Everybody is good, our company now plans to add spring security at a module on the core, the service request of our project will be through the core module, but the problem is that we will only send the core module of war file to the customer, now customer want to use their own security configuration, is there any way to separate the spring security and the core modules (namely open security configuration of the source code, to keep the core), still can achieve certification service?