diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java index 2927deb825..4e955e3688 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurer.java @@ -50,7 +50,8 @@ import org.springframework.security.web.csrf.CsrfToken; * *

Shared Objects Created

* - * No shared objects are created. isLogoutRequest + * No shared objects are created. + * *

Shared Objects Used

* * The following shared objects are used: diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java index 64f2f30aef..10e9c36ff9 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java @@ -48,8 +48,9 @@ import org.springframework.util.Assert; *

* * 
- * protected void configure(HttpSecurity http) throws Exception {
- * 	http.apply(new UrlAuthorizationConfigurer<HttpSecurity>()).getRegistry()
+ * @Bean
+ * public SecurityFilterChain filterChain(HttpSecurity http, ApplicationContext context) throws Exception {
+ * 	http.apply(new UrlAuthorizationConfigurer<HttpSecurity>(context)).getRegistry()
  * 			.requestMatchers("/users**", "/sessions/**").hasRole("USER")
  * 			.requestMatchers("/signup").hasRole("ANONYMOUS").anyRequest().hasRole("USER");
  * }
@@ -201,24 +202,22 @@ public final class UrlAuthorizationConfigurer>
 			setApplicationContext(context);
 		}
 
+		/**
+		 * @deprecated use {@link #requestMatchers(HttpMethod, String...)} instead
+		 */
 		@Override
-		public AuthorizedUrl requestMatchers(String... patterns) {
-			return super.requestMatchers(patterns);
-		}
-
-		@Override
-		public AuthorizedUrl requestMatchers(HttpMethod method, String... patterns) {
-			return super.requestMatchers(method, patterns);
-		}
-
-		@Override
-		public AuthorizedUrl requestMatchers(HttpMethod method) {
-			return super.requestMatchers(method);
+		@Deprecated
+		public MvcMatchersAuthorizedUrl mvcMatchers(HttpMethod method, String... mvcPatterns) {
+			return new MvcMatchersAuthorizedUrl(createMvcMatchers(method, mvcPatterns));
 		}
 
+		/**
+		 * @deprecated use {@link #requestMatchers(String...)} instead
+		 */
 		@Override
-		public AuthorizedUrl requestMatchers(RequestMatcher... requestMatchers) {
-			return super.requestMatchers(requestMatchers);
+		@Deprecated
+		public MvcMatchersAuthorizedUrl mvcMatchers(String... patterns) {
+			return mvcMatchers(null, patterns);
 		}
 
 		@Override
@@ -243,6 +242,32 @@ public final class UrlAuthorizationConfigurer>
 
 	}
 
+	/**
+	 * An {@link AuthorizedUrl} that allows optionally configuring the
+	 * {@link MvcRequestMatcher#setMethod(HttpMethod)}
+	 *
+	 * @author Rob Winch
+	 */
+	public final class MvcMatchersAuthorizedUrl extends AuthorizedUrl {
+
+		/**
+		 * Creates a new instance
+		 * @param requestMatchers the {@link RequestMatcher} instances to map
+		 */
+		private MvcMatchersAuthorizedUrl(List requestMatchers) {
+			super(requestMatchers);
+		}
+
+		@SuppressWarnings("unchecked")
+		public AuthorizedUrl servletPath(String servletPath) {
+			for (MvcRequestMatcher matcher : (List) getMatchers()) {
+				matcher.setServletPath(servletPath);
+			}
+			return this;
+		}
+
+	}
+
 	/**
 	 * Maps the specified {@link RequestMatcher} instances to {@link ConfigAttribute}
 	 * instances.
diff --git a/docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc b/docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc
index 660cb66c4f..35321d00ae 100644
--- a/docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc
+++ b/docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc
@@ -248,7 +248,7 @@ public class TenantJWSKeySelector
 	}
 
 	private JWSKeySelector fromTenant(String tenant) {
-		return Optional.ofNullable(this.tenantRepository.findById(tenant)) <3>
+		return Optional.ofNullable(this.tenants.findById(tenant)) <3>
 		        .map(t -> t.getAttrbute("jwks_uri"))
 				.map(this::fromUri)
 				.orElseThrow(() -> new IllegalArgumentException("unknown tenant"));