Use HttpSecurity Lambda DSL in Config Tests

Issue gh-13067

config/src/test/java/org/springframework/security/config/annotation/issue50/SecurityConfig.java

@@ -51,9 +51,8 @@ public class SecurityConfig {
 	SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 		// @formatter:off
 		http
-			.authorizeRequests()
-				.requestMatchers(new AntPathRequestMatcher("/*")).permitAll()
-				.and()
+			.authorizeRequests((requests) -> requests
+				.requestMatchers(new AntPathRequestMatcher("/*")).permitAll())
 			.authenticationProvider(authenticationProvider());
 		// @formatter:on
 		return http.build();

config/src/test/java/org/springframework/security/config/annotation/sec2758/Sec2758Tests.java

@@ -87,8 +87,8 @@ public class Sec2758Tests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-			.authorizeRequests()
-			.anyRequest().access("hasAnyRole('CUSTOM')");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().access("hasAnyRole('CUSTOM')"));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistryAnyMatcherTests.java

@@ -86,9 +86,9 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-				.anyRequest().authenticated()
-				.requestMatchers(new AntPathRequestMatcher("/demo/**")).permitAll();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated()
+					.requestMatchers(new AntPathRequestMatcher("/demo/**")).permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -103,9 +103,9 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 		SecurityFilterChain filterChain(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-				.anyRequest().authenticated()
-				.requestMatchers(new MvcRequestMatcher(introspector, "/demo/**")).permitAll();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated()
+					.requestMatchers(new MvcRequestMatcher(introspector, "/demo/**")).permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -120,9 +120,9 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-				.anyRequest().authenticated()
-				.requestMatchers(new RegexRequestMatcher(".*", null)).permitAll();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated()
+					.requestMatchers(new RegexRequestMatcher(".*", null)).permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -137,9 +137,9 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-				.anyRequest().authenticated()
-				.anyRequest().permitAll();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated()
+					.anyRequest().permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -154,9 +154,9 @@ public class AbstractRequestMatcherRegistryAnyMatcherTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-				.anyRequest().authenticated()
-				.requestMatchers(new AntPathRequestMatcher("/**")).permitAll();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated()
+					.requestMatchers(new AntPathRequestMatcher("/**")).permitAll());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/builders/HttpConfigurationTests.java

@@ -48,6 +48,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
@@ -148,14 +149,12 @@ public class HttpConfigurationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.securityMatchers()
+				.securityMatchers((security) -> security
 					.requestMatchers(new AntPathRequestMatcher("/api/**"))
-					.requestMatchers(new AntPathRequestMatcher("/oauth/**"))
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.httpBasic();
+					.requestMatchers(new AntPathRequestMatcher("/oauth/**")))
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.httpBasic(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/builders/NamespaceHttpTests.java

@@ -71,6 +71,7 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
@@ -293,9 +294,9 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.anyRequest().permitAll()
-				.accessDecisionManager(ACCESS_DECISION_MANAGER);
+					.accessDecisionManager(ACCESS_DECISION_MANAGER));
 			return http.build();
 			// @formatter:on
 		}
@@ -311,12 +312,11 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin").hasRole("ADMIN")
-					.anyRequest().authenticated()
-					.and()
-				.exceptionHandling()
-					.accessDeniedPage("/AccessDeniedPage");
+					.anyRequest().authenticated())
+				.exceptionHandling((handling) -> handling
+					.accessDeniedPage("/AccessDeniedPage"));
 			return http.build();
 			// @formatter:on
 		}
@@ -338,10 +338,9 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -356,11 +355,10 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().permitAll()
-					.and()
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().permitAll())
+				.sessionManagement((management) -> management
+					.sessionCreationPolicy(SessionCreationPolicy.ALWAYS));
 			return http.build();
 			// @formatter:on
 		}
@@ -375,11 +373,10 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().permitAll()
-					.and()
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().permitAll())
+				.sessionManagement((management) -> management
+					.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 			return http.build();
 			// @formatter:on
 		}
@@ -395,14 +392,12 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/unsecure").permitAll()
-					.anyRequest().authenticated()
-					.and()
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
-					.and()
-				.formLogin();
+					.anyRequest().authenticated())
+				.sessionManagement((management) -> management
+					.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED))
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -417,11 +412,10 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().anonymous()
-					.and()
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.NEVER);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().anonymous())
+				.sessionManagement((management) -> management
+					.sessionCreationPolicy(SessionCreationPolicy.NEVER));
 			return http.build();
 			// @formatter:on
 		}
@@ -436,13 +430,11 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.exceptionHandling()
-					.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/entry-point"))
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.exceptionHandling((handling) -> handling
+					.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/entry-point")))
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -472,11 +464,10 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.httpBasic()
-					.realmName("RealmConfig");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.httpBasic((basic) -> basic
+					.realmName("RealmConfig"));
 			return http.build();
 			// @formatter:on
 		}
@@ -562,13 +553,11 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.securityContext()
-					.securityContextRepository(new NullSecurityContextRepository())
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.securityContext((context) -> context
+					.securityContextRepository(new NullSecurityContextRepository()))
+				.formLogin(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -588,11 +577,10 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().permitAll()
-					.and()
-				.servletApi()
-					.disable();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().permitAll())
+				.servletApi((api) -> api
+					.disable());
 			return http.build();
 			// @formatter:on
 		}
@@ -607,8 +595,8 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().permitAll();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -641,10 +629,10 @@ public class NamespaceHttpTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/users**", "/sessions/**").hasRole("USER")
 					.requestMatchers("/signup").permitAll()
-					.anyRequest().hasRole("USER");
+					.anyRequest().hasRole("USER"));
 			this.httpSecurity = http;
 			return http.build();
 			// @formatter:on

config/src/test/java/org/springframework/security/config/annotation/web/builders/WebSecurityTests.java

@@ -50,6 +50,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
  * @author Rob Winch
@@ -137,9 +138,9 @@ public class WebSecurityTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic().and()
-				.authorizeRequests()
-					.anyRequest().denyAll();
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -176,9 +177,9 @@ public class WebSecurityTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic().and()
-				.authorizeRequests()
-					.anyRequest().denyAll();
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configuration/OAuth2ClientConfigurationTests.java

@@ -58,6 +58,7 @@ import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
@@ -272,10 +273,9 @@ public class OAuth2ClientConfigurationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2Login();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2Login(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -311,10 +311,9 @@ public class OAuth2ClientConfigurationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2Login();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2Login(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -330,10 +329,9 @@ public class OAuth2ClientConfigurationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2Login();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2Login(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -369,10 +367,9 @@ public class OAuth2ClientConfigurationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2Login();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2Login(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfigurationResourceServerTests.java

@@ -113,7 +113,7 @@ public class SecurityReactorContextConfigurationResourceServerTests {
 
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			http.securityContext().requireExplicitSave(false);
+			http.securityContext((context) -> context.requireExplicitSave(false));
 			return http.build();
 		}
 

config/src/test/java/org/springframework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.java

@@ -535,9 +535,9 @@ public class WebSecurityConfigurationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.anyRequest().authenticated()
-					.expressionHandler(EXPRESSION_HANDLER);
+					.expressionHandler(EXPRESSION_HANDLER));
 			return http.build();
 			// @formatter:on
 		}
@@ -563,8 +563,8 @@ public class WebSecurityConfigurationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated());
 			return http.build();
 			// @formatter:on
 		}
@@ -616,8 +616,8 @@ public class WebSecurityConfigurationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated());
 			return http.build();
 			// @formatter:on
 		}
@@ -649,8 +649,8 @@ public class WebSecurityConfigurationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().access("request.method == 'GET' ? @b.grant() : @b.deny()");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().access("request.method == 'GET' ? @b.grant() : @b.deny()"));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/AnonymousConfigurerTests.java

@@ -110,11 +110,10 @@ public class AnonymousConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.anonymous()
+				.anonymous((anonymous) -> anonymous
 					.key("key")
-					.principal("principal")
-					.and()
-				.anonymous();
+					.principal("principal"))
+				.anonymous(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java

@@ -762,7 +762,7 @@ public class AuthorizeHttpRequestsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeHttpRequests();
+				.authorizeHttpRequests(withDefaults());
 			// @formatter:on
 
 			return http.build();
@@ -793,8 +793,8 @@ public class AuthorizeHttpRequestsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.authorizeHttpRequests()
-					.anyRequest();
+				.authorizeHttpRequests((requests) -> requests
+					.anyRequest());
 			// @formatter:on
 
 			return http.build();
@@ -849,8 +849,8 @@ public class AuthorizeHttpRequestsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeHttpRequests()
-					.anyRequest().access(authorizationManager);
+				.authorizeHttpRequests((requests) -> requests
+					.anyRequest().access(authorizationManager));
 			// @formatter:on
 
 			return http.build();
@@ -899,12 +899,11 @@ public class AuthorizeHttpRequestsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			return http
-					.httpBasic()
-						.and()
-					.authorizeHttpRequests((requests) -> requests
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((requests) -> requests
 						.anyRequest().hasAnyAuthority("ROLE_USER")
-					)
-					.build();
+				)
+				.build();
 			// @formatter:on
 		}
 
@@ -918,12 +917,11 @@ public class AuthorizeHttpRequestsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			return http
-					.httpBasic()
-						.and()
-					.authorizeHttpRequests((requests) -> requests
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((requests) -> requests
 						.anyRequest().hasAuthority("ROLE_USER")
-					)
-					.build();
+				)
+				.build();
 			// @formatter:on
 		}
 
@@ -937,12 +935,11 @@ public class AuthorizeHttpRequestsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			return http
-					.httpBasic()
-						.and()
-					.authorizeHttpRequests((requests) -> requests
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((requests) -> requests
 						.anyRequest().hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
-					)
-					.build();
+				)
+				.build();
 			// @formatter:on
 		}
 
@@ -1014,12 +1011,11 @@ public class AuthorizeHttpRequestsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			return http
-					.httpBasic()
-						.and()
-					.authorizeHttpRequests((requests) -> requests
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((requests) -> requests
 						.anyRequest().denyAll()
-					)
-					.build();
+				)
+				.build();
 			// @formatter:on
 		}
 
@@ -1050,13 +1046,12 @@ public class AuthorizeHttpRequestsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			return http
-					.httpBasic()
-						.and()
-					.authorizeHttpRequests((requests) -> requests
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((requests) -> requests
 						.anyRequest().authenticated()
-					)
-					.authorizeHttpRequests(withDefaults())
-					.build();
+				)
+				.authorizeHttpRequests(withDefaults())
+				.build();
 			// @formatter:on
 		}
 
@@ -1090,12 +1085,11 @@ public class AuthorizeHttpRequestsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			return http
-					.httpBasic()
-						.and()
-					.authorizeHttpRequests((requests) -> requests
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((requests) -> requests
 						.anyRequest().authenticated()
-					)
-					.build();
+				)
+				.build();
 			// @formatter:on
 		}
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeRequestsTests.java

