Merge branch '6.1.x' into 6.2.x

docs/modules/ROOT/pages/servlet/configuration/java.adoc

@@ -112,7 +112,7 @@ public class SecurityWebApplicationInitializer
 }
 ----
 
-This onlys register the `springSecurityFilterChain` for every URL in your application.
+This only registers the `springSecurityFilterChain` for every URL in your application.
 After that, we need to ensure that `WebSecurityConfig` was loaded in our existing `ApplicationInitializer`.
 For example, if we use Spring MVC it is added in the `getServletConfigClasses()`:
 
@@ -131,7 +131,7 @@ public class MvcWebApplicationInitializer extends
 }
 ----
 
-The reason for this is that Spring Security needs to be able to inspect some Spring MVC configuration in order to appropriately configure xref:servlet/authorization/authorize-http-requests.adoc#_request_matchers[underlying request matchers], so they need to be in the same application context.
+The reason for this is that Spring Security needs to be able to inspect some Spring MVC configuration in order to appropriately configure xref:servlet/authorization/authorize-http-requests.adoc#authorizing-endpoints[underlying request matchers], so they need to be in the same application context.
 Placing Spring Security in `getRootConfigClasses` places it into a parent application context that may not be able to find Spring MVC's `HandlerMappingIntrospector`.
 
 ==== Configuring for Multiple Spring MVC Dispatchers
@@ -203,7 +203,7 @@ Note that this configuration is parallels the XML Namespace configuration:
 
 We can configure multiple `HttpSecurity` instances just as we can have multiple `<http>` blocks in XML.
 The key is to register multiple `SecurityFilterChain` ``@Bean``s.
-The following example has a different configuration for URL's that start with `/api/`.
+The following example has a different configuration for URLs that start with `/api/`.
 
 [source,java]
 ----
@@ -224,7 +224,7 @@ public class MultiHttpSecurityConfig {
 	@Order(1)                                                        <2>
 	public SecurityFilterChain apiFilterChain(HttpSecurity http) throws Exception {
 		http
-			.securityMatcher("/api/**")                                   <3>
+			.securityMatcher("/api/**")                              <3>
 			.authorizeHttpRequests(authorize -> authorize
 				.anyRequest().hasRole("ADMIN")
 			)

docs/modules/ROOT/pages/servlet/configuration/kotlin.adoc

@@ -1,6 +1,7 @@
 
 [[kotlin-config]]
 = Kotlin Configuration
+
 Spring Security Kotlin configuration has been available since Spring Security 5.3.
 It lets users configure Spring Security by using a native Kotlin DSL.
 
@@ -23,19 +24,19 @@ import org.springframework.security.config.annotation.web.invoke
 
 @Bean
 open fun filterChain(http: HttpSecurity): SecurityFilterChain {
-   http {
+    http {
         authorizeHttpRequests {
             authorize(anyRequest, authenticated)
         }
-       formLogin { }
-       httpBasic { }
+        formLogin { }
+        httpBasic { }
     }
     return http.build()
 }
 ----
 
 [NOTE]
-Make sure that import the `invoke` function in your class, sometimes the IDE will not auto-import it causing compilation issues.
+Make sure to import the `invoke` function in your class, as the IDE will not always auto-import the method, causing compilation issues.
 
 The default configuration (shown in the preceding listing):
 
@@ -43,7 +44,7 @@ The default configuration (shown in the preceding listing):
 * Lets users authenticate with form-based login
 * Lets users authenticate with HTTP Basic authentication
 
-Note that this configuration is parallels the XML namespace configuration:
+Note that this configuration parallels the XML namespace configuration:
 
 [source,xml]
 ----
@@ -58,13 +59,13 @@ Note that this configuration is parallels the XML namespace configuration:
 
 We can configure multiple `HttpSecurity` instances, just as we can have multiple `<http>` blocks.
 The key is to register multiple `SecurityFilterChain` ``@Bean``s.
-The following example has a different configuration for URL's that start with `/api/`:
+The following example has a different configuration for URLs that start with `/api/`:
 
 [source,kotlin]
 ----
-@Configuration
 import org.springframework.security.config.annotation.web.invoke
 
+@Configuration
 @EnableWebSecurity
 class MultiHttpSecurityConfig {
     @Bean                                                            <1>
@@ -104,7 +105,7 @@ class MultiHttpSecurityConfig {
 
 <1> Configure Authentication as usual.
 <2> Create an instance of `SecurityFilterChain` that contains `@Order` to specify which `SecurityFilterChain` should be considered first.
-<3> The `http.antMatcher` states that this `HttpSecurity` is applicable only to URLs that start with `/api/`
+<3> The `http.securityMatcher` states that this `HttpSecurity` is applicable only to URLs that start with `/api/`
 <4> Create another instance of `SecurityFilterChain`.
 If the URL does not start with `/api/`, this configuration is used.
 This configuration is considered after `apiFilterChain`, since it has an `@Order` value after `1` (no `@Order` defaults to last).