spring-projects · vpavic · Jun 6, 2022
diff --git a/...k/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java b/...k/boot/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfiguration.java
@@ -58,7 +58,7 @@ public class ManagementWebSecurityAutoConfiguration {
 	@Bean
 	@Order(SecurityProperties.BASIC_AUTH_ORDER)
 	SecurityFilterChain managementSecurityFilterChain(HttpSecurity http) throws Exception {
-		http.authorizeRequests((requests) -> {
+		http.authorizeHttpRequests((requests) -> {
 			requests.requestMatchers(EndpointRequest.to(HealthEndpoint.class)).permitAll();
 			requests.anyRequest().authenticated();
 		});

diff --git a/.../boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java b/.../boot/actuate/autoconfigure/security/servlet/AbstractEndpointRequestIntegrationTests.java
@@ -183,7 +183,7 @@ org.springframework.security.config.annotation.web.configuration.WebSecurityConf
 
 				@Override
 				protected void configure(HttpSecurity http) throws Exception {
-					http.authorizeRequests((requests) -> {
+					http.authorizeHttpRequests((requests) -> {
 						requests.requestMatchers(EndpointRequest.toLinks()).permitAll();
 						requests.requestMatchers(EndpointRequest.to(TestEndpoint1.class)).permitAll();
 						requests.requestMatchers(EndpointRequest.toAnyEndpoint()).authenticated();

diff --git a/...t/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java b/...t/actuate/autoconfigure/security/servlet/ManagementWebSecurityAutoConfigurationTests.java
@@ -179,7 +179,7 @@ static class CustomSecurityConfiguration
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			http.authorizeRequests((requests) -> {
+			http.authorizeHttpRequests((requests) -> {
 				requests.antMatchers("/foo").permitAll();
 				requests.anyRequest().authenticated();
 			});
@@ -194,7 +194,7 @@ static class TestSecurityFilterChainConfig {
 
 		@Bean
 		SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
-			return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
+			return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
 					.build();
 		}
 
@@ -206,8 +206,8 @@ static class TestRemoteDevToolsSecurityFilterChainConfig extends TestSecurityFil
 		@Bean
 		@Order(SecurityProperties.BASIC_AUTH_ORDER - 1)
 		SecurityFilterChain testRemoteDevToolsSecurityFilterChain(HttpSecurity http) throws Exception {
-			return http.requestMatcher(new AntPathRequestMatcher("/**")).authorizeRequests().anyRequest().anonymous()
-					.and().csrf().disable().build();
+			return http.requestMatcher(new AntPathRequestMatcher("/**")).authorizeHttpRequests().anyRequest()
+					.anonymous().and().csrf().disable().build();
 		}
 
 	}

diff --git a/...ork/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java b/...ork/boot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfiguration.java
@@ -58,7 +58,7 @@ static class OAuth2SecurityFilterChainConfiguration {
 
 		@Bean
 		SecurityFilterChain oauth2SecurityFilterChain(HttpSecurity http) throws Exception {
-			http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
+			http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
 			http.oauth2Login(Customizer.withDefaults());
 			http.oauth2Client();
 			return http.build();

diff --git a/.../autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java b/.../autoconfigure/security/oauth2/resource/servlet/OAuth2ResourceServerJwtConfiguration.java
@@ -153,7 +153,7 @@ static class OAuth2SecurityFilterChainConfiguration {
 		@Bean
 		@ConditionalOnBean(JwtDecoder.class)
 		SecurityFilterChain jwtSecurityFilterChain(HttpSecurity http) throws Exception {
-			http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
+			http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
 			http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
 			return http.build();
 		}

diff --git a/...figure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java b/...figure/security/oauth2/resource/servlet/OAuth2ResourceServerOpaqueTokenConfiguration.java
@@ -60,7 +60,7 @@ static class OAuth2SecurityFilterChainConfiguration {
 		@Bean
 		@ConditionalOnBean(OpaqueTokenIntrospector.class)
 		SecurityFilterChain opaqueTokenSecurityFilterChain(HttpSecurity http) throws Exception {
-			http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
+			http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
 			http.oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
 			return http.build();
 		}

diff --git a/...n/java/org/springframework/boot/autoconfigure/security/saml2/Saml2LoginConfiguration.java b/...n/java/org/springframework/boot/autoconfigure/security/saml2/Saml2LoginConfiguration.java
@@ -37,7 +37,7 @@ class Saml2LoginConfiguration {
 