@@ -198,8 +198,8 @@ public class AuthorizeRequestsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.requestMatchers(new AntPathRequestMatcher("/**", HttpMethod.POST.name())).denyAll();
+				.authorizeRequests((requests) -> requests
+					.requestMatchers(new AntPathRequestMatcher("/**", HttpMethod.POST.name())).denyAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -242,9 +242,9 @@ public class AuthorizeRequestsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-				.requestMatchers(new AntPathRequestMatcher("/user/{user}", null, false)).access("#user == 'user'")
-				.anyRequest().denyAll();
+				.authorizeRequests((requests) -> requests
+					.requestMatchers(new AntPathRequestMatcher("/user/{user}", null, false)).access("#user == 'user'")
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -264,9 +264,9 @@ public class AuthorizeRequestsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-				.requestMatchers(new AntPathRequestMatcher("/user/{userName}", null, false)).access("#userName == 'user'")
-				.anyRequest().denyAll();
+				.authorizeRequests((requests) -> requests
+					.requestMatchers(new AntPathRequestMatcher("/user/{userName}", null, false)).access("#userName == 'user'")
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -286,8 +286,8 @@ public class AuthorizeRequestsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("ADMIN");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("ADMIN"));
 			// @formatter:on
 			return http.build();
 		}
@@ -315,9 +315,9 @@ public class AuthorizeRequestsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic().and()
-				.authorizeRequests()
-					.requestMatchers("/path").denyAll();
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.requestMatchers("/path").denyAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -385,9 +385,9 @@ public class AuthorizeRequestsTests {
 				.servletPath("/spring");
 			// @formatter:off
 			http
-				.httpBasic().and()
-				.authorizeRequests()
-					.requestMatchers(mvcMatcherBuilder.pattern("/path")).denyAll();
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.requestMatchers(mvcMatcherBuilder.pattern("/path")).denyAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -455,9 +455,9 @@ public class AuthorizeRequestsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic().and()
-				.authorizeRequests()
-					.requestMatchers("/user/{userName}").access("#userName == 'user'");
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.requestMatchers("/user/{userName}").access("#userName == 'user'"));
 			// @formatter:on
 			return http.build();
 		}
@@ -523,9 +523,9 @@ public class AuthorizeRequestsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic().and()
-				.authorizeRequests()
-					.requestMatchers("/user").denyAll();
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.requestMatchers("/user").denyAll());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurerTests.java

@@ -46,6 +46,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 
@@ -138,8 +139,8 @@ public class ChannelSecurityConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requiresChannel()
-					.anyRequest().requiresSecure();
+				.requiresChannel((channel) -> channel
+					.anyRequest().requiresSecure());
 			return http.build();
 			// @formatter:on
 		}
@@ -168,10 +169,9 @@ public class ChannelSecurityConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requiresChannel()
-					.anyRequest().requiresSecure()
-					.and()
-				.requiresChannel();
+				.requiresChannel((channel) -> channel
+					.anyRequest().requiresSecure())
+				.requiresChannel(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -204,13 +204,12 @@ public class ChannelSecurityConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.portMapper()
-					.portMapper(new PortMapperImpl())
-					.and()
-				.requiresChannel()
+				.portMapper((mapper) -> mapper
+					.portMapper(new PortMapperImpl()))
+				.requiresChannel((channel) -> channel
 					.redirectStrategy(new TestUrlRedirectStrategy())
 					.anyRequest()
-					.requiresSecure();
+					.requiresSecure());
 			return http.build();
 			// @formatter:on
 		}
@@ -239,18 +238,17 @@ public class ChannelSecurityConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.portMapper()
-					.portMapper(new PortMapperImpl())
-					.and()
-				.requiresChannel()
+				.portMapper((mapper) -> mapper
+					.portMapper(new PortMapperImpl()))
+				.requiresChannel((channel) -> channel
 					.requestMatchers("/test-1")
-						.requiresSecure()
+					.requiresSecure()
 					.requestMatchers("/test-2")
-						.requiresSecure()
+					.requiresSecure()
 					.requestMatchers("/test-3")
-						.requiresSecure()
+					.requiresSecure()
 					.anyRequest()
-						.requiresInsecure();
+					.requiresInsecure());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/CorsConfigurerTests.java

@@ -204,10 +204,9 @@ public class CorsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.cors();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.cors(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -223,10 +222,9 @@ public class CorsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.cors();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.cors(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -283,10 +281,9 @@ public class CorsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.cors();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.cors(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -340,10 +337,9 @@ public class CorsConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.cors();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.cors(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerIgnoringRequestMatchersTests.java

@@ -108,9 +108,9 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
+				.csrf((csrf) -> csrf
 					.requireCsrfProtectionMatcher(new AntPathRequestMatcher("/path"))
-					.ignoringRequestMatchers(this.requestMatcher);
+					.ignoringRequestMatchers(this.requestMatcher));
 			return http.build();
 			// @formatter:on
 		}
@@ -149,9 +149,9 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
+				.csrf((csrf) -> csrf
 					.ignoringRequestMatchers(new AntPathRequestMatcher("/no-csrf"))
-					.ignoringRequestMatchers(this.requestMatcher);
+					.ignoringRequestMatchers(this.requestMatcher));
 			return http.build();
 			// @formatter:on
 		}
@@ -189,8 +189,8 @@ public class CsrfConfigurerIgnoringRequestMatchersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
-					.ignoringRequestMatchers("/no-csrf");
+				.csrf((csrf) -> csrf
+					.ignoringRequestMatchers("/no-csrf"));
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurerTests.java

@@ -676,8 +676,8 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
-					.disable();
+				.csrf((csrf) -> csrf
+					.disable());
 			return http.build();
 			// @formatter:on
 		}
@@ -707,13 +707,11 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin()
-					.and()
-				.csrf()
-					.disable();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin(withDefaults())
+				.csrf((csrf) -> csrf
+					.disable());
 			// @formatter:on
 			return http.build();
 		}
@@ -735,13 +733,11 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin()
-					.and()
-				.csrf()
-					.csrfTokenRepository(REPO);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin(withDefaults())
+				.csrf((csrf) -> csrf
+					.csrfTokenRepository(REPO));
 			// @formatter:on
 			return http.build();
 		}
@@ -761,10 +757,9 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
-					.and()
-				.sessionManagement()
-					.invalidSessionUrl("/error/sessionError");
+				.csrf(withDefaults())
+				.sessionManagement((management) -> management
+					.invalidSessionUrl("/error/sessionError"));
 			return http.build();
 			// @formatter:on
 		}
@@ -781,8 +776,8 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
-					.requireCsrfProtectionMatcher(MATCHER);
+				.csrf((csrf) -> csrf
+					.requireCsrfProtectionMatcher(MATCHER));
 			return http.build();
 			// @formatter:on
 		}
@@ -816,10 +811,9 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.csrf()
-					.csrfTokenRepository(REPO);
+				.formLogin(withDefaults())
+				.csrf((csrf) -> csrf
+					.csrfTokenRepository(REPO));
 			// @formatter:on
 			return http.build();
 		}
@@ -859,8 +853,8 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.exceptionHandling()
-					.accessDeniedHandler(DENIED_HANDLER);
+				.exceptionHandling((handling) -> handling
+					.accessDeniedHandler(DENIED_HANDLER));
 			return http.build();
 			// @formatter:on
 		}
@@ -879,8 +873,8 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.exceptionHandling()
-					.defaultAccessDeniedHandlerFor(DENIED_HANDLER, MATCHER);
+				.exceptionHandling((handling) -> handling
+					.defaultAccessDeniedHandlerFor(DENIED_HANDLER, MATCHER));
 			return http.build();
 			// @formatter:on
 		}
@@ -895,7 +889,7 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin();
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -910,10 +904,9 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.logout()
-					.logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
+				.formLogin(withDefaults())
+				.logout((logout) -> logout
+					.logoutRequestMatcher(new AntPathRequestMatcher("/logout")));
 			return http.build();
 			// @formatter:on
 		}
@@ -928,8 +921,8 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
-					.requireCsrfProtectionMatcher(null);
+				.csrf((csrf) -> csrf
+					.requireCsrfProtectionMatcher(null));
 			return http.build();
 			// @formatter:on
 		}
@@ -944,12 +937,10 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().permitAll()
-					.and()
-				.formLogin()
-					.and()
-				.httpBasic();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().permitAll())
+				.formLogin(withDefaults())
+				.httpBasic(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -969,8 +960,8 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.csrf()
-					.sessionAuthenticationStrategy(null);
+				.csrf((csrf) -> csrf
+					.sessionAuthenticationStrategy(null));
 			return http.build();
 			// @formatter:on
 		}
@@ -987,10 +978,9 @@ public class CsrfConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.formLogin()
-					.and()
-					.csrf()
-					.sessionAuthenticationStrategy(STRATEGY);
+				.formLogin(withDefaults())
+				.csrf((csrf) -> csrf
+					.sessionAuthenticationStrategy(STRATEGY));
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultFiltersTests.java

@@ -63,6 +63,7 @@ import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
  * @author Rob Winch
@@ -170,7 +171,7 @@ public class DefaultFiltersTests {
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			TestHttpSecurities.disableDefaults(http);
-			http.formLogin();
+			http.formLogin(withDefaults());
 			return http.build();
 		}
 
@@ -190,8 +191,8 @@ public class DefaultFiltersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/DefaultLoginPageConfigurerTests.java

@@ -387,10 +387,9 @@ public class DefaultLoginPageConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -410,13 +409,11 @@ public class DefaultLoginPageConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.logout()
-					.logoutSuccessHandler(new SimpleUrlLogoutSuccessHandler())
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.logout((logout) -> logout
+					.logoutSuccessHandler(new SimpleUrlLogoutSuccessHandler()))
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -431,13 +428,11 @@ public class DefaultLoginPageConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.logout()
-					.logoutSuccessUrl("/login?logout")
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.logout((logout) -> logout
+					.logoutSuccessUrl("/login?logout"))
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -452,12 +447,10 @@ public class DefaultLoginPageConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin(withDefaults())
+				.rememberMe(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -477,13 +470,11 @@ public class DefaultLoginPageConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.exceptionHandling()
-					.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin();
+				.exceptionHandling((handling) -> handling
+					.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login")))
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -500,9 +491,8 @@ public class DefaultLoginPageConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.exceptionHandling()
-					.and()
-				.formLogin();
+				.exceptionHandling(withDefaults())
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerAccessDeniedHandlerTests.java

@@ -87,16 +87,15 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().denyAll()
-					.and()
-				.exceptionHandling()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll())
+				.exceptionHandling((handling) -> handling
 					.defaultAccessDeniedHandlerFor(
-							this.teapotDeniedHandler,
-							new AntPathRequestMatcher("/hello/**"))
+						this.teapotDeniedHandler,
+						new AntPathRequestMatcher("/hello/**"))
 					.defaultAccessDeniedHandlerFor(
-							new AccessDeniedHandlerImpl(),
-							AnyRequestMatcher.INSTANCE);
+						new AccessDeniedHandlerImpl(),
+						AnyRequestMatcher.INSTANCE));
 			return http.build();
 			// @formatter:on
 		}
@@ -146,13 +145,12 @@ public class ExceptionHandlingConfigurerAccessDeniedHandlerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.authorizeRequests()
-					.anyRequest().denyAll()
-					.and()
-					.exceptionHandling()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll())
+				.exceptionHandling((handling) -> handling
 					.defaultAccessDeniedHandlerFor(
-							this.teapotDeniedHandler,
-							new AntPathRequestMatcher("/hello/**"));
+						this.teapotDeniedHandler,
+						new AntPathRequestMatcher("/hello/**")));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExceptionHandlingConfigurerTests.java

@@ -52,6 +52,7 @@ import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.config.annotation.SecurityContextChangedListenerArgumentMatchers.setAuthentication;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -241,7 +242,7 @@ public class ExceptionHandlingConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.exceptionHandling();
+				.exceptionHandling(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -291,12 +292,10 @@ public class ExceptionHandlingConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.httpBasic()
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.httpBasic(withDefaults())
+				.formLogin(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -330,12 +329,10 @@ public class ExceptionHandlingConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.httpBasic()
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.httpBasic(withDefaults())
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -352,12 +349,11 @@ public class ExceptionHandlingConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.exceptionHandling()
-					.authenticationEntryPoint(AEP).and()
-				.exceptionHandling();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.exceptionHandling((handling) -> handling
+					.authenticationEntryPoint(AEP))
+				.exceptionHandling(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurerTests.java

