SEC-2202: http.authorizeUrls() to http.authorizeRequests()

This change is more meaningful since the requests can be matched on
anything not just the URL

config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java

@@ -88,7 +88,7 @@ import org.springframework.util.Assert;
  *     @Override
  *     protected void configure(HttpSecurity http) throws Exception {
  *         http
- *             .authorizeUrls()
+ *             .authorizeRequests()
  *                 .antMatchers("/**").hasRole("USER")
  *                 .and()
  *             .formLogin();
@@ -148,7 +148,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .openidLogin()
@@ -180,7 +180,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .openidLogin()
@@ -259,7 +259,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .anyRequest().hasRole(&quot;USER&quot;)
      *                 .and()
      *            .formLogin()
@@ -330,7 +330,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .formLogin()
@@ -379,7 +379,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             // Example jee() configuration
@@ -454,7 +454,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             // Example x509() configuration
@@ -497,7 +497,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .formLogin()
@@ -534,7 +534,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .formLogin();
@@ -568,7 +568,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
@@ -596,7 +596,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *
      * <pre>
      * http
-     *     .authorizeUrls()
+     *     .authorizeRequests()
      *         .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *         .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
      * </pre>
@@ -606,7 +606,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      * @return
      * @throws Exception
      */
-    public ExpressionUrlAuthorizationConfigurer<HttpSecurity> authorizeUrls() throws Exception {
+    public ExpressionUrlAuthorizationConfigurer<HttpSecurity> authorizeRequests() throws Exception {
         return getOrApply(new ExpressionUrlAuthorizationConfigurer<HttpSecurity>());
     }
 
@@ -681,7 +681,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .formLogin()
@@ -733,7 +733,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .formLogin()
@@ -766,7 +766,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .formLogin()
@@ -815,7 +815,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .formLogin();
@@ -843,7 +843,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .formLogin()
@@ -894,7 +894,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;)
      *                 .and()
      *             .formLogin()
@@ -941,7 +941,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *     &#064;Override
      *     protected void configure(HttpSecurity http) throws Exception {
      *         http
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and()
      *                 .httpBasic();
      *     }
@@ -1061,7 +1061,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *             .requestMatchers()
      *                 .antMatchers("/api/**","/oauth/**")
      *                 .and()
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and()
      *                 .httpBasic();
      *     }
@@ -1092,7 +1092,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *                 .antMatchers("/api/**")
      *                 .antMatchers("/oauth/**")
      *                 .and()
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and()
      *                 .httpBasic();
      *     }
@@ -1125,7 +1125,7 @@ public final class HttpSecurity extends AbstractConfiguredSecurityBuilder<Defaul
      *             .requestMatchers()
      *                 .antMatchers("/oauth/**")
      *                 .and()
-     *             .authorizeUrls()
+     *             .authorizeRequests()
      *                 .antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and()
      *                 .httpBasic();
      *     }

config/src/main/java/org/springframework/security/config/annotation/web/configuration/EnableWebSecurity.java

@@ -45,7 +45,7 @@ import org.springframework.security.config.annotation.web.WebSecurityConfigurer;
  *    @Override
  *    protected void configure(HttpSecurity http) throws Exception {
  *        http
- *            .authorizeUrls()
+ *            .authorizeRequests()
  *                .antMatchers("/public/**").permitAll()
  *                .anyRequest().hasRole("USER")
  *                .and()

config/src/main/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter.java

@@ -282,7 +282,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
      *
      * <pre>
      * http
-     *     .authorizeUrls()
+     *     .authorizeRequests()
      *         .anyRequest().authenticated().and()
      *     .formLogin().and()
      *     .httpBasic();
@@ -297,7 +297,7 @@ public abstract class WebSecurityConfigurerAdapter implements SecurityConfigurer
         logger.debug("Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");
 
         http
-            .authorizeUrls()
+            .authorizeRequests()
                 .anyRequest().authenticated()
                 .and()
             .formLogin().and()

