Make it impossible to add filters to HttpConfiguration without first adding a request matcher

[dsyer]

It's a bit confusing (for me) at the minute that it is optional to provide a matcher to HttpConfiguration, but that it still allows you to add one later.

http.httpBasic().and().antMatcher("/foo")

seems unintuitive and I think should be made impossible by the DSL.

Rob Winch: I don't want to require the user to make requestMatchers("/**") for the default case though David Syer: http.antMatcher("/foo").antMatcher("/bar").httpBasic() is legal Rob Winch: I see what you are saying David Syer: maybe the default case would be http.matchAll()? Rob Winch: I don't want them to need to specify the matchAll but I see what you are saying there David Syer: I wouldn't mind having to specify matchAll() as long as it was clear I had to do that to add any filters

[rwinch]

Thanks for logging this. I want to provide this note for myself when I look into this:

the thing is though that something like this also overrides:

http
    .httpBasic()
        .authenticationEntryPoint(entryPoint())
        .and()
    .httpBasic()
        .authenticationEntryPoint(otherEntryPoint())

Rob Winch: I'm not sure if we will be able to prevent such situations with all the options available

[rwinch]

I think this is a won't fix and refer to the (now added) javadoc on what is overridden