5 months ago · 59f08e861e
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -3706,8 +3706,8 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
 
				 	 * {@link #securityMatcher(String...)}, {@link #securityMatchers(Customizer)} and
			
 
				 	 * {@link #securityMatchers()}
			
 
				 	 * </p>
			
 
				-	 * @param requestMatcher the {@link RequestMatcher} to use (i.e. new
			
 
				-	 * AntPathRequestMatcher("/admin/**","GET") )
			
 
				+	 * @param requestMatcher the {@link RequestMatcher} to use, for example,
			
 
				+	 * {@code PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GET, "/admin/**")}
			
 
				 	 * @return the {@link HttpSecurity} for further customizations
			
 
				 	 * @see #securityMatcher(String...)
			
 
				 	 */
			
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurer.java
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2024 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -145,7 +145,7 @@ public final class LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 
				 	 * (i.e. log out) to protect against
			
 
				 	 * <a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">CSRF
			
 
				 	 * attacks</a>. If you really want to use an HTTP GET, you can use
			
 
				-	 * <code>logoutRequestMatcher(new AntPathRequestMatcher(logoutUrl, "GET"));</code>
			
 
				+	 * <code>logoutRequestMatcher(PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.GEt, logoutUrl));</code>
			
 
				 	 * </p>
			
 
				 	 * @param logoutUrl the URL that will invoke logout.
			
 
				 	 * @return the {@link LogoutConfigurer} for further customization
			
--- a/config/src/main/kotlin/org/springframework/security/config/annotation/web/HttpSecurityDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/HttpSecurityDsl.kt
@@ -1,5 +1,5 @@
 
				 /*
			
 
				- * Copyright 2002-2024 the original author or authors.
			
 
				+ * Copyright 2002-2025 the original author or authors.
			
 
				  *
			
 
				  * Licensed under the Apache License, Version 2.0 (the "License");
			
 
				  * you may not use this file except in compliance with the License.
			
@@ -192,7 +192,7 @@ class HttpSecurityDsl(private val http: HttpSecurity, private val init: HttpSecu
 
				      *     @Bean
			
 
				      *     fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
			
 
				      *         http {
			
 
				-     *             securityMatcher(AntPathRequestMatcher("/private/&ast;&ast;"))
			
 
				+     *             securityMatcher(PathPatternRequestMatcher.withDefaults().matcher("/private/&ast;&ast;"))
			
 
				      *             formLogin {
			
 
				      *                 loginPage = "/log-in"
			
 
				      *             }