@@ -70,6 +70,7 @@ import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
@@ -566,8 +567,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("ROLE_USER");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("ROLE_USER"));
 			return http.build();
 			// @formatter:on
 		}
@@ -584,8 +585,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"));
 			return http.build();
 			// @formatter:on
 		}
@@ -605,7 +606,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests();
+				.authorizeRequests(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -621,9 +622,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/a").authenticated()
-					.anyRequest();
+					.anyRequest());
 			return http.build();
 			// @formatter:on
 		}
@@ -638,10 +639,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasAnyAuthority("ROLE_USER");
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasAnyAuthority("ROLE_USER"));
 			return http.build();
 			// @formatter:on
 		}
@@ -656,10 +656,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasAuthority("ROLE_USER");
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasAuthority("ROLE_USER"));
 			return http.build();
 			// @formatter:on
 		}
@@ -674,10 +673,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasAnyAuthority("ROLE_USER", "ROLE_ADMIN");
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasAnyAuthority("ROLE_USER", "ROLE_ADMIN"));
 			return http.build();
 			// @formatter:on
 		}
@@ -692,8 +690,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasAnyRole("USER");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasAnyRole("USER"));
 			return http.build();
 			// @formatter:on
 		}
@@ -708,8 +706,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasAnyRole("USER");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasAnyRole("USER"));
 			return http.build();
 			// @formatter:on
 		}
@@ -729,8 +727,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasAnyRole("USER");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasAnyRole("USER"));
 			return http.build();
 			// @formatter:on
 		}
@@ -750,8 +748,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasAnyRole("USER", "ADMIN");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasAnyRole("USER", "ADMIN"));
 			return http.build();
 			// @formatter:on
 		}
@@ -766,8 +764,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasAnyRole("USER", "ADMIN");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasAnyRole("USER", "ADMIN"));
 			return http.build();
 			// @formatter:on
 		}
@@ -787,8 +785,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasAnyRole("USER", "ADMIN");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasAnyRole("USER", "ADMIN"));
 			return http.build();
 			// @formatter:on
 		}
@@ -808,10 +806,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().hasIpAddress("192.168.1.0");
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasIpAddress("192.168.1.0"));
 			return http.build();
 			// @formatter:on
 		}
@@ -826,10 +823,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().anonymous();
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().anonymous());
 			return http.build();
 			// @formatter:on
 		}
@@ -844,12 +840,10 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.rememberMe()
-					.and()
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().rememberMe();
+				.rememberMe(withDefaults())
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().rememberMe());
 			// @formatter:on
 			return http.build();
 		}
@@ -869,10 +863,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().denyAll();
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -887,10 +880,9 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().not().denyAll();
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().not().denyAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -905,12 +897,10 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.rememberMe()
-					.and()
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().fullyAuthenticated();
+				.rememberMe(withDefaults())
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().fullyAuthenticated());
 			return http.build();
 			// @formatter:on
 		}
@@ -930,12 +920,10 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.rememberMe()
-					.and()
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().access("hasRole('ROLE_USER') or request.method == 'GET'");
+				.rememberMe(withDefaults())
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().access("hasRole('ROLE_USER') or request.method == 'GET'"));
 			return http.build();
 			// @formatter:on
 		}
@@ -955,12 +943,10 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.authorizeRequests();
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.authorizeRequests(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -979,14 +965,13 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 			AffirmativeBased adm = new AffirmativeBased(Collections.singletonList(expressionVoter));
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.expressionHandler(handler)
 					.accessDecisionManager(adm)
 					.filterSecurityInterceptorOncePerRequest(true)
 					.requestMatchers("/a", "/b").hasRole("ADMIN")
-					.anyRequest().permitAll()
-					.and()
-				.formLogin();
+					.anyRequest().permitAll())
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -1001,7 +986,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.anyRequest().permitAll()
 					.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
 						@Override
@@ -1010,7 +995,7 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 							fsi.setPublishAuthorizationSuccess(true);
 							return fsi;
 						}
-					});
+					}));
 			return http.build();
 			// @formatter:on
 		}
@@ -1046,11 +1031,11 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/admin").hasRole("ADMIN")
 					.requestMatchers("/user").hasRole("USER")
 					.requestMatchers("/allow").access("@permission.check(authentication,'user')")
-					.anyRequest().access("@permission.check(authentication,'admin')");
+					.anyRequest().access("@permission.check(authentication,'admin')"));
 			return http.build();
 			// @formatter:on
 		}
@@ -1079,12 +1064,12 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.expressionHandler(expressionHandler())
 					.requestMatchers("/admin").hasRole("ADMIN")
 					.requestMatchers("/user").hasRole("USER")
 					.requestMatchers("/allow").access("check('user')")
-					.anyRequest().access("check('admin')");
+					.anyRequest().access("check('admin')"));
 			return http.build();
 			// @formatter:on
 		}
@@ -1133,8 +1118,8 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 				http
-				.authorizeRequests()
-					.anyRequest().authenticated();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated());
 			// @formatter:on
 			return http.build();
 		}
@@ -1160,12 +1145,12 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/allow").access("hasPermission('ID', 'TYPE', 'PERMISSION')")
 					.requestMatchers("/allowObject").access("hasPermission('TESTOBJ', 'PERMISSION')")
 					.requestMatchers("/deny").access("hasPermission('ID', 'TYPE', 'NO PERMISSION')")
 					.requestMatchers("/denyObject").access("hasPermission('TESTOBJ', 'NO PERMISSION')")
-					.anyRequest().permitAll();
+					.anyRequest().permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -1198,10 +1183,10 @@ public class ExpressionUrlAuthorizationConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/allow").access("hasRole('MEMBER')")
 					.requestMatchers("/deny").access("hasRole('ADMIN')")
-					.anyRequest().permitAll();
+					.anyRequest().permitAll());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/FormLoginConfigurerTests.java

@@ -396,9 +396,9 @@ public class FormLoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin().and()
-				.requestCache()
-					.requestCache(this.requestCache);
+				.formLogin(withDefaults())
+				.requestCache((cache) -> cache
+					.requestCache(this.requestCache));
 			return http.build();
 			// @formatter:on
 		}
@@ -430,11 +430,10 @@ public class FormLoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.loginPage("/login");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin((login) -> login
+					.loginPage("/login"));
 			// @formatter:on
 			return http.build();
 		}
@@ -478,11 +477,10 @@ public class FormLoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.permitAll();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin((login) -> login
+					.permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -497,15 +495,13 @@ public class FormLoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin((login) -> login
 					.loginPage("/authenticate")
-					.permitAll()
-					.and()
-				.logout()
-					.permitAll();
+					.permitAll())
+				.logout((logout) -> logout
+					.permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -544,21 +540,19 @@ public class FormLoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin((login) -> login
 					.loginProcessingUrl("/loginCheck")
 					.loginPage("/login")
 					.defaultSuccessUrl("/", true)
 					.passwordParameter("password")
 					.usernameParameter("username")
-					.permitAll()
-					.and()
-				.logout()
+					.permitAll())
+				.logout((logout) -> logout
 					.logoutSuccessUrl("/login")
 					.logoutUrl("/logout")
-					.deleteCookies("JSESSIONID");
+					.deleteCookies("JSESSIONID"));
 			// @formatter:on
 			return http.build();
 		}
@@ -616,14 +610,12 @@ public class FormLoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.permitAll()
-					.and()
-				.portMapper()
-					.portMapper(PORT_MAPPER);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin((login) -> login
+					.permitAll())
+				.portMapper((mapper) -> mapper
+					.portMapper(PORT_MAPPER));
 			// @formatter:on
 			LoginUrlAuthenticationEntryPoint authenticationEntryPoint = (LoginUrlAuthenticationEntryPoint) http
 				.getConfigurer(FormLoginConfigurer.class)
@@ -644,12 +636,11 @@ public class FormLoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin((login) -> login
 					.failureHandler(FAILURE_HANDLER)
-					.permitAll();
+					.permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -664,10 +655,9 @@ public class FormLoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.usernameParameter("custom-username")
-					.and()
-				.formLogin();
+				.formLogin((login) -> login
+					.usernameParameter("custom-username"))
+				.formLogin(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -687,15 +677,14 @@ public class FormLoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
-					.disable()
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin()
+				.csrf((csrf) -> csrf
+					.disable())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin((login) -> login
 					.failureForwardUrl("/failure_forward_url")
 					.successForwardUrl("/success_forward_url")
-					.permitAll();
+					.permitAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -717,9 +706,8 @@ public class FormLoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.exceptionHandling()
-					.and()
-				.formLogin();
+				.exceptionHandling(withDefaults())
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerEagerHeadersTests.java

@@ -71,14 +71,14 @@ public class HeadersConfigurerEagerHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.addObjectPostProcessor(new ObjectPostProcessor<HeaderWriterFilter>() {
 						@Override
 						public HeaderWriterFilter postProcess(HeaderWriterFilter filter) {
 							filter.setShouldWriteHeadersEagerly(true);
 							return filter;
 						}
-					});
+					}));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurerTests.java

