From 1706e747dd28afc4097ee40724f9589fab2fe60c Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <andy.wilkinson@broadcom.com>
Date: Mon, 7 Jul 2025 19:11:31 +0100
Subject: [PATCH] Revert "Work around circular dependency regression in
 Security"

This reverts commit 20a4e6ff3c1bfa8d8d9aa24fb8acbae540bec294.

See gh-45492
---
 .../OAuth2ClientWebSecurityAutoConfiguration.java        | 7 -------
 .../servlet/OAuth2ResourceServerAutoConfiguration.java   | 9 ---------
 .../servlet/SpringBootWebSecurityConfiguration.java      | 7 -------
 3 files changed, 23 deletions(-)

diff --git a/spring-boot-project/spring-boot-security-oauth2-client/src/main/java/org/springframework/boot/security/oauth2/client/autoconfigure/servlet/OAuth2ClientWebSecurityAutoConfiguration.java b/spring-boot-project/spring-boot-security-oauth2-client/src/main/java/org/springframework/boot/security/oauth2/client/autoconfigure/servlet/OAuth2ClientWebSecurityAutoConfiguration.java
index ef737692b8d..1bfb5f813fb 100644
--- a/spring-boot-project/spring-boot-security-oauth2-client/src/main/java/org/springframework/boot/security/oauth2/client/autoconfigure/servlet/OAuth2ClientWebSecurityAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-security-oauth2-client/src/main/java/org/springframework/boot/security/oauth2/client/autoconfigure/servlet/OAuth2ClientWebSecurityAutoConfiguration.java
@@ -30,7 +30,6 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
 import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
@@ -53,12 +52,6 @@ import static org.springframework.security.config.Customizer.withDefaults;
 @ConditionalOnWebApplication(type = Type.SERVLET)
 public class OAuth2ClientWebSecurityAutoConfiguration {
 
-	@Bean
-	@ConditionalOnMissingBean(name = "workAroundSecurityDependencyCyclePathPatternRequestMatcherBuilder")
-	PathPatternRequestMatcherBuilderFactoryBean workAroundSecurityDependencyCyclePathPatternRequestMatcherBuilder() {
-		return new PathPatternRequestMatcherBuilderFactoryBean();
-	}
-
 	@Bean
 	@ConditionalOnMissingBean
 	OAuth2AuthorizedClientRepository authorizedClientRepository(OAuth2AuthorizedClientService authorizedClientService) {
diff --git a/spring-boot-project/spring-boot-security-oauth2-resource-server/src/main/java/org/springframework/boot/security/oauth2/server/resource/autoconfigure/servlet/OAuth2ResourceServerAutoConfiguration.java b/spring-boot-project/spring-boot-security-oauth2-resource-server/src/main/java/org/springframework/boot/security/oauth2/server/resource/autoconfigure/servlet/OAuth2ResourceServerAutoConfiguration.java
index cb6a249a5b3..12c1201a732 100644
--- a/spring-boot-project/spring-boot-security-oauth2-resource-server/src/main/java/org/springframework/boot/security/oauth2/server/resource/autoconfigure/servlet/OAuth2ResourceServerAutoConfiguration.java
+++ b/spring-boot-project/spring-boot-security-oauth2-resource-server/src/main/java/org/springframework/boot/security/oauth2/server/resource/autoconfigure/servlet/OAuth2ResourceServerAutoConfiguration.java
@@ -19,7 +19,6 @@ package org.springframework.boot.security.oauth2.server.resource.autoconfigure.s
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication.Type;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
@@ -27,9 +26,7 @@ import org.springframework.boot.security.autoconfigure.actuate.servlet.Managemen
 import org.springframework.boot.security.autoconfigure.servlet.SecurityAutoConfiguration;
 import org.springframework.boot.security.autoconfigure.servlet.UserDetailsServiceAutoConfiguration;
 import org.springframework.boot.security.oauth2.server.resource.autoconfigure.OAuth2ResourceServerProperties;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
-import org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
 
 /**
@@ -47,10 +44,4 @@ import org.springframework.security.oauth2.server.resource.authentication.Bearer
 		Oauth2ResourceServerConfiguration.OpaqueTokenConfiguration.class })
 public class OAuth2ResourceServerAutoConfiguration {
 
-	@Bean
-	@ConditionalOnMissingBean(name = "workAroundSecurityDependencyCyclePathPatternRequestMatcherBuilder")
-	PathPatternRequestMatcherBuilderFactoryBean workAroundSecurityDependencyCyclePathPatternRequestMatcherBuilder() {
-		return new PathPatternRequestMatcherBuilderFactoryBean();
-	}
-
 }
diff --git a/spring-boot-project/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/SpringBootWebSecurityConfiguration.java b/spring-boot-project/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/SpringBootWebSecurityConfiguration.java
index 7865afe5c14..4eae2c62198 100644
--- a/spring-boot-project/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/SpringBootWebSecurityConfiguration.java
+++ b/spring-boot-project/spring-boot-security/src/main/java/org/springframework/boot/security/autoconfigure/servlet/SpringBootWebSecurityConfiguration.java
@@ -33,7 +33,6 @@ import org.springframework.core.annotation.Order;
 import org.springframework.security.config.BeanIds;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.web.PathPatternRequestMatcherBuilderFactoryBean;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
 
@@ -48,12 +47,6 @@ import static org.springframework.security.config.Customizer.withDefaults;
 @ConditionalOnWebApplication(type = Type.SERVLET)
 class SpringBootWebSecurityConfiguration {
 
-	@Bean
-	@ConditionalOnMissingBean(name = "workAroundSecurityDependencyCyclePathPatternRequestMatcherBuilder")
-	PathPatternRequestMatcherBuilderFactoryBean workAroundSecurityDependencyCyclePathPatternRequestMatcherBuilder() {
-		return new PathPatternRequestMatcherBuilderFactoryBean();
-	}
-
 	@Configuration(proxyBeanMethods = false)
 	@ConditionalOnBean(DispatcherServletPath.class)
 	@ConditionalOnClass(DispatcherServletPath.class)