i love the new Customizer approach but they dont declare checked exceptions. (Yes, I know Spring itself has Throwing* variants...) and so when i want to use things like the new authorizationServer() DSL method, it requires a try / catch block.
my $0.02 is that its a config DSL. either fix the DSL so we can't configure ourselves into an invalid state OR report the error at startup time along with everything else. but the way it is, we have to deal with the error at design time AND wait till runtime to figure out what went wrong. only to then have to re-do the DSL, since there's no logical step we could take to compensate for the error. its simply an invalid config.
@Bean
Customizer<HttpSecurity> securityCustomizer() {
return httpSecurity -> {
try {
httpSecurity
.oauth2AuthorizationServer(x -> x.oidc(Customizer.withDefaults()))
.webAuthn(x -> x
.allowedOrigins("http://localhost:9090")
.rpId("localhost")
.rpName("bootiful")
)
.oneTimeTokenLogin(ott -> ott.tokenGenerationSuccessHandler(
new OneTimeTokenGenerationSuccessHandler() {
@Override
public void handle(HttpServletRequest request,
HttpServletResponse response,
OneTimeToken oneTimeToken) throws IOException, ServletException {
}
}
));
} catch (Exception e) {
throw new RuntimeException(e);
}
};
}
i love the new
Customizerapproach but they dont declare checked exceptions. (Yes, I know Spring itself hasThrowing*variants...) and so when i want to use things like the new authorizationServer() DSL method, it requires a try / catch block.my $0.02 is that its a config DSL. either fix the DSL so we can't configure ourselves into an invalid state OR report the error at startup time along with everything else. but the way it is, we have to deal with the error at design time AND wait till runtime to figure out what went wrong. only to then have to re-do the DSL, since there's no logical step we could take to compensate for the error. its simply an invalid config.