@@ -28,6 +28,7 @@ import org.springframework.beans.factory.BeanCreationException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.test.SpringTestContext;
@@ -582,7 +583,7 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers();
+				.headers(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -612,9 +613,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.contentTypeOptions();
+					.contentTypeOptions(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -648,9 +649,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.frameOptions();
+					.frameOptions(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -665,9 +666,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpStrictTransportSecurity();
+					.httpStrictTransportSecurity(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -682,9 +683,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.cacheControl();
+					.cacheControl(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -718,9 +719,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.xssProtection();
+					.xssProtection(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -735,10 +736,10 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.xssProtection()
-					.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK);
+					.xssProtection((xss) -> xss
+						.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK)));
 			// @formatter:on
 			return http.build();
 		}
@@ -791,8 +792,8 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
-					.frameOptions().sameOrigin();
+				.headers((headers) -> headers
+					.frameOptions((frameOptions) -> frameOptions.sameOrigin()));
 			return http.build();
 			// @formatter:on
 		}
@@ -825,9 +826,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpPublicKeyPinning();
+					.httpPublicKeyPinning(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -842,10 +843,10 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpPublicKeyPinning()
-						.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=");
+					.httpPublicKeyPinning((hpkp) -> hpkp
+						.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")));
 			return http.build();
 			// @formatter:on
 		}
@@ -863,10 +864,9 @@ public class HeadersConfigurerTests {
 			pins.put("E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=", "sha256");
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpPublicKeyPinning()
-						.withPins(pins);
+					.httpPublicKeyPinning((hpkp) -> hpkp.withPins(pins)));
 			return http.build();
 			// @formatter:on
 		}
@@ -881,11 +881,11 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpPublicKeyPinning()
+					.httpPublicKeyPinning((hpkp) -> hpkp
 						.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")
-						.maxAgeInSeconds(604800);
+						.maxAgeInSeconds(604800)));
 			return http.build();
 			// @formatter:on
 		}
@@ -900,11 +900,11 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpPublicKeyPinning()
+					.httpPublicKeyPinning((hpkp) -> hpkp
 						.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")
-						.reportOnly(false);
+						.reportOnly(false)));
 			return http.build();
 			// @formatter:on
 		}
@@ -919,11 +919,11 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpPublicKeyPinning()
+					.httpPublicKeyPinning((hpkp) -> hpkp
 						.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")
-						.includeSubDomains(true);
+						.includeSubDomains(true)));
 			return http.build();
 			// @formatter:on
 		}
@@ -938,11 +938,11 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpPublicKeyPinning()
+					.httpPublicKeyPinning((hpkp) -> hpkp
 						.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")
-						.reportUri(new URI("https://example.net/pkp-report"));
+						.reportUri(URI.create("https://example.net/pkp-report"))));
 			return http.build();
 			// @formatter:on
 		}
@@ -957,11 +957,11 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpPublicKeyPinning()
+					.httpPublicKeyPinning((hpkp) -> hpkp
 						.addSha256Pins("d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=")
-						.reportUri("https://example.net/pkp-report");
+						.reportUri("https://example.net/pkp-report")));
 			return http.build();
 			// @formatter:on
 		}
@@ -999,9 +999,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.contentSecurityPolicy("default-src 'self'");
+					.contentSecurityPolicy((csp) -> csp.policyDirectives("default-src 'self'")));
 			return http.build();
 			// @formatter:on
 		}
@@ -1016,10 +1016,11 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.contentSecurityPolicy("default-src 'self'; script-src trustedscripts.example.com")
-					.reportOnly();
+					.contentSecurityPolicy((csp) -> csp
+						.policyDirectives("default-src 'self'; script-src trustedscripts.example.com")
+						.reportOnly()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1057,9 +1058,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.contentSecurityPolicy("");
+					.contentSecurityPolicy((csp) -> csp.policyDirectives("")));
 			return http.build();
 			// @formatter:on
 		}
@@ -1114,9 +1115,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.referrerPolicy();
+					.referrerPolicy(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1134,7 +1135,7 @@ public class HeadersConfigurerTests {
 				.headers((headers) ->
 					headers
 						.defaultsDisabled()
-						.referrerPolicy()
+						.referrerPolicy(Customizer.withDefaults())
 				);
 			return http.build();
 			// @formatter:on
@@ -1150,9 +1151,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.referrerPolicy(ReferrerPolicy.SAME_ORIGIN);
+					.referrerPolicy((referrer) -> referrer.policy(ReferrerPolicy.SAME_ORIGIN)));
 			return http.build();
 			// @formatter:on
 		}
@@ -1188,9 +1189,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.featurePolicy("geolocation 'self'");
+					.featurePolicy("geolocation 'self'"));
 			return http.build();
 			// @formatter:on
 		}
@@ -1205,9 +1206,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.featurePolicy("");
+					.featurePolicy(""));
 			return http.build();
 			// @formatter:on
 		}
@@ -1222,9 +1223,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.permissionsPolicy((permissionsPolicy) -> permissionsPolicy.policy("geolocation=(self)"));
+					.permissionsPolicy((permissionsPolicy) -> permissionsPolicy.policy("geolocation=(self)")));
 			return http.build();
 			// @formatter:on
 		}
@@ -1239,10 +1240,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.permissionsPolicy()
-					.policy("geolocation=(self)");
+					.permissionsPolicy((permissions) -> permissions.policy("geolocation=(self)")));
 			return http.build();
 			// @formatter:on
 		}
@@ -1257,9 +1257,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.permissionsPolicy((permissionsPolicy) -> permissionsPolicy.policy(null));
+					.permissionsPolicy((permissionsPolicy) -> permissionsPolicy.policy(null)));
 			return http.build();
 			// @formatter:on
 		}
@@ -1274,10 +1274,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.permissionsPolicy()
-					.policy("");
+					.permissionsPolicy((permissions) -> permissions.policy("")));
 			return http.build();
 			// @formatter:on
 		}
@@ -1292,10 +1291,9 @@ public class HeadersConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpStrictTransportSecurity()
-						.preload(true);
+					.httpStrictTransportSecurity((hsts) -> hsts.preload(true)));
 			return http.build();
 			// @formatter:on
 		}
@@ -1353,16 +1351,14 @@ public class HeadersConfigurerTests {
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
-			http.headers()
-					.defaultsDisabled()
-					.crossOriginOpenerPolicy()
-						.policy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy.SAME_ORIGIN)
-						.and()
-					.crossOriginEmbedderPolicy()
-						.policy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy.REQUIRE_CORP)
-						.and()
-					.crossOriginResourcePolicy()
-						.policy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy.SAME_ORIGIN);
+			http.headers((headers) -> headers
+				.defaultsDisabled()
+				.crossOriginOpenerPolicy((opener) -> opener
+					.policy(CrossOriginOpenerPolicyHeaderWriter.CrossOriginOpenerPolicy.SAME_ORIGIN))
+				.crossOriginEmbedderPolicy((embedder) -> embedder
+					.policy(CrossOriginEmbedderPolicyHeaderWriter.CrossOriginEmbedderPolicy.REQUIRE_CORP))
+				.crossOriginResourcePolicy((resource) -> resource
+					.policy(CrossOriginResourcePolicyHeaderWriter.CrossOriginResourcePolicy.SAME_ORIGIN)));
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpBasicConfigurerTests.java

@@ -221,7 +221,7 @@ public class HttpBasicConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic();
+				.httpBasic(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -274,10 +274,9 @@ public class HttpBasicConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.httpBasic();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.httpBasic(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -299,11 +298,10 @@ public class HttpBasicConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.httpBasic()
-					.authenticationEntryPoint(ENTRY_POINT);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.httpBasic((basic) -> basic
+					.authenticationEntryPoint(ENTRY_POINT));
 			// @formatter:on
 			return http.build();
 		}
@@ -325,13 +323,11 @@ public class HttpBasicConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.httpBasic()
-					.authenticationEntryPoint(ENTRY_POINT)
-					.and()
-				.httpBasic();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.httpBasic((basic) -> basic
+					.authenticationEntryPoint(ENTRY_POINT))
+				.httpBasic(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -351,9 +347,8 @@ public class HttpBasicConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.rememberMe();
+				.httpBasic(withDefaults())
+				.rememberMe(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -397,8 +392,8 @@ public class HttpBasicConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.securityContextRepository(SECURITY_CONTEXT_REPOSITORY);
+				.httpBasic((basic) -> basic
+					.securityContextRepository(SECURITY_CONTEXT_REPOSITORY));
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityLogoutTests.java

@@ -100,9 +100,9 @@ public class HttpSecurityLogoutTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf().disable()
-				.logout()
-					.clearAuthentication(false);
+				.csrf((csrf) -> csrf.disable())
+				.logout((logout) -> logout
+					.clearAuthentication(false));
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecurityRequestMatchersTests.java

@@ -222,14 +222,12 @@ public class HttpSecurityRequestMatchersTests {
 			MvcRequestMatcher.Builder mvcMatcherBuilder = new MvcRequestMatcher.Builder(introspector);
 			// @formatter:off
 			http
-				.securityMatchers()
+				.securityMatchers((security) -> security
 					.requestMatchers(mvcMatcherBuilder.pattern("/test-1"))
 					.requestMatchers(mvcMatcherBuilder.pattern("/test-2"))
-					.requestMatchers(mvcMatcherBuilder.pattern("/test-3"))
-					.and()
-				.authorizeRequests()
-					.anyRequest().denyAll()
-					.and()
+					.requestMatchers(mvcMatcherBuilder.pattern("/test-3")))
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll())
 				.httpBasic(withDefaults());
 			// @formatter:on
 			return http.build();
@@ -240,11 +238,10 @@ public class HttpSecurityRequestMatchersTests {
 			MvcRequestMatcher.Builder mvcMatcherBuilder = new MvcRequestMatcher.Builder(introspector);
 			// @formatter:off
 			http
-				.securityMatchers()
-					.requestMatchers(mvcMatcherBuilder.pattern("/test-1"))
-					.and()
-				.authorizeRequests()
-					.anyRequest().permitAll();
+				.securityMatchers((security) -> security
+					.requestMatchers(mvcMatcherBuilder.pattern("/test-1")))
+				.authorizeRequests((requests) -> requests
+					.anyRequest().permitAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -271,9 +268,9 @@ public class HttpSecurityRequestMatchersTests {
 			// @formatter:off
 			http
 				.securityMatcher(new MvcRequestMatcher(introspector, "/path"))
-				.httpBasic().and()
-				.authorizeRequests()
-					.anyRequest().denyAll();
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -304,12 +301,11 @@ public class HttpSecurityRequestMatchersTests {
 		SecurityFilterChain filterChain(HttpSecurity http, HandlerMappingIntrospector introspector) throws Exception {
 			// @formatter:off
 			http
-				.securityMatchers()
-					.requestMatchers(new MvcRequestMatcher(introspector, "/path"))
-					.and()
-				.httpBasic().and()
-				.authorizeRequests()
-					.anyRequest().denyAll();
+				.securityMatchers((security) -> security
+					.requestMatchers(new MvcRequestMatcher(introspector, "/path")))
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -376,13 +372,12 @@ public class HttpSecurityRequestMatchersTests {
 			mvcMatcherBuilder.servletPath("/spring");
 			// @formatter:off
 			http
-				.securityMatchers()
+				.securityMatchers((security) -> security
 					.requestMatchers(mvcMatcherBuilder.pattern("/path"))
-					.requestMatchers("/never-match")
-					.and()
-				.httpBasic().and()
-				.authorizeRequests()
-					.anyRequest().denyAll();
+					.requestMatchers("/never-match"))
+				.httpBasic(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecuritySecurityMatchersNoMvcTests.java

@@ -45,6 +45,7 @@ import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.context.support.AnnotationConfigWebApplicationContext;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
  * @author Marcus Da Coregio
@@ -121,9 +122,9 @@ public class HttpSecuritySecurityMatchersNoMvcTests {
 			// @formatter:off
 			http
 				.securityMatcher("/path")
-				.httpBasic().and()
-				.authorizeHttpRequests()
-					.anyRequest().denyAll();
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((requests) -> requests
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecuritySecurityMatchersTests.java

@@ -222,14 +222,12 @@ public class HttpSecuritySecurityMatchersTests {
 		SecurityFilterChain first(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.securityMatchers()
+				.securityMatchers((security) -> security
 					.requestMatchers("/test-1")
 					.requestMatchers("/test-2")
-					.requestMatchers("/test-3")
-					.and()
-				.authorizeHttpRequests()
-					.anyRequest().denyAll()
-					.and()
+					.requestMatchers("/test-3"))
+				.authorizeHttpRequests((requests) -> requests
+					.anyRequest().denyAll())
 				.httpBasic(withDefaults());
 			// @formatter:on
 			return http.build();
@@ -239,11 +237,10 @@ public class HttpSecuritySecurityMatchersTests {
 		SecurityFilterChain second(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.securityMatchers()
-					.requestMatchers("/test-1")
-					.and()
-				.authorizeHttpRequests()
-					.anyRequest().permitAll();
+				.securityMatchers((security) -> security
+					.requestMatchers("/test-1"))
+				.authorizeHttpRequests((requests) -> requests
+					.anyRequest().permitAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -271,9 +268,9 @@ public class HttpSecuritySecurityMatchersTests {
 			// @formatter:off
 			http
 				.securityMatcher("/path")
-				.httpBasic().and()
-				.authorizeHttpRequests()
-					.anyRequest().denyAll();
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((requests) -> requests
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -301,9 +298,9 @@ public class HttpSecuritySecurityMatchersTests {
 			// @formatter:off
 			http
 				.securityMatcher("/path")
-				.httpBasic().and()
-				.authorizeHttpRequests()
-					.anyRequest().denyAll();
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((requests) -> requests
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}
@@ -364,13 +361,13 @@ public class HttpSecuritySecurityMatchersTests {
 				.servletPath("/spring");
 			// @formatter:off
 			http
-				.securityMatchers()
+				.securityMatchers((security) -> security
 					.requestMatchers(mvcMatcherBuilder.pattern("/path"))
 					.requestMatchers(mvcMatcherBuilder.pattern("/never-match"))
-					.and()
-				.httpBasic().and()
-				.authorizeHttpRequests()
-					.anyRequest().denyAll();
+				)
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((requests) -> requests
+					.anyRequest().denyAll());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/JeeConfigurerTests.java

@@ -44,6 +44,7 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.response.SecurityMockMvcResultMatchers.authenticated;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 
@@ -162,7 +163,7 @@ public class JeeConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.jee();
+				.jee(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -191,10 +192,9 @@ public class JeeConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.jee()
-					.mappableRoles("USER")
-					.and()
-				.jee();
+				.jee((jee) -> jee
+					.mappableRoles("USER"))
+				.jee(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerClearSiteDataTests.java

@@ -97,8 +97,8 @@ public class LogoutConfigurerClearSiteDataTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout()
-					.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE)));
+				.logout((logout) -> logout
+					.addLogoutHandler(new HeaderWriterLogoutHandler(new ClearSiteDataHeaderWriter(SOURCE))));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/LogoutConfigurerTests.java

