Web uses AuthorizationManager<? super RequestAuthorizationContext>

This allows AuthorizationManager<Object> to be used instead of just
AuthorizationManager<RequestAuthorizationContext>. In addition, the
code was updated to use
`AuthorizationManagerFactory<? super RequestAuthorizationContext>`

Closes gh-17931

config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java

@@ -60,7 +60,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
 	private final AuthorizationEventPublisher publisher;
 
-	private final AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory;
+	private final AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory;
 
 	private ObjectPostProcessor<AuthorizationManager<HttpServletRequest>> postProcessor = ObjectPostProcessor
 		.identity();
@@ -85,7 +85,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 		provider.ifUnique((postProcessor) -> this.postProcessor = postProcessor);
 	}
 
-	private AuthorizationManagerFactory<RequestAuthorizationContext> getAuthorizationManagerFactory(
+	private AuthorizationManagerFactory<? super RequestAuthorizationContext> getAuthorizationManagerFactory(
 			ApplicationContext context) {
 		ResolvableType authorizationManagerFactoryType = ResolvableType
 			.forClassWithGenerics(AuthorizationManagerFactory.class, RequestAuthorizationContext.class);
@@ -134,7 +134,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 	}
 
 	private AuthorizationManagerRequestMatcherRegistry addMapping(List<? extends RequestMatcher> matchers,
-			AuthorizationManager<RequestAuthorizationContext> manager) {
+			AuthorizationManager<? super RequestAuthorizationContext> manager) {
 		for (RequestMatcher matcher : matchers) {
 			this.registry.addMapping(matcher, manager);
 		}
@@ -166,13 +166,15 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 			setApplicationContext(context);
 		}
 
-		private void addMapping(RequestMatcher matcher, AuthorizationManager<RequestAuthorizationContext> manager) {
+		private void addMapping(RequestMatcher matcher,
+				AuthorizationManager<? super RequestAuthorizationContext> manager) {
 			this.unmappedMatchers = null;
 			this.managerBuilder.add(matcher, manager);
 			this.mappingCount++;
 		}
 
-		private void addFirst(RequestMatcher matcher, AuthorizationManager<RequestAuthorizationContext> manager) {
+		private void addFirst(RequestMatcher matcher,
+				AuthorizationManager<? super RequestAuthorizationContext> manager) {
 			this.unmappedMatchers = null;
 			this.managerBuilder.mappings((m) -> m.add(0, new RequestMatcherEntry<>(matcher, manager)));
 			this.mappingCount++;
@@ -220,7 +222,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 
 		private final List<? extends RequestMatcher> matchers;
 
-		private AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory;
+		private AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory;
 
 		private boolean not;
 
@@ -231,7 +233,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 		 * creating instances of {@link AuthorizationManager}
 		 */
 		AuthorizedUrl(List<? extends RequestMatcher> matchers,
-				AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory) {
+				AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory) {
 			this.matchers = matchers;
 			this.authorizationManagerFactory = authorizationManagerFactory;
 		}
@@ -241,7 +243,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 		}
 
 		void setAuthorizationManagerFactory(
-				AuthorizationManagerFactory<RequestAuthorizationContext> authorizationManagerFactory) {
+				AuthorizationManagerFactory<? super RequestAuthorizationContext> authorizationManagerFactory) {
 			this.authorizationManagerFactory = authorizationManagerFactory;
 		}
 
@@ -403,7 +405,7 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 		 * customizations
 		 */
 		public AuthorizationManagerRequestMatcherRegistry access(
-				AuthorizationManager<RequestAuthorizationContext> manager) {
+				AuthorizationManager<? super RequestAuthorizationContext> manager) {
 			Assert.notNull(manager, "manager cannot be null");
 			return (this.not)
 					? AuthorizeHttpRequestsConfigurer.this.addMapping(this.matchers, AuthorizationManagers.not(manager))

web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java

@@ -55,10 +55,10 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 
 	private final Log logger = LogFactory.getLog(getClass());
 
-	private final List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings;
+	private final List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>> mappings;
 
 	private RequestMatcherDelegatingAuthorizationManager(
-			List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings) {
+			List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>> mappings) {
 		Assert.notEmpty(mappings, "mappings cannot be empty");
 		this.mappings = mappings;
 	}
@@ -69,12 +69,12 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 		if (this.logger.isTraceEnabled()) {
 			this.logger.trace(LogMessage.format("Authorizing %s", requestLine(request)));
 		}
-		for (RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>> mapping : this.mappings) {
+		for (RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>> mapping : this.mappings) {
 
 			RequestMatcher matcher = mapping.getRequestMatcher();
 			MatchResult matchResult = matcher.matcher(request);
 			if (matchResult.isMatch()) {
-				AuthorizationManager<RequestAuthorizationContext> manager = mapping.getEntry();
+				AuthorizationManager<? super RequestAuthorizationContext> manager = mapping.getEntry();
 				if (this.logger.isTraceEnabled()) {
 					this.logger.trace(
 							LogMessage.format("Checking authorization on %s using %s", requestLine(request), manager));
@@ -108,7 +108,7 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 
 		private boolean anyRequestConfigured;
 
-		private final List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings = new ArrayList<>();
+		private final List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>> mappings = new ArrayList<>();
 
 		/**
 		 * Maps a {@link RequestMatcher} to an {@link AuthorizationManager}.
@@ -116,7 +116,7 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 		 * @param manager the {@link AuthorizationManager} to use
 		 * @return the {@link Builder} for further customizations
 		 */
-		public Builder add(RequestMatcher matcher, AuthorizationManager<RequestAuthorizationContext> manager) {
+		public Builder add(RequestMatcher matcher, AuthorizationManager<? super RequestAuthorizationContext> manager) {
 			Assert.state(!this.anyRequestConfigured, "Can't add mappings after anyRequest");
 			Assert.notNull(matcher, "matcher cannot be null");
 			Assert.notNull(manager, "manager cannot be null");
@@ -133,7 +133,7 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 		 * @since 5.7
 		 */
 		public Builder mappings(
-				Consumer<List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>>> mappingsConsumer) {
+				Consumer<List<RequestMatcherEntry<AuthorizationManager<? super RequestAuthorizationContext>>>> mappingsConsumer) {
 			Assert.state(!this.anyRequestConfigured, "Can't configure mappings after anyRequest");
 			Assert.notNull(mappingsConsumer, "mappingsConsumer cannot be null");
 			mappingsConsumer.accept(this.mappings);