Start building against Spring Security 6.5.0-RC1 snapshots

See gh-45147

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/cloudfoundry/servlet/CloudFoundryActuatorAutoConfiguration.java

@@ -62,7 +62,6 @@ import org.springframework.http.HttpMethod;
 import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
@@ -184,12 +183,15 @@ public class CloudFoundryActuatorAutoConfiguration {
 		}
 
 		@Override
+		@SuppressWarnings("removal")
 		public void customize(WebSecurity web) {
 			List<RequestMatcher> requestMatchers = new ArrayList<>();
 			this.pathMappedEndpoints.getAllPaths()
-				.forEach((path) -> requestMatchers.add(new AntPathRequestMatcher(path + "/**")));
-			requestMatchers.add(new AntPathRequestMatcher(BASE_PATH));
-			requestMatchers.add(new AntPathRequestMatcher(BASE_PATH + "/"));
+				.forEach((path) -> requestMatchers
+					.add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(path + "/**")));
+			requestMatchers.add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(BASE_PATH));
+			requestMatchers
+				.add(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(BASE_PATH + "/"));
 			web.ignoring().requestMatchers(new OrRequestMatcher(requestMatchers));
 		}
 

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/AntPathRequestMatcherProvider.java

@@ -37,9 +37,11 @@ class AntPathRequestMatcherProvider implements RequestMatcherProvider {
 	}
 
 	@Override
+	@SuppressWarnings("removal")
 	public RequestMatcher getRequestMatcher(String pattern, HttpMethod httpMethod) {
 		String path = this.pathFactory.apply(pattern);
-		return new AntPathRequestMatcher(path, (httpMethod != null) ? httpMethod.name() : null);
+		return new org.springframework.security.web.util.matcher.AntPathRequestMatcher(path,
+				(httpMethod != null) ? httpMethod.name() : null);
 	}
 
 }

spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java

@@ -42,7 +42,6 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.core.annotation.MergedAnnotation;
 import org.springframework.core.annotation.MergedAnnotations;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
@@ -232,12 +231,14 @@ public final class EndpointRequest {
 			return linksMatchers;
 		}
 
+		@SuppressWarnings("removal")
 		protected RequestMatcherProvider getRequestMatcherProvider(WebApplicationContext context) {
 			try {
 				return getRequestMatcherProviderBean(context);
 			}
 			catch (NoSuchBeanDefinitionException ex) {
-				return (pattern, method) -> new AntPathRequestMatcher(pattern, (method != null) ? method.name() : null);
+				return (pattern, method) -> new org.springframework.security.web.util.matcher.AntPathRequestMatcher(
+						pattern, (method != null) ? method.name() : null);
 			}
 		}
 

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/PathRequest.java

@@ -24,7 +24,6 @@ import org.springframework.boot.autoconfigure.h2.H2ConsoleProperties;
 import org.springframework.boot.autoconfigure.security.StaticResourceLocation;
 import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
 import org.springframework.boot.web.context.WebServerApplicationContext;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.web.context.WebApplicationContext;
 
@@ -77,8 +76,10 @@ public final class PathRequest {
 		}
 
 		@Override
+		@SuppressWarnings("removal")
 		protected void initialized(Supplier<H2ConsoleProperties> h2ConsoleProperties) {
-			this.delegate = new AntPathRequestMatcher(h2ConsoleProperties.get().getPath() + "/**");
+			this.delegate = new org.springframework.security.web.util.matcher.AntPathRequestMatcher(
+					h2ConsoleProperties.get().getPath() + "/**");
 		}
 
 		@Override

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/servlet/StaticResourceRequest.java

@@ -28,7 +28,6 @@ import org.springframework.boot.autoconfigure.security.StaticResourceLocation;
 import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletPath;
 import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
 import org.springframework.boot.web.context.WebServerApplicationContext;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.OrRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
@@ -135,8 +134,10 @@ public final class StaticResourceRequest {
 			this.delegate = new OrRequestMatcher(getDelegateMatchers(dispatcherServletPath.get()).toList());
 		}
 
+		@SuppressWarnings("removal")
 		private Stream<RequestMatcher> getDelegateMatchers(DispatcherServletPath dispatcherServletPath) {
-			return getPatterns(dispatcherServletPath).map(AntPathRequestMatcher::new);
+			return getPatterns(dispatcherServletPath)
+				.map(org.springframework.security.web.util.matcher.AntPathRequestMatcher::new);
 		}
 
 		private Stream<String> getPatterns(DispatcherServletPath dispatcherServletPath) {

spring-boot-project/spring-boot-dependencies/build.gradle

@@ -2362,7 +2362,7 @@ bom {
 			releaseNotes("https://github.com/spring-projects/spring-retry/releases/tag/v{version}")
 		}
 	}
-	library("Spring Security", "6.5.0-M3") {
+	library("Spring Security", "6.5.0-SNAPSHOT") {
 		considerSnapshots()
 		group("org.springframework.security") {
 			bom("spring-security-bom")

spring-boot-project/spring-boot-devtools/src/main/java/org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java

@@ -25,7 +25,6 @@ import org.springframework.core.annotation.Order;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.CsrfConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 /**
  * Spring Security configuration that allows anonymous access to the remote devtools
@@ -46,9 +45,10 @@ class RemoteDevtoolsSecurityConfiguration {
 	}
 
 	@Bean
+	@SuppressWarnings("removal")
 	@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
 	SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) throws Exception {
-		http.securityMatcher(new AntPathRequestMatcher(this.url));
+		http.securityMatcher(new org.springframework.security.web.util.matcher.AntPathRequestMatcher(this.url));
 		http.authorizeHttpRequests((requests) -> requests.anyRequest().anonymous());
 		http.csrf(CsrfConfigurer::disable);
 		return http.build();

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java

@@ -58,6 +58,7 @@ public class SecurityConfiguration {
 	}
 
 	@Bean
+	@SuppressWarnings("removal")
 	SecurityFilterChain configure(HttpSecurity http, HandlerMappingIntrospector handlerMappingIntrospector)
 			throws Exception {
 		http.authorizeHttpRequests((requests) -> {