@@ -56,6 +56,7 @@ import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.user;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
@@ -414,8 +415,8 @@ public class LogoutConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout()
-					.defaultLogoutSuccessHandlerFor(null, mock(RequestMatcher.class));
+				.logout((logout) -> logout
+					.defaultLogoutSuccessHandlerFor(null, mock(RequestMatcher.class)));
 			return http.build();
 			// @formatter:on
 		}
@@ -447,8 +448,8 @@ public class LogoutConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout()
-					.defaultLogoutSuccessHandlerFor(mock(LogoutSuccessHandler.class), null);
+				.logout((logout) -> logout
+					.defaultLogoutSuccessHandlerFor(mock(LogoutSuccessHandler.class), null));
 			return http.build();
 			// @formatter:on
 		}
@@ -482,7 +483,7 @@ public class LogoutConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout();
+				.logout(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -511,10 +512,9 @@ public class LogoutConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout()
-					.logoutUrl("/custom/logout")
-					.and()
-				.logout();
+				.logout((logout) -> logout
+					.logoutUrl("/custom/logout"))
+				.logout(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -534,9 +534,9 @@ public class LogoutConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
-					.disable()
-				.logout();
+				.csrf((csrf) -> csrf
+					.disable())
+				.logout(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -551,10 +551,10 @@ public class LogoutConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
-					.disable()
-				.logout()
-					.logoutUrl("/custom/logout");
+				.csrf((csrf) -> csrf
+					.disable())
+				.logout((logout) -> logout
+					.logoutUrl("/custom/logout"));
 			return http.build();
 			// @formatter:on
 		}
@@ -569,8 +569,8 @@ public class LogoutConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf()
-					.disable()
+				.csrf((csrf) -> csrf
+					.disable())
 				.logout((logout) -> logout.logoutUrl("/custom/logout"));
 			return http.build();
 			// @formatter:on
@@ -586,8 +586,8 @@ public class LogoutConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout()
-					.addLogoutHandler(null);
+				.logout((logout) -> logout
+					.addLogoutHandler(null));
 			return http.build();
 			// @formatter:on
 		}
@@ -619,8 +619,8 @@ public class LogoutConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.rememberMe()
-					.rememberMeServices(REMEMBER_ME);
+				.rememberMe((me) -> me
+					.rememberMeServices(REMEMBER_ME));
 			return http.build();
 			// @formatter:on
 		}
@@ -641,8 +641,8 @@ public class LogoutConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout()
-					.disable();
+				.logout((logout) -> logout
+					.disable());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpAnonymousTests.java

@@ -99,9 +99,9 @@ public class NamespaceHttpAnonymousTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/type").anonymous()
-					.anyRequest().denyAll();
+					.anyRequest().denyAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -116,10 +116,9 @@ public class NamespaceHttpAnonymousTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().permitAll()
-					.and()
-				.anonymous().disable();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().permitAll())
+				.anonymous((anonymous) -> anonymous.disable());
 			// @formatter:on
 			return http.build();
 		}
@@ -140,12 +139,11 @@ public class NamespaceHttpAnonymousTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/type").hasRole("ANON")
-					.anyRequest().denyAll()
-					.and()
-				.anonymous()
-					.authorities("ROLE_ANON");
+					.anyRequest().denyAll())
+				.anonymous((anonymous) -> anonymous
+					.authorities("ROLE_ANON"));
 			return http.build();
 			// @formatter:on
 		}
@@ -161,11 +159,10 @@ public class NamespaceHttpAnonymousTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/key").anonymous()
-					.anyRequest().denyAll()
-					.and()
-				.anonymous().key("AnonymousKeyConfig");
+					.anyRequest().denyAll())
+				.anonymous((anonymous) -> anonymous.key("AnonymousKeyConfig"));
 			return http.build();
 			// @formatter:on
 		}
@@ -181,11 +178,10 @@ public class NamespaceHttpAnonymousTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/principal").anonymous()
-					.anyRequest().denyAll()
-					.and()
-				.anonymous().principal("AnonymousUsernameConfig");
+					.anyRequest().denyAll())
+				.anonymous((anonymous) -> anonymous.principal("AnonymousUsernameConfig"));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpBasicTests.java

@@ -183,10 +183,9 @@ public class NamespaceHttpBasicTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.httpBasic();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.httpBasic(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -220,10 +219,9 @@ public class NamespaceHttpBasicTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.httpBasic().realmName("Custom Realm");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.httpBasic((basic) -> basic.realmName("Custom Realm"));
 			return http.build();
 			// @formatter:on
 		}
@@ -260,8 +258,8 @@ public class NamespaceHttpBasicTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.authenticationDetailsSource(this.authenticationDetailsSource);
+				.httpBasic((basic) -> basic
+					.authenticationDetailsSource(this.authenticationDetailsSource));
 			return http.build();
 			// @formatter:on
 		}
@@ -307,11 +305,10 @@ public class NamespaceHttpBasicTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.httpBasic()
-					.authenticationEntryPoint(this.authenticationEntryPoint);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.httpBasic((basic) -> basic
+					.authenticationEntryPoint(this.authenticationEntryPoint));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpCustomFilterTests.java

@@ -48,6 +48,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
  * Tests to verify that all the functionality of <custom-filter> attributes is
@@ -110,7 +111,7 @@ public class NamespaceHttpCustomFilterTests {
 			// @formatter:off
 			http
 				.addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)
-				.formLogin();
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -126,7 +127,7 @@ public class NamespaceHttpCustomFilterTests {
 			// @formatter:off
 			http
 				.addFilterAfter(new CustomFilter(), UsernamePasswordAuthenticationFilter.class)
-				.formLogin();
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -181,9 +182,8 @@ public class NamespaceHttpCustomFilterTests {
 			// @formatter:off
 			TestHttpSecurities.disableDefaults(http);
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
 				.addFilterBefore(new CustomFilter(), UsernamePasswordAuthenticationFilter.class);
 			return http.build();
 			// @formatter:on

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpExpressionHandlerTests.java

@@ -99,9 +99,9 @@ public class NamespaceHttpExpressionHandlerTests {
 			handler.setExpressionParser(expressionParser());
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.expressionHandler(handler)
-					.anyRequest().access("hasRole('USER')");
+					.anyRequest().access("hasRole('USER')"));
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpFormLoginTests.java

@@ -42,6 +42,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -124,10 +125,9 @@ public class NamespaceHttpFormLoginTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -143,16 +143,15 @@ public class NamespaceHttpFormLoginTests {
 			boolean alwaysUseDefaultSuccess = true;
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin((login) -> login
 					.usernameParameter("username") // form-login@username-parameter
 					.passwordParameter("password") // form-login@password-parameter
 					.loginPage("/authentication/login") // form-login@login-page
 					.failureUrl("/authentication/login?failed") // form-login@authentication-failure-url
 					.loginProcessingUrl("/authentication/login/process") // form-login@login-processing-url
-					.defaultSuccessUrl("/default", alwaysUseDefaultSuccess);
+					.defaultSuccessUrl("/default", alwaysUseDefaultSuccess));
 			return http.build(); // form-login@default-target-url / form-login@always-use-default-target
 			// @formatter:on
 		}
@@ -169,15 +168,13 @@ public class NamespaceHttpFormLoginTests {
 			successHandler.setDefaultTargetUrl("/custom/targetUrl");
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin((login) -> login
 					.loginPage("/login")
 					.failureHandler(new SimpleUrlAuthenticationFailureHandler("/custom/failure")) // form-login@authentication-failure-handler-ref
 					.successHandler(successHandler) // form-login@authentication-success-handler-ref
-					.authenticationDetailsSource(authenticationDetailsSource()) // form-login@authentication-details-source-ref
-					.and();
+					.authenticationDetailsSource(authenticationDetailsSource()));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpHeadersTests.java

@@ -27,6 +27,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.test.SpringTestContext;
@@ -41,6 +42,7 @@ import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.ResultMatcher;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 
@@ -161,7 +163,7 @@ public class NamespaceHttpHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers();
+				.headers(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -176,9 +178,9 @@ public class NamespaceHttpHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.cacheControl();
+					.cacheControl(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -193,9 +195,9 @@ public class NamespaceHttpHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.httpStrictTransportSecurity();
+					.httpStrictTransportSecurity(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -210,13 +212,13 @@ public class NamespaceHttpHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					// hsts@request-matcher-ref, hsts@max-age-seconds, hsts@include-subdomains
 					.defaultsDisabled()
-					.httpStrictTransportSecurity()
+					.httpStrictTransportSecurity((hsts) -> hsts
 						.requestMatcher(AnyRequestMatcher.INSTANCE)
 						.maxAgeInSeconds(15768000)
-						.includeSubDomains(false);
+						.includeSubDomains(false)));
 			return http.build();
 			// @formatter:on
 		}
@@ -231,11 +233,10 @@ public class NamespaceHttpHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					// frame-options@policy=SAMEORIGIN
 					.defaultsDisabled()
-					.frameOptions()
-						.sameOrigin();
+					.frameOptions((frameOptions) -> frameOptions.sameOrigin()));
 			return http.build();
 			// @formatter:on
 		}
@@ -250,11 +251,11 @@ public class NamespaceHttpHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					// frame-options@ref
 					.defaultsDisabled()
 					.addHeaderWriter(new XFrameOptionsHeaderWriter(
-							new StaticAllowFromStrategy(URI.create("https://example.com"))));
+						new StaticAllowFromStrategy(URI.create("https://example.com")))));
 			return http.build();
 			// @formatter:on
 		}
@@ -269,10 +270,10 @@ public class NamespaceHttpHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					// xss-protection
 					.defaultsDisabled()
-					.xssProtection();
+					.xssProtection(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -287,11 +288,11 @@ public class NamespaceHttpHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					// xss-protection@enabled and xss-protection@block
 					.defaultsDisabled()
-					.xssProtection()
-						.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK);
+					.xssProtection((xss) -> xss
+						.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK)));
 			// @formatter:on
 			return http.build();
 		}
@@ -306,10 +307,10 @@ public class NamespaceHttpHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					// content-type-options
 					.defaultsDisabled()
-					.contentTypeOptions();
+					.contentTypeOptions(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -324,9 +325,9 @@ public class NamespaceHttpHeadersTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.headers()
+				.headers((headers) -> headers
 					.defaultsDisabled()
-					.addHeaderWriter(new StaticHeadersWriter("customHeaderName", "customHeaderValue"));
+					.addHeaderWriter(new StaticHeadersWriter("customHeaderName", "customHeaderValue")));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpInterceptUrlTests.java

@@ -118,7 +118,7 @@ public class NamespaceHttpInterceptUrlTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests().requestMatchers(
+				.authorizeRequests((requests) -> requests.requestMatchers(
 					// the line below is similar to intercept-url@pattern:
 					//    <intercept-url pattern="/users**" access="hasRole('ROLE_ADMIN')"/>
 					//" access="hasRole('ROLE_ADMIN')"/>
@@ -128,14 +128,13 @@ public class NamespaceHttpInterceptUrlTests {
 					//" access="hasRole('ROLE_ADMIN')" method="POST"/>
 HttpMethod.POST, "/admin/post", "/admin/another-post/**").hasRole("ADMIN")
 					.requestMatchers("/signup").permitAll()
-					.anyRequest().hasRole("USER")
-					.and()
-				.requiresChannel().requestMatchers("/login", "/secured/**")
+					.anyRequest().hasRole("USER"))
+				.requiresChannel((channel) -> channel.requestMatchers("/login", "/secured/**")
 					// NOTE: channel security is configured separately of authorization (i.e. intercept-url@access
 					// the line below is similar to intercept-url@requires-channel="https":
 					//    <intercept-url pattern="/login" requires-channel="https"/>
 					//" requires-channel="https"/>
-				.requiresSecure().anyRequest().requiresInsecure();
+				.requiresSecure().anyRequest().requiresInsecure());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpJeeTests.java

@@ -104,11 +104,10 @@ public class NamespaceHttpJeeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("user")
-					.and()
-				.jee()
-					.mappableRoles("user", "admin");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("user"))
+				.jee((jee) -> jee
+					.mappableRoles("user", "admin"));
 			return http.build();
 			// @formatter:on
 		}
@@ -126,12 +125,11 @@ public class NamespaceHttpJeeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("user")
-					.and()
-				.jee()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("user"))
+				.jee((jee) -> jee
 					.mappableAuthorities("ROLE_user", "ROLE_admin")
-					.authenticatedUserDetailsService(this.authenticationUserDetailsService);
+					.authenticatedUserDetailsService(this.authenticationUserDetailsService));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpLogoutTests.java