config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java

@@ -65,7 +65,7 @@ import org.springframework.util.StringUtils;
  *
  * @author Rob Winch
  * @since 3.2
- * @see {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeUrls()}
+ * @see {@link org.springframework.security.config.annotation.web.builders.HttpSecurity#authorizeRequests()}
  */
 public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractInterceptUrlConfigurer<H,ExpressionUrlAuthorizationConfigurer<H>,ExpressionUrlAuthorizationConfigurer<H>.AuthorizedUrl> {
     static final String permitAll = "permitAll";
@@ -79,7 +79,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 
     /**
      * Creates a new instance
-     * @see HttpSecurity#authorizeUrls()
+     * @see HttpSecurity#authorizeRequests()
      */
     public ExpressionUrlAuthorizationConfigurer() {
     }
@@ -114,7 +114,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
     final ExpressionBasedFilterInvocationSecurityMetadataSource createMetadataSource() {
         LinkedHashMap<RequestMatcher, Collection<ConfigAttribute>> requestMap = createRequestMap();
         if(requestMap.isEmpty()) {
-            throw new IllegalStateException("At least one mapping is required (i.e. authorizeUrls().anyRequest.authenticated())");
+            throw new IllegalStateException("At least one mapping is required (i.e. authorizeRequests().anyRequest.authenticated())");
         }
         return new ExpressionBasedFilterInvocationSecurityMetadataSource(requestMap, expressionHandler);
     }

config/src/main/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupport.java

@@ -36,7 +36,7 @@ final class PermitAllSupport {
         ExpressionUrlAuthorizationConfigurer<?> configurer = http.getConfigurer(ExpressionUrlAuthorizationConfigurer.class);
 
         if(configurer == null) {
-            throw new IllegalStateException("permitAll only works with HttpSecurity.authorizeUrls()");
+            throw new IllegalStateException("permitAll only works with HttpSecurity.authorizeRequests()");
         }
 
         for(String url : urls) {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurer.java

@@ -64,7 +64,7 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageViewFi
  * 	@Override
  * 	protected void configure(HttpSecurity http) {
  * 		http
- * 			.authorizeUrls()
+ * 			.authorizeRequests()
  * 				.antMatchers("/**").hasRole("USER")
  * 				.and()
  * 			.openidLogin()

config/src/test/groovy/org/springframework/security/config/annotation/web/SampleWebSecurityConfigurerAdapterTests.groovy

@@ -169,7 +169,7 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseWebSpecuritySpe
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .antMatchers("/signup","/about").permitAll()
                     .anyRequest().hasRole("USER")
                     .and()
@@ -290,7 +290,7 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseWebSpecuritySpe
             protected void configure(HttpSecurity http) throws Exception {
                 http
                     .antMatcher("/api/**")
-                    .authorizeUrls()
+                    .authorizeRequests()
                         .antMatchers("/api/admin/**").hasRole("ADMIN")
                         .antMatchers("/api/**").hasRole("USER")
                         .and()
@@ -310,7 +310,7 @@ public class SampleWebSecurityConfigurerAdapterTests extends BaseWebSpecuritySpe
             @Override
             protected void configure(HttpSecurity http) throws Exception {
                 http
-                    .authorizeUrls()
+                    .authorizeRequests()
                         .antMatchers("/signup","/about").permitAll()
                         .anyRequest().hasRole("USER")
                         .and()

config/src/test/groovy/org/springframework/security/config/annotation/web/WebSecurityConfigurerAdapterTestsConfigs.java

@@ -42,7 +42,7 @@ public class WebSecurityConfigurerAdapterTestsConfigs {
         protected void configure(HttpSecurity http) throws Exception {
             http
                 .antMatcher("/role1/**")
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("1");
         }
 

config/src/test/groovy/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.groovy

@@ -113,7 +113,7 @@ public class HttpSecurityTests extends BaseSpringSpec {
                   .antMatchers("/api/**")
                   .antMatchers("/oauth/**")
                   .and()
-              .authorizeUrls()
+              .authorizeRequests()
                   .antMatchers("/**").hasRole("USER")
                   .and()
               .httpBasic()

config/src/test/groovy/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.groovy

@@ -77,7 +77,7 @@ public class NamespaceHttpTests extends BaseSpringSpec {
 
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().permitAll()
                     .accessDecisionManager(ACCESS_DECISION_MGR)
         }
@@ -118,7 +118,7 @@ public class NamespaceHttpTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER");
         }
 
@@ -301,7 +301,7 @@ public class NamespaceHttpTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER");
         }
     }
@@ -318,7 +318,7 @@ public class NamespaceHttpTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http.
-                authorizeUrls()
+                authorizeRequests()
                     .filterSecurityInterceptorOncePerRequest(false)
                     .antMatchers("/users**","/sessions/**").hasRole("ADMIN")
                     .antMatchers("/signup").permitAll()
@@ -482,7 +482,7 @@ public class NamespaceHttpTests extends BaseSpringSpec {
     static class UseExpressionsConfig extends BaseWebConfig {
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .antMatchers("/users**","/sessions/**").hasRole("USER")
                     .antMatchers("/signup").permitAll()
                     .anyRequest().hasRole("USER")

config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/EnableWebSecurityTests.groovy