 	@Bean
 	SecurityFilterChain samlSecurityFilterChain(HttpSecurity http) throws Exception {
-		http.authorizeRequests((requests) -> requests.anyRequest().authenticated()).saml2Login();
+		http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated()).saml2Login();
 		http.saml2Logout();
 		return http.build();
 	}

diff --git a/...ringframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java b/...ringframework/boot/autoconfigure/security/servlet/SpringBootWebSecurityConfiguration.java
@@ -54,7 +54,7 @@ static class SecurityFilterChainConfiguration {
 		@Bean
 		@Order(SecurityProperties.BASIC_AUTH_ORDER)
 		SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
-			http.authorizeRequests().anyRequest().authenticated();
+			http.authorizeHttpRequests().anyRequest().authenticated();
 			http.formLogin();
 			http.httpBasic();
 			return http.build();

diff --git a/...work/boot/autoconfigure/graphql/security/GraphQlWebMvcSecurityAutoConfigurationTests.java b/...work/boot/autoconfigure/graphql/security/GraphQlWebMvcSecurityAutoConfigurationTests.java
@@ -160,7 +160,7 @@ DefaultSecurityFilterChain springWebFilterChain(HttpSecurity http) throws Except
 			return http.csrf((c) -> c.disable())
 					// Demonstrate that method security works
 					// Best practice to use both for defense in depth
-					.authorizeRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults())
+					.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults())
 					.build();
 		}
 

diff --git a/...oot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfigurationTests.java b/...oot/autoconfigure/security/oauth2/client/servlet/OAuth2WebSecurityConfigurationTests.java
@@ -241,7 +241,7 @@ static class TestSecurityFilterChainConfig {
 
 		@Bean
 		SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
-			return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
+			return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
 					.build();
 
 		}

diff --git a/...onfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java b/...onfigure/security/oauth2/resource/servlet/OAuth2ResourceServerAutoConfigurationTests.java
@@ -692,7 +692,7 @@ static class TestSecurityFilterChainConfig {
 
 		@Bean
 		SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
-			return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
+			return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
 					.build();
 		}
 

diff --git a/...gframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java b/...gframework/boot/autoconfigure/security/saml2/Saml2RelyingPartyAutoConfigurationTests.java
@@ -321,7 +321,7 @@ static class TestSecurityFilterChainConfig {
 
 		@Bean
 		SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
-			return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
+			return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
 					.build();
 		}
 

diff --git a/...g/springframework/boot/autoconfigure/security/servlet/SecurityAutoConfigurationTests.java b/...g/springframework/boot/autoconfigure/security/servlet/SecurityAutoConfigurationTests.java
@@ -298,7 +298,7 @@ static class TestSecurityFilterChainConfig {
 
 		@Bean
 		SecurityFilterChain testSecurityFilterChain(HttpSecurity http) throws Exception {
-			return http.antMatcher("/**").authorizeRequests((authorize) -> authorize.anyRequest().authenticated())
+			return http.antMatcher("/**").authorizeHttpRequests((authorize) -> authorize.anyRequest().authenticated())
 					.build();
 
 		}

diff --git a/.../org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java b/.../org/springframework/boot/devtools/autoconfigure/RemoteDevtoolsSecurityConfiguration.java
@@ -50,7 +50,7 @@ class RemoteDevtoolsSecurityConfiguration {
 	@ConditionalOnMissingBean(org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.class)
 	@SuppressWarnings("deprecation")
 	SecurityFilterChain devtoolsSecurityFilterChain(HttpSecurity http) throws Exception {
-		http.requestMatcher(new AntPathRequestMatcher(this.url)).authorizeRequests().anyRequest().anonymous().and()
+		http.requestMatcher(new AntPathRequestMatcher(this.url)).authorizeHttpRequests().anyRequest().anonymous().and()
 				.csrf().disable();
 		return http.build();
 	}

diff --git a/...org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfigurationTests.java b/...org/springframework/boot/devtools/autoconfigure/RemoteDevToolsAutoConfigurationTests.java
@@ -277,7 +277,7 @@ static class TestWebSecurityConfigurerAdapter
 
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
-			http.antMatcher("/foo/**").authorizeRequests().anyRequest().authenticated().and().httpBasic();
+			http.antMatcher("/foo/**").authorizeHttpRequests().anyRequest().authenticated().and().httpBasic();
 		}
 