@@ -196,11 +196,11 @@ public class NamespaceHttpLogoutTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout()
+				.logout((logout) -> logout
 					.deleteCookies("remove") // logout@delete-cookies
 					.invalidateHttpSession(false) // logout@invalidate-session=false (default is true)
 					.logoutUrl("/custom-logout") // logout@logout-url (default is /logout)
-					.logoutSuccessUrl("/logout-success");
+					.logoutSuccessUrl("/logout-success"));
 			return http.build(); // logout@success-url (default is /login?logout)
 			// @formatter:on
 		}
@@ -237,8 +237,8 @@ public class NamespaceHttpLogoutTests {
 			logoutSuccessHandler.setDefaultTargetUrl("/SuccessHandlerRefHttpLogoutConfig");
 			// @formatter:off
 			http
-				.logout()
-					.logoutSuccessHandler(logoutSuccessHandler);
+				.logout((logout) -> logout
+					.logoutSuccessHandler(logoutSuccessHandler));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpPortMappingsTests.java

@@ -70,15 +70,13 @@ public class NamespaceHttpPortMappingsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.portMapper()
-					.http(9080).mapsTo(9443)
-					.and()
-				.requiresChannel()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.portMapper((mapper) -> mapper
+					.http(9080).mapsTo(9443))
+				.requiresChannel((channel) -> channel
 					.requestMatchers("/login", "/secured/**").requiresSecure()
-					.anyRequest().requiresInsecure();
+					.anyRequest().requiresInsecure());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpRequestCacheTests.java

@@ -88,11 +88,10 @@ public class NamespaceHttpRequestCacheTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.requestCache()
-					.requestCache(requestCache());
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.requestCache((cache) -> cache
+					.requestCache(requestCache()));
 			// @formatter:on
 			return http.build();
 		}
@@ -117,8 +116,8 @@ public class NamespaceHttpRequestCacheTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpServerAccessDeniedHandlerTests.java

@@ -112,11 +112,10 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().denyAll()
-					.and()
-				.exceptionHandling()
-					.accessDeniedPage("/AccessDeniedPageConfig");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll())
+				.exceptionHandling((handling) -> handling
+					.accessDeniedPage("/AccessDeniedPageConfig"));
 			return http.build();
 			// @formatter:on
 		}
@@ -152,11 +151,10 @@ public class NamespaceHttpServerAccessDeniedHandlerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().denyAll()
-					.and()
-				.exceptionHandling()
-					.accessDeniedHandler(accessDeniedHandler());
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll())
+				.exceptionHandling((handling) -> handling
+					.accessDeniedHandler(accessDeniedHandler()));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceHttpX509Tests.java

@@ -54,6 +54,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.x509;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
@@ -153,10 +154,9 @@ public class NamespaceHttpX509Tests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.x509();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.x509(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -182,11 +182,10 @@ public class NamespaceHttpX509Tests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.x509()
-					.authenticationDetailsSource(authenticationDetailsSource());
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.x509((x509) -> x509
+					.authenticationDetailsSource(authenticationDetailsSource()));
 			// @formatter:on
 			return http.build();
 		}
@@ -217,11 +216,10 @@ public class NamespaceHttpX509Tests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.x509()
-					.subjectPrincipalRegex("CN=(.*?)@example.com(?:,|$)");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.x509((x509) -> x509
+					.subjectPrincipalRegex("CN=(.*?)@example.com(?:,|$)"));
 			// @formatter:on
 			return http.build();
 		}
@@ -247,11 +245,10 @@ public class NamespaceHttpX509Tests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.x509()
-					.x509PrincipalExtractor(this::extractCommonName);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.x509((x509) -> x509
+					.x509PrincipalExtractor(this::extractCommonName));
 			// @formatter:on
 			return http.build();
 		}
@@ -282,11 +279,10 @@ public class NamespaceHttpX509Tests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.x509()
-					.userDetailsService((username) -> USER);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.x509((x509) -> x509
+					.userDetailsService((username) -> USER));
 			// @formatter:on
 			return http.build();
 		}
@@ -312,11 +308,10 @@ public class NamespaceHttpX509Tests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.x509()
-					.authenticationUserDetailsService((authentication) -> USER);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.x509((x509) -> x509
+					.authenticationUserDetailsService((authentication) -> USER));
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceRememberMeTests.java

@@ -57,6 +57,7 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
@@ -287,12 +288,10 @@ public class NamespaceRememberMeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin(withDefaults())
+				.rememberMe(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -313,10 +312,9 @@ public class NamespaceRememberMeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.rememberMe()
-					.rememberMeServices(REMEMBER_ME_SERVICES);
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.rememberMeServices(REMEMBER_ME_SERVICES));
 			return http.build();
 			// @formatter:on
 		}
@@ -333,10 +331,9 @@ public class NamespaceRememberMeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.rememberMe()
-					.authenticationSuccessHandler(SUCCESS_HANDLER);
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.authenticationSuccessHandler(SUCCESS_HANDLER));
 			return http.build();
 			// @formatter:on
 		}
@@ -354,10 +351,9 @@ public class NamespaceRememberMeTests {
 			http
 				.securityMatcher(new AntPathRequestMatcher("/without-key/**"))
 				.authorizeHttpRequests((requests) -> requests.anyRequest().authenticated())
-				.formLogin()
-					.loginProcessingUrl("/without-key/login")
-					.and()
-				.rememberMe();
+				.formLogin((login) -> login
+					.loginProcessingUrl("/without-key/login"))
+				.rememberMe(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -367,13 +363,11 @@ public class NamespaceRememberMeTests {
 		SecurityFilterChain keyFilterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe()
-					.key("KeyConfig");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.key("KeyConfig"));
 			return http.build();
 			// @formatter:on
 		}
@@ -392,10 +386,9 @@ public class NamespaceRememberMeTests {
 			// tokenRepository.setDataSource(dataSource);
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.rememberMe()
-					.tokenRepository(TOKEN_REPOSITORY);
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.tokenRepository(TOKEN_REPOSITORY));
 			return http.build();
 			// @formatter:on
 		}
@@ -410,13 +403,11 @@ public class NamespaceRememberMeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe()
-					.tokenValiditySeconds(314);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.tokenValiditySeconds(314));
 			return http.build();
 			// @formatter:on
 		}
@@ -431,10 +422,9 @@ public class NamespaceRememberMeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.rememberMe()
-					.useSecureCookie(true);
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.useSecureCookie(true));
 			return http.build();
 			// @formatter:on
 		}
@@ -449,10 +439,9 @@ public class NamespaceRememberMeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.rememberMe()
-					.rememberMeParameter("rememberMe");
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.rememberMeParameter("rememberMe"));
 			return http.build();
 			// @formatter:on
 		}
@@ -467,10 +456,9 @@ public class NamespaceRememberMeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.rememberMe()
-					.rememberMeCookieName("rememberMe");
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.rememberMeCookieName("rememberMe"));
 			return http.build();
 			// @formatter:on
 		}
@@ -487,9 +475,8 @@ public class NamespaceRememberMeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.rememberMe();
+				.formLogin(withDefaults())
+				.rememberMe(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -511,10 +498,9 @@ public class NamespaceRememberMeTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.rememberMe()
-					.userDetailsService(USERDETAILS_SERVICE);
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.userDetailsService(USERDETAILS_SERVICE));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/NamespaceSessionManagementTests.java

@@ -63,6 +63,7 @@ import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.spy;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
@@ -287,18 +288,16 @@ public class NamespaceSessionManagementTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.httpBasic()
-					.and()
-				.sessionManagement()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.httpBasic(withDefaults())
+				.sessionManagement((management) -> management
 					.invalidSessionUrl("/invalid-session") // session-management@invalid-session-url
 					.sessionAuthenticationErrorUrl("/session-auth-error") // session-management@session-authentication-error-url
 					.maximumSessions(1) // session-management/concurrency-control@max-sessions
-						.maxSessionsPreventsLogin(true) // session-management/concurrency-control@error-if-maximum-exceeded
-						.expiredUrl("/expired-session") // session-management/concurrency-control@expired-url
-						.sessionRegistry(sessionRegistry());
+					.maxSessionsPreventsLogin(true) // session-management/concurrency-control@error-if-maximum-exceeded
+					.expiredUrl("/expired-session") // session-management/concurrency-control@expired-url
+					.sessionRegistry(sessionRegistry()));
 			return http.build(); // session-management/concurrency-control@session-registry-ref
 			// @formatter:on
 		}
@@ -320,8 +319,8 @@ public class NamespaceSessionManagementTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
-					.invalidSessionStrategy(invalidSessionStrategy());
+				.sessionManagement((management) -> management
+					.invalidSessionStrategy(invalidSessionStrategy()));
 			return http.build();
 			// @formatter:on
 		}
@@ -343,10 +342,9 @@ public class NamespaceSessionManagementTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
-					.sessionAuthenticationStrategy(sessionAuthenticationStrategy()) // session-management@session-authentication-strategy-ref
-					.and()
-				.httpBasic();
+				.sessionManagement((management) -> management
+					.sessionAuthenticationStrategy(sessionAuthenticationStrategy()))
+				.httpBasic(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -366,10 +364,9 @@ public class NamespaceSessionManagementTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
-					.sessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy())
-					.and()
-				.httpBasic();
+				.sessionManagement((management) -> management
+					.sessionAuthenticationStrategy(new NullAuthenticatedSessionStrategy()))
+				.httpBasic(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -384,10 +381,9 @@ public class NamespaceSessionManagementTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
-					.requireExplicitAuthenticationStrategy(false)
-					.and()
-				.httpBasic();
+				.sessionManagement((management) -> management
+					.requireExplicitAuthenticationStrategy(false))
+				.httpBasic(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -403,9 +399,9 @@ public class NamespaceSessionManagementTests {
 			// @formatter:off
 			http
 				.sessionManagement((sessions) -> sessions
-					.requireExplicitAuthenticationStrategy(false)
+						.requireExplicitAuthenticationStrategy(false)
 				)
-				.httpBasic();
+				.httpBasic(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -426,10 +422,10 @@ public class NamespaceSessionManagementTests {
 			// @formatter:off
 			http
 				.sessionManagement((sessions) -> sessions
-					.sessionFixation().newSession()
-					.requireExplicitAuthenticationStrategy(false)
+						.sessionFixation().newSession()
+						.requireExplicitAuthenticationStrategy(false)
 				)
-				.httpBasic();
+				.httpBasic(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/PermitAllSupportTests.java

@@ -100,12 +100,11 @@ public class PermitAllSupportTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin((login) -> login
 					.loginPage("/xyz").permitAll()
-					.loginProcessingUrl("/abc?def").permitAll();
+					.loginProcessingUrl("/abc?def").permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -120,12 +119,11 @@ public class PermitAllSupportTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.authorizeHttpRequests()
-						.anyRequest().authenticated()
-						.and()
-					.formLogin()
-						.loginPage("/xyz").permitAll()
-						.loginProcessingUrl("/abc?def").permitAll();
+				.authorizeHttpRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin((login) -> login
+					.loginPage("/xyz").permitAll()
+					.loginProcessingUrl("/abc?def").permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -140,15 +138,13 @@ public class PermitAllSupportTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.authorizeRequests()
-						.anyRequest().authenticated()
-						.and()
-					.authorizeHttpRequests()
-						.anyRequest().authenticated()
-						.and()
-					.formLogin()
-						.loginPage("/xyz").permitAll()
-						.loginProcessingUrl("/abc?def").permitAll();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.authorizeHttpRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin((login) -> login
+					.loginPage("/xyz").permitAll()
+					.loginProcessingUrl("/abc?def").permitAll());
 			return http.build();
 			// @formatter:on
 		}
@@ -163,8 +159,8 @@ public class PermitAllSupportTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.permitAll();
+				.formLogin((login) -> login
+					.permitAll());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/PortMapperConfigurerTests.java

