Spring Security Declare authorization rules one at a time

The set of authorization rules declared in the Java DSL can get messy if not formatted properly. For example, a declaration like this:

http
    .authorizeHttpRequests((authorize) -> authorize
        .requestMatchers("/js/**", "/css/**", "/error").permitAll()
        .requestMatchers(HttpMethod.GET, "/api/**").hasAuthority("api")
        .anyRequest().denyAll()
    )

can quickly become hard to reason about when written like this:

http
    .authorizeHttpRequests((authorize) -> authorize
        .requestMatchers("/js/**", "/css/**", "/error").permitAll().requestMatchers(HttpMethod.GET, "/api/**").hasAuthority("api").anyRequest().denyAll()()
    )

The DSL could help users write authorization rules in a way that's easier to comprehend over time by requiring that rules be declared one at a time:

http
    .authorizeHttpRequests((request) -> {
        request.uris("/js/**", "/css/**", "/error").authorize().everyone();
        request.methods(HttpMethod.GET).uris("/api/**").authorize().authorities("api:read");
        request.unmatched().authorize().none();
    })

This would be achieved by having the authorization methods (permitAll, authorities, etc.) return void.

When there is only one rule, this simplifies to:

http
    .authorizeHttpRequests((requests) -> requests.authorize().authenticated())