@@ -62,7 +62,7 @@ class EnableWebSecurityTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .antMatchers("/*").hasRole("USER")
                     .and()
                 .formLogin();

config/src/test/groovy/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy

@@ -87,7 +87,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
             protected void configure(HttpSecurity http) throws Exception {
                 http
                     .antMatcher("/role1/**")
-                    .authorizeUrls()
+                    .authorizeRequests()
                         .anyRequest().hasRole("1");
             }
         }
@@ -99,7 +99,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
             protected void configure(HttpSecurity http) throws Exception {
                 http
                     .antMatcher("/role2/**")
-                        .authorizeUrls()
+                        .authorizeRequests()
                             .anyRequest().hasRole("2");
             }
         }
@@ -111,7 +111,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
             protected void configure(HttpSecurity http) throws Exception {
                 http
                     .antMatcher("/role3/**")
-                    .authorizeUrls()
+                    .authorizeRequests()
                         .anyRequest().hasRole("3");
             }
         }
@@ -122,7 +122,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
             @Override
             protected void configure(HttpSecurity http) throws Exception {
                 http
-                    .authorizeUrls()
+                    .authorizeRequests()
                         .anyRequest().hasRole("4");
             }
         }
@@ -155,7 +155,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
             protected void configure(HttpSecurity http) throws Exception {
                 http
                     .antMatcher("/role1/**")
-                    .authorizeUrls()
+                    .authorizeRequests()
                         .anyRequest().hasRole("1");
             }
         }
@@ -166,7 +166,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
             protected void configure(HttpSecurity http) throws Exception {
                 http
                     .antMatcher("/role2/**")
-                    .authorizeUrls()
+                    .authorizeRequests()
                         .anyRequest().hasRole("2");
             }
         }
@@ -232,7 +232,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().authenticated()
         }
     }
@@ -253,7 +253,7 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().authenticated()
         }
     }

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.groovy

@@ -130,7 +130,7 @@ class DefaultFiltersTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER");
         }
     }

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.groovy

@@ -134,7 +134,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()
@@ -159,7 +159,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .logout()
@@ -187,7 +187,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .logout()
@@ -222,7 +222,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()
@@ -252,7 +252,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .openidLogin()
@@ -289,7 +289,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .rememberMe()
@@ -315,7 +315,7 @@ public class DefaultLoginPageConfigurerTests extends BaseSpringSpec {
                 .exceptionHandling()
                     .authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.groovy

@@ -110,7 +110,7 @@ class ExceptionHandlingConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().authenticated()
                     .and()
                 .httpBasic()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationsTests.groovy

@@ -54,7 +54,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
             e.message == "role should not start with 'ROLE_' since it is automatically inserted. Got 'ROLE_USER'"
     }
 
-    def "authorizeUrls() uses AffirmativeBased AccessDecisionManager"() {
+    def "authorizeRequests() uses AffirmativeBased AccessDecisionManager"() {
         when: "Load Config with no specific AccessDecisionManager"
             loadConfig(NoSpecificAccessDecessionManagerConfig)
         then: "AccessDecessionManager matches the HttpSecurityBuilder's default"
@@ -66,17 +66,17 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     static class NoSpecificAccessDecessionManagerConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
         }
     }
 
-    def "authorizeUrls() no requests"() {
+    def "authorizeRequests() no requests"() {
         when: "Load Config with no requests"
             loadConfig(NoRequestsConfig)
         then: "A meaningful exception is thrown"
             BeanCreationException success = thrown()
-            success.message.contains "At least one mapping is required (i.e. authorizeUrls().anyRequest.authenticated())"
+            success.message.contains "At least one mapping is required (i.e. authorizeRequests().anyRequest.authenticated())"
     }
 
     @EnableWebSecurity
@@ -84,11 +84,11 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     static class NoRequestsConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
         }
     }
 
-    def "authorizeUrls() incomplete mapping"() {
+    def "authorizeRequests() incomplete mapping"() {
         when: "Load Config with incomplete mapping"
             loadConfig(IncompleteMappingConfig)
         then: "A meaningful exception is thrown"
@@ -101,13 +101,13 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
     static class IncompleteMappingConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .antMatchers("/a").authenticated()
                     .anyRequest()
         }
     }
 