@@ -32,6 +32,7 @@ import org.springframework.security.web.PortMapperImpl;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.test.web.servlet.MockMvc;
 
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl;
 
@@ -73,13 +74,11 @@ public class PortMapperConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requiresChannel()
-					.anyRequest().requiresSecure()
-					.and()
-				.portMapper()
-					.http(543).mapsTo(123)
-					.and()
-				.portMapper();
+				.requiresChannel((channel) -> channel
+					.anyRequest().requiresSecure())
+				.portMapper((mapper) -> mapper
+					.http(543).mapsTo(123))
+				.portMapper(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/RememberMeConfigurerTests.java

@@ -365,12 +365,10 @@ public class RememberMeConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin(withDefaults())
+				.rememberMe(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -398,8 +396,8 @@ public class RememberMeConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.rememberMe()
-					.userDetailsService(new AuthenticationManagerBuilder(this.objectPostProcessor).getDefaultUserDetailsService());
+				.rememberMe((me) -> me
+					.userDetailsService(new AuthenticationManagerBuilder(this.objectPostProcessor).getDefaultUserDetailsService()));
 			// @formatter:on
 			return http.build();
 		}
@@ -435,12 +433,10 @@ public class RememberMeConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.rememberMe()
-					.userDetailsService(userDetailsService)
-					.and()
-				.rememberMe();
+				.httpBasic(withDefaults())
+				.rememberMe((me) -> me
+					.userDetailsService(userDetailsService))
+				.rememberMe(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -489,12 +485,10 @@ public class RememberMeConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin(withDefaults())
+				.rememberMe(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -539,13 +533,11 @@ public class RememberMeConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe()
-					.rememberMeCookieDomain("spring.io");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.rememberMeCookieDomain("spring.io"));
 			return http.build();
 			// @formatter:on
 		}
@@ -595,15 +587,13 @@ public class RememberMeConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
 					.rememberMeCookieName("SPRING_COOKIE_DOMAIN")
 					.rememberMeCookieDomain("spring.io")
-					.rememberMeServices(REMEMBER_ME);
+					.rememberMeServices(REMEMBER_ME));
 			return http.build();
 			// @formatter:on
 		}
@@ -627,13 +617,11 @@ public class RememberMeConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().hasRole("USER")
-					.and()
-				.formLogin()
-					.and()
-				.rememberMe()
-					.rememberMeServices(new TokenBasedRememberMeServices("key", userDetailsService()));
+				.authorizeRequests((requests) -> requests
+					.anyRequest().hasRole("USER"))
+				.formLogin(withDefaults())
+				.rememberMe((me) -> me
+					.rememberMeServices(new TokenBasedRememberMeServices("key", userDetailsService())));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestCacheConfigurerTests.java

@@ -328,7 +328,7 @@ public class RequestCacheConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requestCache();
+				.requestCache(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -359,10 +359,9 @@ public class RequestCacheConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requestCache()
-					.requestCache(requestCache)
-					.and()
-				.requestCache();
+				.requestCache((cache) -> cache
+					.requestCache(requestCache))
+				.requestCache(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -377,10 +376,9 @@ public class RequestCacheConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin(withDefaults());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/RequestMatcherConfigurerTests.java

@@ -78,14 +78,12 @@ public class RequestMatcherConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.securityMatchers()
-					.requestMatchers(new AntPathRequestMatcher("/api/**"))
-					.and()
-				.securityMatchers()
-					.requestMatchers(new AntPathRequestMatcher("/oauth/**"))
-					.and()
-				.authorizeRequests()
-					.anyRequest().denyAll();
+				.securityMatchers((security) -> security
+					.requestMatchers(new AntPathRequestMatcher("/api/**")))
+				.securityMatchers((security) -> security
+					.requestMatchers(new AntPathRequestMatcher("/oauth/**")))
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SecurityContextConfigurerTests.java

@@ -152,7 +152,7 @@ public class SecurityContextConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.securityContext();
+				.securityContext(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -183,10 +183,9 @@ public class SecurityContextConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.securityContext()
-					.securityContextRepository(SCR)
-					.and()
-				.securityContext();
+				.securityContext((context) -> context
+					.securityContextRepository(SCR))
+				.securityContext(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -203,14 +202,11 @@ public class SecurityContextConfigurerTests {
 			// @formatter:off
 			http
 				.addFilter(new WebAsyncManagerIntegrationFilter())
-				.anonymous()
-					.and()
-				.securityContext()
-					.and()
-				.authorizeRequests()
-					.anyRequest().permitAll()
-					.and()
-				.httpBasic();
+				.anonymous(withDefaults())
+				.securityContext(withDefaults())
+				.authorizeRequests((requests) -> requests
+					.anyRequest().permitAll())
+				.httpBasic(withDefaults());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/ServletApiConfigurerTests.java

@@ -224,7 +224,7 @@ public class ServletApiConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.servletApi();
+				.servletApi(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -286,13 +286,11 @@ public class ServletApiConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.exceptionHandling()
-					.authenticationEntryPoint(ENTRYPOINT)
-					.and()
-				.formLogin();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.exceptionHandling((handling) -> handling
+					.authenticationEntryPoint(ENTRYPOINT))
+				.formLogin(withDefaults());
 			// @formatter:on
 			return http.build();
 		}
@@ -312,10 +310,9 @@ public class ServletApiConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.servletApi()
-					.rolePrefix("PERMISSION_")
-					.and()
-				.servletApi();
+				.servletApi((api) -> api
+					.rolePrefix("PERMISSION_"))
+				.servletApi(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -392,8 +389,8 @@ public class ServletApiConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.servletApi().and()
-				.logout();
+				.servletApi(withDefaults())
+				.logout(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -408,7 +405,7 @@ public class ServletApiConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf().disable();
+				.csrf((csrf) -> csrf.disable());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerServlet31Tests.java

@@ -45,6 +45,7 @@ import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
 import org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
  * @author Rob Winch
@@ -122,9 +123,8 @@ public class SessionManagementConfigurerServlet31Tests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.sessionManagement();
+				.formLogin(withDefaults())
+				.sessionManagement(withDefaults());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionAuthenticationStrategyTests.java

@@ -39,6 +39,7 @@ import org.springframework.test.web.servlet.MockMvc;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestBuilders.formLogin;
 
 /**
@@ -72,10 +73,9 @@ public class SessionManagementConfigurerSessionAuthenticationStrategyTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.sessionManagement()
-					.sessionAuthenticationStrategy(customSessionAuthenticationStrategy);
+				.formLogin(withDefaults())
+				.sessionManagement((management) -> management
+					.sessionAuthenticationStrategy(customSessionAuthenticationStrategy));
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerSessionCreationPolicyTests.java

@@ -93,7 +93,7 @@ public class SessionManagementConfigurerSessionCreationPolicyTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+				.sessionManagement((management) -> management.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 			// @formatter:on
 			http.setSharedObject(SessionCreationPolicy.class, SessionCreationPolicy.ALWAYS);
 			return http.build();

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java

@@ -551,11 +551,10 @@ public class SessionManagementConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.requestCache()
-					.requestCache(REQUEST_CACHE)
-					.and()
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+				.requestCache((cache) -> cache
+					.requestCache(REQUEST_CACHE))
+				.sessionManagement((management) -> management
+					.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 			return http.build();
 			// @formatter:on
 		}
@@ -572,11 +571,10 @@ public class SessionManagementConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.securityContext()
-					.securityContextRepository(SECURITY_CONTEXT_REPO)
-					.and()
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+				.securityContext((context) -> context
+					.securityContextRepository(SECURITY_CONTEXT_REPO))
+				.sessionManagement((management) -> management
+					.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
 			return http.build();
 			// @formatter:on
 		}
@@ -591,10 +589,9 @@ public class SessionManagementConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-					.and()
-				.sessionManagement();
+				.sessionManagement((management) -> management
+					.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+				.sessionManagement(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -609,11 +606,10 @@ public class SessionManagementConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic()
-					.and()
-				.sessionManagement()
+				.httpBasic(withDefaults())
+				.sessionManagement((management) -> management
 					.sessionFixation().none()
-					.maximumSessions(1);
+					.maximumSessions(1));
 			// @formatter:on
 			return http.build();
 		}
@@ -658,11 +654,10 @@ public class SessionManagementConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.formLogin()
-					.and()
-				.sessionManagement()
+				.formLogin(withDefaults())
+				.sessionManagement((management) -> management
 					.maximumSessions(1)
-					.maxSessionsPreventsLogin(true);
+					.maxSessionsPreventsLogin(true));
 			// @formatter:on
 			return http.build();
 		}
@@ -766,8 +761,8 @@ public class SessionManagementConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
-					.maximumSessions(1);
+				.sessionManagement((management) -> management
+					.maximumSessions(1));
 			return http.build();
 			// @formatter:on
 		}
@@ -818,8 +813,8 @@ public class SessionManagementConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
-				.maximumSessions(1);
+				.sessionManagement((management) -> management
+					.maximumSessions(1));
 			return http.build();
 			// @formatter:on
 		}
@@ -843,8 +838,8 @@ public class SessionManagementConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
-				.maximumSessions(1);
+				.sessionManagement((management) -> management
+					.maximumSessions(1));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTransientAuthenticationTests.java

@@ -72,7 +72,7 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.csrf().disable()
+				.csrf((csrf) -> csrf.disable())
 				.authenticationProvider(new TransientAuthenticationProvider());
 			// @formatter:on
 			return http.build();
@@ -88,7 +88,7 @@ public class SessionManagementConfigurerTransientAuthenticationTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
+				.sessionManagement((management) -> management.sessionCreationPolicy(SessionCreationPolicy.ALWAYS));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurerTests.java

@@ -49,6 +49,7 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.springframework.security.config.Customizer.withDefaults;
 
 /**
  * @author Rob Winch
@@ -135,9 +136,9 @@ public class UrlAuthorizationConfigurerTests {
 				HandlerMappingIntrospector introspector) throws Exception {
 			// @formatter:off
 			http
-				.httpBasic().and()
+				.httpBasic(withDefaults())
 				.apply(new UrlAuthorizationConfigurer(context)).getRegistry()
-					.requestMatchers(new MvcRequestMatcher(introspector, "/path")).hasRole("ADMIN");
+				.requestMatchers(new MvcRequestMatcher(introspector, "/path")).hasRole("ADMIN");
 			// @formatter:on
 			return http.build();
 		}
@@ -171,9 +172,9 @@ public class UrlAuthorizationConfigurerTests {
 			mvcRequestMatcher.setServletPath("/spring");
 			// @formatter:off
 			http
-				.httpBasic().and()
+				.httpBasic(withDefaults())
 				.apply(new UrlAuthorizationConfigurer(context)).getRegistry()
-					.requestMatchers(mvcRequestMatcher).hasRole("ADMIN");
+				.requestMatchers(mvcRequestMatcher).hasRole("ADMIN");
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationsTests.java

@@ -141,13 +141,13 @@ public class UrlAuthorizationsTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/role-user-authority").hasAnyAuthority("ROLE_USER")
 					.requestMatchers("/role-admin-authority").hasAnyAuthority("ROLE_ADMIN")
 					.requestMatchers("/role-user-admin-authority").hasAnyAuthority("ROLE_USER", "ROLE_ADMIN")
 					.requestMatchers("/role-user").hasAnyRole("USER")
 					.requestMatchers("/role-admin").hasAnyRole("ADMIN")
-					.requestMatchers("/role-user-admin").hasAnyRole("USER", "ADMIN");
+					.requestMatchers("/role-user-admin").hasAnyRole("USER", "ADMIN"));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/X509ConfigurerTests.java

