java - Spring security and() function

Question

Can you please explain in a simple way for what reason we need to use and() method in HttpSecurity.

Code:

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/").hasAnyRole("Employee", "Manager", "HR")
            .antMatchers("/hr_info").hasRole("HR")
            .antMatchers("/manager_info/**").hasRole("Manager")
            .and().formLogin().permitAll();
}

question from:https://stackoverflow.com/questions/65906296/spring-security-and-function

Answer 1

The spring security reference explains it as follows.

The Java Configuration equivalent of closing an XML tag is expressed using the and() method which allows us to continue configuring the parent. If you read the code it also makes sense. I want to configure authorized requests and configure form login and configure HTTP Basic authentication.

Accordingly, you say the following with your own settings:

• Ensures that any request to our application requires the user to be authenticated,
• Allows authentication for some links only to the specified role,
• Allows users to authenticate with form based login.