-    def "authorizeUrls() hasAuthority"() {
+    def "authorizeRequests() hasAuthority"() {
         setup:
             loadConfig(HasAuthorityConfig)
         when:
@@ -135,12 +135,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
             http
                 .httpBasic()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasAuthority("ROLE_USER")
         }
     }
 
-    def "authorizeUrls() hasAnyAuthority"() {
+    def "authorizeRequests() hasAnyAuthority"() {
         setup:
             loadConfig(HasAnyAuthorityConfig)
         when:
@@ -174,12 +174,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
             http
                 .httpBasic()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasAnyAuthority("ROLE_ADMIN","ROLE_DBA")
         }
     }
 
-    def "authorizeUrls() hasIpAddress"() {
+    def "authorizeRequests() hasIpAddress"() {
         setup:
             loadConfig(HasIpAddressConfig)
         when:
@@ -202,12 +202,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
             http
                 .httpBasic()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasIpAddress("192.168.1.0")
         }
     }
 
-    def "authorizeUrls() anonymous"() {
+    def "authorizeRequests() anonymous"() {
         setup:
             loadConfig(AnonymousConfig)
         when:
@@ -229,12 +229,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
             http
                 .httpBasic()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().anonymous()
         }
     }
 
-    def "authorizeUrls() rememberMe"() {
+    def "authorizeRequests() rememberMe"() {
         setup:
             loadConfig(RememberMeConfig)
         when:
@@ -258,7 +258,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
                     .and()
                 .httpBasic()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().rememberMe()
         }
 
@@ -271,7 +271,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
         }
     }
 
-    def "authorizeUrls() denyAll"() {
+    def "authorizeRequests() denyAll"() {
         setup:
             loadConfig(DenyAllConfig)
         when:
@@ -293,12 +293,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
             http
                 .httpBasic()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().denyAll()
         }
     }
 
-    def "authorizeUrls() not denyAll"() {
+    def "authorizeRequests() not denyAll"() {
         setup:
             loadConfig(NotDenyAllConfig)
         when:
@@ -320,12 +320,12 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
             http
                 .httpBasic()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().not().denyAll()
         }
     }
 
-    def "authorizeUrls() fullyAuthenticated"() {
+    def "authorizeRequests() fullyAuthenticated"() {
         setup:
             loadConfig(FullyAuthenticatedConfig)
         when:
@@ -355,7 +355,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
                     .and()
                 .httpBasic()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().fullyAuthenticated()
         }
 
@@ -368,7 +368,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
         }
     }
 
-    def "authorizeUrls() access"() {
+    def "authorizeRequests() access"() {
         setup:
             loadConfig(AccessConfig)
         when:
@@ -399,7 +399,7 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
                     .and()
                 .httpBasic()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().access("hasRole('ROLE_USER') or request.method == 'GET'")
         }
 
@@ -430,10 +430,10 @@ public class ExpressionUrlAuthorizationConfigurerTests extends BaseSpringSpec {
             http
                 .httpBasic()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().authenticated()
                     .and()
-                .authorizeUrls()
+                .authorizeRequests()
         }
 
         @Override

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.groovy

@@ -99,7 +99,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()
@@ -131,7 +131,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()
@@ -155,7 +155,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()
@@ -187,7 +187,7 @@ class FormLoginConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/Issue55Tests.groovy

@@ -52,7 +52,7 @@ class Issue55Tests extends BaseSpringSpec {
             @Override
             protected void configure(HttpSecurity http) throws Exception {
                 http
-                    .authorizeUrls()
+                    .authorizeRequests()
                         .anyRequest().hasRole("USER");
             }
         }
@@ -84,7 +84,7 @@ class Issue55Tests extends BaseSpringSpec {
             protected void configure(HttpSecurity http) throws Exception {
                 http
                     .antMatcher("/api/**")
-                    .authorizeUrls()
+                    .authorizeRequests()
                         .anyRequest().hasRole("USER");
             }
         }
@@ -93,7 +93,7 @@ class Issue55Tests extends BaseSpringSpec {
             @Override
             protected void configure(HttpSecurity http) throws Exception {
                 http
-                    .authorizeUrls()
+                    .authorizeRequests()
                         .anyRequest().hasRole("USER");
             }
         }

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.groovy

@@ -47,7 +47,7 @@ public class NamespaceHttpAnonymousTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER");
         }
     }
@@ -98,7 +98,7 @@ public class NamespaceHttpAnonymousTests extends BaseSpringSpec {
     static class AnonymousKeyConfig extends BaseWebConfig {
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .anonymous().key("AnonymousKeyConfig")
@@ -120,7 +120,7 @@ public class NamespaceHttpAnonymousTests extends BaseSpringSpec {
     static class AnonymousUsernameConfig extends BaseWebConfig {
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .anonymous().principal("AnonymousUsernameConfig")

