Spider, Jan 12 '19 at 02:42
@sapy, here is an alteranative approach you could consider: https://stackoverflow.com/a/74492221/511804 — Alexandr, Nov 18 '22 at 15:55

score 8 · Accepted Answer · answered Jan 11 '19 at 18:52

8

The only way is to assign the intermediate object to a variable.

WhateverAuthorizeRequestsReturns partial = http
    .csrf().disable()
    .cors().disable()
    .authorizeRequests();

if (dev) // note: you don't need 'dev == true' like you had
{
    partial.someOptionalThing();
    // if the type is immutable then you need to reassign e.g.:
    // partial = partial.someOptionalThing()
}

partial.something()
    .somethingElse()
    .andTheRest();

answered Jan 11 '19 at 18:52

Michael

41,989
11
82
128

Hmm.Good one. Let me wait for somebody if they can come up with an inline version of this. – sapy Jan 11 '19 at 18:56

score 4 · Answer 2 · answered Jan 12 '19 at 02:38

if all you want to do is to allow access to certain path based on a boolean value, you can try this :

 http
        .csrf().disable()
        .cors().disable()
        .authorizeRequests()
        .antMatchers(dev ? "/**/**":"invalid-path").permitAll()
            .antMatchers("/", "/signup", "/static/**", "/api/sigin", "/api/signup", "**/favicon.ico").permitAll()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/")
            .loginProcessingUrl("/api/signin")
            .successHandler(authSuccessHandler())
            .failureHandler(authFailureHandler())
            .permitAll()
            .and()
        .logout()
            .permitAll();

How to do Conditional Method chaining in Java 8

2 Answers2