From 64d26a42a0c173febed4da10ea8a0ea9ede3a46f Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Sat, 22 Oct 2022 06:00:16 -0400 Subject: [PATCH] Use securityMatcher() and authorizeHttpRequests() Closes gh-922 --- .../jwt/JwtUserInfoMapperSecurityConfig.java | 4 ++-- ...Auth2AuthorizationServerConfiguration.java | 6 ++--- .../OAuth2AuthorizationCodeGrantTests.java | 24 +++++++++---------- ...Auth2AuthorizationServerMetadataTests.java | 6 ++--- .../OAuth2ClientCredentialsGrantTests.java | 12 +++++----- .../OAuth2TokenIntrospectionTests.java | 6 ++--- .../OAuth2TokenRevocationTests.java | 6 ++--- .../OidcClientRegistrationTests.java | 6 ++--- .../OidcProviderConfigurationTests.java | 6 ++--- .../annotation/web/configurers/OidcTests.java | 6 ++--- .../web/configurers/OidcUserInfoTests.java | 18 +++++++------- .../config/AuthorizationServerConfig.java | 6 ++--- .../sample/config/DefaultSecurityConfig.java | 6 ++--- .../sample/config/DefaultSecurityConfig.java | 6 ++--- .../sample/config/DefaultSecurityConfig.java | 6 ++--- .../java/sample/config/SecurityConfig.java | 8 +++---- .../sample/config/ResourceServerConfig.java | 8 +++---- 17 files changed, 70 insertions(+), 70 deletions(-) diff --git a/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java b/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java index e71da1b8..b0e1fecf 100644 --- a/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java +++ b/docs/src/docs/asciidoc/examples/src/main/java/sample/userinfo/jwt/JwtUserInfoMapperSecurityConfig.java @@ -83,8 +83,8 @@ public class JwtUserInfoMapperSecurityConfig { ) ); http - .requestMatcher(endpointsMatcher) - .authorizeRequests((authorize) -> authorize + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests((authorize) -> authorize .anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) diff --git a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java index 6ba4bf79..56cc5939 100644 --- a/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java +++ b/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java @@ -63,9 +63,9 @@ public class OAuth2AuthorizationServerConfiguration { .getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .apply(authorizationServerConfigurer); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java index c2dc6c27..5f554d1d 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationCodeGrantTests.java @@ -843,9 +843,9 @@ public class OAuth2AuthorizationCodeGrantTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .securityContext(securityContext -> @@ -905,9 +905,9 @@ public class OAuth2AuthorizationCodeGrantTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .apply(authorizationServerConfigurer); @@ -938,9 +938,9 @@ public class OAuth2AuthorizationCodeGrantTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .apply(authorizationServerConfigurer); @@ -1029,9 +1029,9 @@ public class OAuth2AuthorizationCodeGrantTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .apply(authorizationServerConfigurer); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java index 5f2449e4..fc23fdf6 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2AuthorizationServerMetadataTests.java @@ -178,9 +178,9 @@ public class OAuth2AuthorizationServerMetadataTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientCredentialsGrantTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientCredentialsGrantTests.java index 2e7a2191..fb5f4612 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientCredentialsGrantTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2ClientCredentialsGrantTests.java @@ -415,9 +415,9 @@ public class OAuth2ClientCredentialsGrantTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .apply(authorizationServerConfigurer); @@ -447,9 +447,9 @@ public class OAuth2ClientCredentialsGrantTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .apply(authorizationServerConfigurer); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java index 120e8287..2257460e 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenIntrospectionTests.java @@ -519,9 +519,9 @@ public class OAuth2TokenIntrospectionTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .apply(authorizationServerConfigurer); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationTests.java index 6dbc63d7..4c0e240c 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OAuth2TokenRevocationTests.java @@ -339,9 +339,9 @@ public class OAuth2TokenRevocationTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .apply(authorizationServerConfigurer); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java index 2fb92bf6..6571a186 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcClientRegistrationTests.java @@ -366,9 +366,9 @@ public class OidcClientRegistrationTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt) diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java index 035f5933..8ef8e83b 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcProviderConfigurationTests.java @@ -235,9 +235,9 @@ public class OidcProviderConfigurationTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java index f6caa7e4..0f614cfa 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcTests.java @@ -367,9 +367,9 @@ public class OidcTests { RequestMatcher endpointsMatcher = authorizationServerConfigurer.getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)); diff --git a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java index 5e721a50..b5a488b5 100644 --- a/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java +++ b/oauth2-authorization-server/src/test/java/org/springframework/security/oauth2/server/authorization/config/annotation/web/configurers/OidcUserInfoTests.java @@ -280,9 +280,9 @@ public class OidcUserInfoTests { // @formatter:off http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt) @@ -311,9 +311,9 @@ public class OidcUserInfoTests { // @formatter:off http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt) @@ -338,9 +338,9 @@ public class OidcUserInfoTests { // @formatter:off http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt) diff --git a/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java b/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java index 5b92994e..b4839a9b 100644 --- a/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java +++ b/samples/custom-consent-authorizationserver/src/main/java/sample/config/AuthorizationServerConfig.java @@ -67,9 +67,9 @@ public class AuthorizationServerConfig { .getEndpointsMatcher(); http - .requestMatcher(endpointsMatcher) - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .securityMatcher(endpointsMatcher) + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .csrf(csrf -> csrf.ignoringRequestMatchers(endpointsMatcher)) .exceptionHandling(exceptions -> diff --git a/samples/custom-consent-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java b/samples/custom-consent-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java index e70d509d..c9a83b4a 100644 --- a/samples/custom-consent-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java +++ b/samples/custom-consent-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 the original author or authors. + * Copyright 2020-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -36,8 +36,8 @@ public class DefaultSecurityConfig { @Bean SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { http - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .formLogin(withDefaults()); return http.build(); diff --git a/samples/default-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java b/samples/default-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java index 1eaca369..debf345c 100644 --- a/samples/default-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java +++ b/samples/default-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 the original author or authors. + * Copyright 2020-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -37,8 +37,8 @@ public class DefaultSecurityConfig { @Bean SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception { http - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .formLogin(withDefaults()); return http.build(); diff --git a/samples/federated-identity-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java b/samples/federated-identity-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java index 34855b16..8ea0051c 100644 --- a/samples/federated-identity-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java +++ b/samples/federated-identity-authorizationserver/src/main/java/sample/config/DefaultSecurityConfig.java @@ -41,9 +41,9 @@ public class DefaultSecurityConfig { FederatedIdentityConfigurer federatedIdentityConfigurer = new FederatedIdentityConfigurer() .oauth2UserHandler(new UserRepositoryOAuth2UserHandler()); http - .authorizeRequests(authorizeRequests -> - authorizeRequests - .mvcMatchers("/assets/**", "/webjars/**", "/login").permitAll() + .authorizeHttpRequests(authorize -> + authorize + .requestMatchers("/assets/**", "/webjars/**", "/login").permitAll() .anyRequest().authenticated() ) .formLogin(Customizer.withDefaults()) diff --git a/samples/messages-client/src/main/java/sample/config/SecurityConfig.java b/samples/messages-client/src/main/java/sample/config/SecurityConfig.java index 56dfd0e4..184d8233 100644 --- a/samples/messages-client/src/main/java/sample/config/SecurityConfig.java +++ b/samples/messages-client/src/main/java/sample/config/SecurityConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 the original author or authors. + * Copyright 2020-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -32,15 +32,15 @@ public class SecurityConfig { @Bean WebSecurityCustomizer webSecurityCustomizer() { - return (web) -> web.ignoring().antMatchers("/webjars/**"); + return (web) -> web.ignoring().requestMatchers("/webjars/**"); } // @formatter:off @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http - .authorizeRequests(authorizeRequests -> - authorizeRequests.anyRequest().authenticated() + .authorizeHttpRequests(authorize -> + authorize.anyRequest().authenticated() ) .oauth2Login(oauth2Login -> oauth2Login.loginPage("/oauth2/authorization/messaging-client-oidc")) diff --git a/samples/messages-resource/src/main/java/sample/config/ResourceServerConfig.java b/samples/messages-resource/src/main/java/sample/config/ResourceServerConfig.java index d12e7d69..f2dbaf43 100644 --- a/samples/messages-resource/src/main/java/sample/config/ResourceServerConfig.java +++ b/samples/messages-resource/src/main/java/sample/config/ResourceServerConfig.java @@ -1,5 +1,5 @@ /* - * Copyright 2020-2021 the original author or authors. + * Copyright 2020-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -31,9 +31,9 @@ public class ResourceServerConfig { @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http - .mvcMatcher("/messages/**") - .authorizeRequests() - .mvcMatchers("/messages/**").access("hasAuthority('SCOPE_message.read')") + .securityMatcher("/messages/**") + .authorizeHttpRequests() + .requestMatchers("/messages/**").hasAuthority("SCOPE_message.read") .and() .oauth2ResourceServer() .jwt();