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.groovy

@@ -76,7 +76,7 @@ public class NamespaceHttpBasicTests extends BaseSpringSpec {
     static class HttpBasicConfig extends BaseWebConfig {
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .httpBasic();
@@ -99,7 +99,7 @@ public class NamespaceHttpBasicTests extends BaseSpringSpec {
     static class CustomHttpBasicConfig extends BaseWebConfig {
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .httpBasic().realmName("Custom Realm");
@@ -150,7 +150,7 @@ public class NamespaceHttpBasicTests extends BaseSpringSpec {
     static class EntryPointRefHttpBasicConfig extends BaseWebConfig {
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .httpBasic()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.groovy

@@ -152,7 +152,7 @@ public class NamespaceHttpCustomFilterTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.groovy

@@ -47,7 +47,7 @@ public class NamespaceHttpExpressionHandlerTests extends BaseSpringSpec {
 
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .expressionHandler(EXPRESSION_HANDLER)
                     .antMatchers("/users**","/sessions/**").hasRole("ADMIN")
                     .antMatchers("/signup").permitAll()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.groovy

@@ -79,7 +79,7 @@ public class NamespaceHttpFormLoginTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()
@@ -117,7 +117,7 @@ public class NamespaceHttpFormLoginTests extends BaseSpringSpec {
         protected void configure(HttpSecurity http) throws Exception {
             boolean alwaysUseDefaultSuccess = true;
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.groovy

@@ -138,7 +138,7 @@ public class NamespaceHttpInterceptUrlTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     // the line below is similar to intercept-url@pattern:
                     //    <intercept-url pattern="/users**" access="hasRole('ROLE_ADMIN')"/>
                     //    <intercept-url pattern="/sessions/**" access="hasRole('ROLE_ADMIN')"/>

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.groovy

@@ -99,7 +99,7 @@ public class NamespaceHttpJeeTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .jee()
@@ -126,7 +126,7 @@ public class NamespaceHttpJeeTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .jee()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpOpenIDLoginTests.groovy

@@ -78,7 +78,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
     static class OpenIDLoginConfig extends BaseWebConfig {
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .openidLogin()
@@ -129,7 +129,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
     static class OpenIDLoginAttributeExchangeConfig extends BaseWebConfig {
         protected void configure(HttpSecurity http) {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .openidLogin()
@@ -184,7 +184,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
         protected void configure(HttpSecurity http) throws Exception {
             boolean alwaysUseDefaultSuccess = true;
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .openidLogin()
@@ -218,7 +218,7 @@ public class NamespaceHttpOpenIDLoginTests extends BaseSpringSpec {
 
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .openidLogin()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.groovy

@@ -88,7 +88,7 @@ public class NamespaceHttpPortMappingsTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .portMapper()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.groovy

@@ -103,7 +103,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .x509();
@@ -136,7 +136,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
 
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .x509()
@@ -170,7 +170,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .x509()
@@ -204,7 +204,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .x509()
@@ -238,7 +238,7 @@ public class NamespaceHttpX509Tests extends BaseSpringSpec {
 
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .x509()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.groovy

@@ -112,7 +112,7 @@ public class NamespaceRememberMeTests extends BaseSpringSpec {
     static class RememberMeConfig extends BaseWebConfig {
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.groovy

@@ -46,7 +46,7 @@ class PermitAllSupportTests extends BaseSpringSpec {
             loadConfig(NoAuthorizedUrlsConfig)
         then:
             BeanCreationException e = thrown()
-            e.message.contains "permitAll only works with HttpSecurity.authorizeUrls"
+            e.message.contains "permitAll only works with HttpSecurity.authorizeRequests"
 
     }
 

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.groovy

@@ -45,7 +45,7 @@ public class RememberMeConfigurerTests extends BaseSpringSpec {
     static class NullUserDetailsConfig extends WebSecurityConfigurerAdapter {
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().hasRole("USER")
                     .and()
                 .formLogin()

config/src/test/groovy/org/springframework/security/config/annotation/web/configurers/openid/OpenIDLoginConfigurerTests.groovy

@@ -76,7 +76,7 @@ class OpenIDLoginConfigurerTests extends BaseSpringSpec {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             http
-                .authorizeUrls()
+                .authorizeRequests()
                     .anyRequest().authenticated()
                     .and()
                 .openidLogin()