 	}

diff --git a/...ingframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java b/...ingframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.java
@@ -28,7 +28,7 @@ public class MySecurityConfiguration {
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 		http.requestMatcher(EndpointRequest.toAnyEndpoint());
-		http.authorizeRequests((requests) -> requests.anyRequest().permitAll());
+		http.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll());
 		return http.build();
 	}
 

diff --git a/...pringframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java b/...pringframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.java
@@ -30,7 +30,7 @@ public class MySecurityConfiguration {
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 		http.requestMatcher(EndpointRequest.toAnyEndpoint());
-		http.authorizeRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
+		http.authorizeHttpRequests((requests) -> requests.anyRequest().hasRole("ENDPOINT_ADMIN"));
 		http.httpBasic(withDefaults());
 		return http.build();
 	}

diff --git a/...ework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java b/...ework/boot/docs/data/sql/h2webconsole/springsecurity/DevProfileSecurityConfiguration.java
@@ -34,7 +34,7 @@ public class DevProfileSecurityConfiguration {
 	@Order(Ordered.HIGHEST_PRECEDENCE)
 	SecurityFilterChain h2ConsoleSecurityFilterChain(HttpSecurity http) throws Exception {
 		http.requestMatcher(PathRequest.toH2Console());
-		http.authorizeRequests(yourCustomAuthorization());
+		http.authorizeHttpRequests(yourCustomAuthorization());
 		http.csrf((csrf) -> csrf.disable());
 		http.headers((headers) -> headers.frameOptions().sameOrigin());
 		return http.build();

diff --git a/...src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MyConfiguration.java b/...src/main/java/org/springframework/boot/docs/howto/testing/slicetests/MyConfiguration.java
@@ -30,7 +30,7 @@ public class MyConfiguration {
 
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-		http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
+		http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
 		return http.build();
 	}
 

diff --git a/.../java/org/springframework/boot/docs/howto/testing/slicetests/MySecurityConfiguration.java b/.../java/org/springframework/boot/docs/howto/testing/slicetests/MySecurityConfiguration.java
@@ -26,7 +26,7 @@ public class MySecurityConfiguration {
 
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-		http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
+		http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
 		return http.build();
 	}
 

diff --git a/.../org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java b/.../org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.java
@@ -26,7 +26,7 @@ public class MyOAuthClientConfiguration {
 
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-		http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
+		http.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated());
 		http.oauth2Login((login) -> login.redirectionEndpoint().baseUri("custom-callback"));
 		return http.build();
 	}

diff --git a/...gframework/boot/docs/web/security/saml2/relyingparty/MySamlRelyingPartyConfiguration.java b/...gframework/boot/docs/web/security/saml2/relyingparty/MySamlRelyingPartyConfiguration.java
@@ -26,7 +26,7 @@ public class MySamlRelyingPartyConfiguration {
 
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-		http.authorizeRequests().anyRequest().authenticated();
+		http.authorizeHttpRequests().anyRequest().authenticated();
 		http.saml2Login();
 		http.saml2Logout((saml2) -> saml2.logoutRequest((request) -> request.logoutUrl("/SLOService.saml2"))
 				.logoutResponse((response) -> response.logoutUrl("/SLOService.saml2")));

diff --git a/...pringframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.kt b/...pringframework/boot/docs/actuator/endpoints/security/exposeall/MySecurityConfiguration.kt
@@ -27,9 +27,9 @@ class MySecurityConfiguration {
 
 	@Bean
 	fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
-		http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests {
+		http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests {
 				requests -> requests.anyRequest().permitAll() }
 		return http.build()
 	}
 
-}
+}
diff --git a/.../springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.kt b/.../springframework/boot/docs/actuator/endpoints/security/typical/MySecurityConfiguration.kt
@@ -27,11 +27,11 @@ class MySecurityConfiguration {
 
 	@Bean
 	fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
-		http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeRequests { requests ->
+		http.requestMatcher(EndpointRequest.toAnyEndpoint()).authorizeHttpRequests { requests ->
 			requests.anyRequest().hasRole("ENDPOINT_ADMIN")
 		}
 		http.httpBasic()
 		return http.build()
 	}
 
-}
+}
diff --git a/...in/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt b/...in/org/springframework/boot/docs/web/security/oauth2/client/MyOAuthClientConfiguration.kt
@@ -26,7 +26,7 @@ class MyOAuthClientConfiguration {
 
 	@Bean
 	fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
-		http.authorizeRequests().anyRequest().authenticated()
+		http.authorizeHttpRequests().anyRequest().authenticated()
 		http.oauth2Login().redirectionEndpoint().baseUri("custom-callback")
 		return http.build()
 	}

diff --git a/...ustom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java b/...ustom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java
@@ -55,7 +55,7 @@ private UserDetails createUserDetails(String username, String password, String..
 
 	@Bean
 	SecurityFilterChain configure(HttpSecurity http) throws Exception {
-		http.authorizeRequests((requests) -> {
+		http.authorizeHttpRequests((requests) -> {
 			requests.mvcMatchers("/actuator/beans").hasRole("BEANS");
 			requests.requestMatchers(EndpointRequest.to("health")).permitAll();
 			requests.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class))

diff --git a/...-tests/spring-boot-smoke-test-graphql/src/main/java/smoketest/graphql/SecurityConfig.java b/...-tests/spring-boot-smoke-test-graphql/src/main/java/smoketest/graphql/SecurityConfig.java
@@ -38,7 +38,8 @@ public DefaultSecurityFilterChain springWebFilterChain(HttpSecurity http) throws
 		return http.csrf((csrf) -> csrf.disable())
 				// Demonstrate that method security works
 				// Best practice to use both for defense in depth
-				.authorizeRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults()).build();
+				.authorizeHttpRequests((requests) -> requests.anyRequest().permitAll()).httpBasic(withDefaults())
+				.build();
 	}
 
 	@Bean

diff --git a/...smoke-test-secure-jersey/src/main/java/smoketest/secure/jersey/SecurityConfiguration.java b/...smoke-test-secure-jersey/src/main/java/smoketest/secure/jersey/SecurityConfiguration.java
@@ -41,7 +41,7 @@ public InMemoryUserDetailsManager inMemoryUserDetailsManager() {
 	@Bean
 	SecurityFilterChain configure(HttpSecurity http) throws Exception {
 		// @formatter:off
-		http.authorizeRequests()
+		http.authorizeHttpRequests()
 				.requestMatchers(EndpointRequest.to("health")).permitAll()
 				.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class)).hasRole("ACTUATOR")
 				.antMatchers("/**").hasRole("USER")

diff --git a/...hod-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java b/...hod-security/src/main/java/smoketest/security/method/SampleMethodSecurityApplication.java
@@ -69,8 +69,8 @@ protected static class ApplicationSecurity {
 		@Bean
 		SecurityFilterChain configure(HttpSecurity http) throws Exception {
 			http.csrf().disable();
-			http.authorizeRequests((requests) -> requests.anyRequest().fullyAuthenticated()
-					.filterSecurityInterceptorOncePerRequest(true));
+			http.authorizeHttpRequests(
+					(requests) -> requests.anyRequest().fullyAuthenticated().shouldFilterAllDispatcherTypes(false));
 			http.formLogin((form) -> form.loginPage("/login").permitAll());
 			http.exceptionHandling((exceptions) -> exceptions.accessDeniedPage("/access"));
 			return http.build();
@@ -86,8 +86,8 @@ protected static class ActuatorSecurity {
 		SecurityFilterChain actuatorSecurity(HttpSecurity http) throws Exception {
 			http.csrf().disable();
 			http.requestMatcher(EndpointRequest.toAnyEndpoint());
-			http.authorizeRequests(
-					(requests) -> requests.anyRequest().authenticated().filterSecurityInterceptorOncePerRequest(true));
+			http.authorizeHttpRequests(
+					(requests) -> requests.anyRequest().authenticated().shouldFilterAllDispatcherTypes(false));
 			http.httpBasic();
 			return http.build();
 		}

diff --git a/...re-custom/src/main/java/smoketest/web/secure/custom/SampleWebSecureCustomApplication.java b/...re-custom/src/main/java/smoketest/web/secure/custom/SampleWebSecureCustomApplication.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2021 the original author or authors.
+ * Copyright 2012-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,7 +44,7 @@ protected static class ApplicationSecurity {
 		@Bean
 		SecurityFilterChain configure(HttpSecurity http) throws Exception {
 			http.csrf().disable();
-			http.authorizeRequests((requests) -> requests.anyRequest().fullyAuthenticated());
+			http.authorizeHttpRequests((requests) -> requests.anyRequest().fullyAuthenticated());
 			http.formLogin((form) -> form.loginPage("/login").permitAll());
 			return http.build();
 		}

diff --git a/...b-secure-jdbc/src/main/java/smoketest/web/secure/jdbc/SampleWebSecureJdbcApplication.java b/...b-secure-jdbc/src/main/java/smoketest/web/secure/jdbc/SampleWebSecureJdbcApplication.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2021 the original author or authors.
+ * Copyright 2012-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -47,7 +47,7 @@ protected static class ApplicationSecurity {
 		@Bean
 		SecurityFilterChain configure(HttpSecurity http) throws Exception {
 			http.csrf().disable();
-			http.authorizeRequests((requests) -> requests.anyRequest().fullyAuthenticated());
+			http.authorizeHttpRequests((requests) -> requests.anyRequest().fullyAuthenticated());
 			http.formLogin((form) -> form.loginPage("/login").permitAll());
 			return http.build();
 		}

diff --git a/...boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/AbstractErrorPageTests.java b/...boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/AbstractErrorPageTests.java
@@ -50,7 +50,7 @@ protected AbstractErrorPageTests(String pathPrefix) {
 	@Test
 	void testBadCredentials() {
 		final ResponseEntity<JsonNode> response = this.testRestTemplate.withBasicAuth("username", "wrongpassword")
-				.exchange("/test", HttpMethod.GET, null, JsonNode.class);
+				.exchange(this.pathPrefix + "/test", HttpMethod.GET, null, JsonNode.class);
 		assertThat(response.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
 		JsonNode jsonResponse = response.getBody();
 		assertThat(jsonResponse).isNull();

diff --git a/...e-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java b/...e-test-web-secure/src/test/java/smoketest/web/secure/CustomServletPathErrorPageTests.java
@@ -44,10 +44,10 @@ static class SecurityConfiguration {
 
 		@Bean
 		SecurityFilterChain configure(HttpSecurity http) throws Exception {
-			http.authorizeRequests((requests) -> {
+			http.authorizeHttpRequests((requests) -> {
 				requests.antMatchers("/custom/servlet/path/public/**").permitAll();
 				requests.anyRequest().fullyAuthenticated();
-				requests.filterSecurityInterceptorOncePerRequest(true);
+				requests.shouldFilterAllDispatcherTypes(false);
 			});
 			http.httpBasic();
 			http.formLogin((form) -> form.loginPage("/custom/servlet/path/login").permitAll());

diff --git a/...re/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java b/...re/src/test/java/smoketest/web/secure/CustomServletPathUnauthenticatedErrorPageTests.java
@@ -43,7 +43,7 @@ static class SecurityConfiguration {
 
 		@Bean
 		SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
-			http.authorizeRequests((requests) -> {
+			http.authorizeHttpRequests((requests) -> {
 				requests.antMatchers("/custom/servlet/path/error").permitAll();
 				requests.antMatchers("/custom/servlet/path/public/**").permitAll();
 				requests.anyRequest().authenticated();

diff --git a/.../spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java b/.../spring-boot-smoke-test-web-secure/src/test/java/smoketest/web/secure/ErrorPageTests.java
@@ -43,10 +43,10 @@ static class SecurityConfiguration {
 
 		@Bean
 		SecurityFilterChain configure(HttpSecurity http) throws Exception {
-			http.authorizeRequests((requests) -> {
+			http.authorizeHttpRequests((requests) -> {
 				requests.antMatchers("/public/**").permitAll();
 				requests.anyRequest().fullyAuthenticated();
-				requests.filterSecurityInterceptorOncePerRequest(true);
+				requests.shouldFilterAllDispatcherTypes(false);
 			});
 			http.httpBasic();
 			http.formLogin((form) -> form.loginPage("/login").permitAll());

diff --git a/...oot-smoke-test-web-secure/src/test/java/smoketest/web/secure/NoSessionErrorPageTests.java b/...oot-smoke-test-web-secure/src/test/java/smoketest/web/secure/NoSessionErrorPageTests.java
@@ -45,10 +45,10 @@ static class SecurityConfiguration {
 		@Bean
 		SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
 			http.sessionManagement((session) -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-					.authorizeRequests((requests) -> {
+					.authorizeHttpRequests((requests) -> {
 						requests.antMatchers("/public/**").permitAll();
 						requests.anyRequest().authenticated();
-						requests.filterSecurityInterceptorOncePerRequest(true);
+						requests.shouldFilterAllDispatcherTypes(false);
 					});
 			http.httpBasic();
 			return http.build();