@@ -199,7 +199,7 @@ public class X509ConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.x509();
+				.x509(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -228,10 +228,9 @@ public class X509ConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.x509()
-					.subjectPrincipalRegex("CN=(.*?)@example.com(?:,|$)")
-					.and()
-				.x509();
+				.x509((x509) -> x509
+					.subjectPrincipalRegex("CN=(.*?)@example.com(?:,|$)"))
+				.x509(withDefaults());
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurerTests.java

@@ -354,17 +354,15 @@ public class OAuth2ClientConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.requestCache()
-					.requestCache(requestCache)
-					.and()
-				.oauth2Client()
-					.authorizationCodeGrant()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.requestCache((cache) -> cache
+					.requestCache(requestCache))
+				.oauth2Client((client) -> client
+					.authorizationCodeGrant((code) -> code
 						.authorizationRequestResolver(authorizationRequestResolver)
 						.authorizationRedirectStrategy(authorizationRedirectStrategy)
-						.accessTokenResponseClient(accessTokenResponseClient);
+						.accessTokenResponseClient(accessTokenResponseClient)));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurerTests.java

@@ -44,6 +44,7 @@ import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -118,6 +119,7 @@ import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoInteractions;
+import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.config.annotation.SecurityContextChangedListenerArgumentMatchers.setAuthentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.authentication;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
@@ -780,9 +782,9 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login()
+				.oauth2Login((login) -> login
 					.clientRegistrationRepository(
-						new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION));
+						new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION)));
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -805,10 +807,9 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login()
-					.clientRegistrationRepository(this.clientRegistrationRepository)
-					.and()
-				.formLogin();
+				.oauth2Login((login) -> login
+					.clientRegistrationRepository(this.clientRegistrationRepository))
+				.formLogin(withDefaults());
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -850,11 +851,11 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login()
+				.oauth2Login((login) -> login
 					.clientRegistrationRepository(
-							new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
-					.userInfoEndpoint()
-						.userAuthoritiesMapper(createGrantedAuthoritiesMapper());
+						new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
+					.userInfoEndpoint((info) -> info
+						.userAuthoritiesMapper(createGrantedAuthoritiesMapper())));
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -869,7 +870,7 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login();
+				.oauth2Login(withDefaults());
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -894,15 +895,13 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.securityContext()
-					.securityContextRepository(securityContextRepository())
-					.and()
-				.oauth2Login()
-					.tokenEndpoint()
-						.accessTokenResponseClient(createOauth2AccessTokenResponseClient());
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.securityContext((context) -> context
+					.securityContextRepository(securityContextRepository()))
+				.oauth2Login((login) -> login
+					.tokenEndpoint((token) -> token
+						.accessTokenResponseClient(createOauth2AccessTokenResponseClient())));
 			return http.build();
 			// @formatter:on
 		}
@@ -947,10 +946,10 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login()
+				.oauth2Login((login) -> login
 					.clientRegistrationRepository(
 						new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
-					.loginProcessingUrl("/login/oauth2/*");
+					.loginProcessingUrl("/login/oauth2/*"));
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -970,10 +969,10 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login()
+				.oauth2Login((login) -> login
 					.clientRegistrationRepository(this.clientRegistrationRepository)
-					.authorizationEndpoint()
-						.authorizationRequestResolver(this.resolver);
+					.authorizationEndpoint((authorize) -> authorize
+						.authorizationRequestResolver(this.resolver)));
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -991,9 +990,9 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.oauth2Login()
+				.oauth2Login((login) -> login
 					.clientRegistrationRepository(this.clientRegistrationRepository)
-					.authorizationEndpoint();
+					.authorizationEndpoint(Customizer.withDefaults()));
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -1106,10 +1105,10 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.oauth2Login()
+				.oauth2Login((login) -> login
 					.clientRegistrationRepository(
-							new InMemoryClientRegistrationRepository(
-									GOOGLE_CLIENT_REGISTRATION, GITHUB_CLIENT_REGISTRATION));
+						new InMemoryClientRegistrationRepository(
+							GOOGLE_CLIENT_REGISTRATION, GITHUB_CLIENT_REGISTRATION)));
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -1124,10 +1123,10 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.oauth2Login()
+				.oauth2Login((login) -> login
 					.clientRegistrationRepository(
-							new InMemoryClientRegistrationRepository(
-									GOOGLE_CLIENT_REGISTRATION, CLIENT_CREDENTIALS_REGISTRATION));
+						new InMemoryClientRegistrationRepository(
+							GOOGLE_CLIENT_REGISTRATION, CLIENT_CREDENTIALS_REGISTRATION)));
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -1142,10 +1141,10 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.oauth2Login()
+				.oauth2Login((login) -> login
 					.clientRegistrationRepository(
-							new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
-					.loginPage("/custom-login");
+						new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
+					.loginPage("/custom-login"));
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -1180,8 +1179,8 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.logout()
-					.logoutSuccessHandler(oidcLogoutSuccessHandler());
+				.logout((logout) -> logout
+					.logoutSuccessHandler(oidcLogoutSuccessHandler()));
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -1209,11 +1208,10 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login()
+				.oauth2Login((login) -> login
 					.clientRegistrationRepository(
-							new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
-					.and()
-				.httpBasic();
+						new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION)))
+				.httpBasic(withDefaults());
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -1254,14 +1252,13 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2Login()
+				.oauth2Login((login) -> login
 					.clientRegistrationRepository(
-							new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION))
-					.and()
-				.exceptionHandling()
+						new InMemoryClientRegistrationRepository(GOOGLE_CLIENT_REGISTRATION)))
+				.exceptionHandling((handling) -> handling
 					.defaultAuthenticationEntryPointFor(
-							new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
-							new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
+						new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
+						new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")));
 			// @formatter:on
 			return super.configureFilterChain(http);
 		}
@@ -1312,19 +1309,16 @@ public class OAuth2LoginConfigurerTests {
 		SecurityFilterChain configureFilterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.securityContext()
-					.securityContextRepository(securityContextRepository())
-					.and()
-				.oauth2Login()
-					.tokenEndpoint()
-						.accessTokenResponseClient(createOauth2AccessTokenResponseClient())
-						.and()
-					.userInfoEndpoint()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.securityContext((context) -> context
+					.securityContextRepository(securityContextRepository()))
+				.oauth2Login((login) -> login
+					.tokenEndpoint((token) -> token
+						.accessTokenResponseClient(createOauth2AccessTokenResponseClient()))
+					.userInfoEndpoint((info) -> info
 						.userService(createOauth2UserService())
-						.oidcUserService(createOidcUserService());
+						.oidcUserService(createOidcUserService())));
 			// @formatter:on
 			return http.build();
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurerTests.java

@@ -82,10 +82,10 @@ import org.springframework.security.authentication.AuthenticationManagerResolver
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.ObjectPostProcessor;
 import org.springframework.security.config.annotation.SecurityContextChangedListenerConfig;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -163,7 +163,6 @@ import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.BDDMockito.given;
 import static org.mockito.Mockito.atLeastOnce;
 import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
@@ -815,15 +814,16 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void getJwtDecoderWhenConfiguredWithDecoderAndJwkSetUriThenLastOneWins() {
 		ApplicationContext context = mock(ApplicationContext.class);
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
 		JwtDecoder decoder = mock(JwtDecoder.class);
-		jwtConfigurer.jwkSetUri(JWK_SET_URI);
-		jwtConfigurer.decoder(decoder);
-		assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder);
-		jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		jwtConfigurer.decoder(decoder);
-		jwtConfigurer.jwkSetUri(JWK_SET_URI);
-		assertThat(jwtConfigurer.getJwtDecoder()).isInstanceOf(NimbusJwtDecoder.class);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).jwt((jwt) -> {
+			jwt.jwkSetUri(JWK_SET_URI);
+			jwt.decoder(decoder);
+			assertThat(jwt.getJwtDecoder()).isEqualTo(decoder);
+		});
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).jwt((jwt) -> {
+			jwt.decoder(decoder).jwkSetUri(JWK_SET_URI);
+			assertThat(jwt.getJwtDecoder()).isInstanceOf(NimbusJwtDecoder.class);
+		});
 	}
 
 	@Test
@@ -832,9 +832,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		JwtDecoder decoder = mock(JwtDecoder.class);
 		ApplicationContext context = mock(ApplicationContext.class);
 		given(context.getBean(JwtDecoder.class)).willReturn(decoderBean);
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		jwtConfigurer.decoder(decoder);
-		assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).jwt((jwt) -> {
+			jwt.decoder(decoder);
+			assertThat(jwt.getJwtDecoder()).isEqualTo(decoder);
+		});
 	}
 
 	@Test
@@ -842,10 +843,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		JwtDecoder decoder = mock(JwtDecoder.class);
 		ApplicationContext context = mock(ApplicationContext.class);
 		given(context.getBean(JwtDecoder.class)).willReturn(decoder);
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		jwtConfigurer.jwkSetUri(JWK_SET_URI);
-		assertThat(jwtConfigurer.getJwtDecoder()).isNotEqualTo(decoder);
-		assertThat(jwtConfigurer.getJwtDecoder()).isInstanceOf(NimbusJwtDecoder.class);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).jwt((jwt) -> {
+			jwt.jwkSetUri(JWK_SET_URI);
+			assertThat(jwt.getJwtDecoder()).isNotEqualTo(decoder);
+			assertThat(jwt.getJwtDecoder()).isInstanceOf(NimbusJwtDecoder.class);
+		});
 	}
 
 	@Test
@@ -856,9 +858,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean("decoderOne", JwtDecoder.class, () -> decoderBean);
 		context.registerBean("decoderTwo", JwtDecoder.class, () -> decoderBean);
 		this.spring.context(context).autowire();
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		jwtConfigurer.decoder(decoder);
-		assertThat(jwtConfigurer.getJwtDecoder()).isEqualTo(decoder);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).jwt((jwt) -> {
+			jwt.decoder(decoder);
+			assertThat(jwt.getJwtDecoder()).isEqualTo(decoder);
+		});
 	}
 
 	@Test
@@ -868,8 +871,9 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean("decoderOne", JwtDecoder.class, () -> decoder);
 		context.registerBean("decoderTwo", JwtDecoder.class, () -> decoder);
 		this.spring.context(context).autowire();
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		assertThatExceptionOfType(NoUniqueBeanDefinitionException.class).isThrownBy(jwtConfigurer::getJwtDecoder);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context)
+			.jwt((jwt) -> assertThatExceptionOfType(NoUniqueBeanDefinitionException.class)
+				.isThrownBy(jwt::getJwtDecoder));
 	}
 
 	@Test
@@ -1152,19 +1156,19 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void getIntrospectionClientWhenConfiguredWithClientAndIntrospectionUriThenLastOneWins() {
 		ApplicationContext context = mock(ApplicationContext.class);
-		OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer(
-				context)
-			.opaqueToken();
 		OpaqueTokenIntrospector client = mock(OpaqueTokenIntrospector.class);
-		opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI);
-		opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
-		opaqueTokenConfigurer.introspector(client);
-		assertThat(opaqueTokenConfigurer.getIntrospector()).isEqualTo(client);
-		opaqueTokenConfigurer = new OAuth2ResourceServerConfigurer(context).opaqueToken();
-		opaqueTokenConfigurer.introspector(client);
-		opaqueTokenConfigurer.introspectionUri(INTROSPECTION_URI);
-		opaqueTokenConfigurer.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
-		assertThat(opaqueTokenConfigurer.getIntrospector()).isNotSameAs(client);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).opaqueToken((opaqueToken) -> {
+			opaqueToken.introspectionUri(INTROSPECTION_URI);
+			opaqueToken.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
+			opaqueToken.introspector(client);
+			assertThat(opaqueToken.getIntrospector()).isEqualTo(client);
+		});
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).opaqueToken((opaqueToken) -> {
+			opaqueToken.introspector(client);
+			opaqueToken.introspectionUri(INTROSPECTION_URI);
+			opaqueToken.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
+			assertThat(opaqueToken.getIntrospector()).isNotSameAs(client);
+		});
 	}
 
 	@Test
@@ -1172,11 +1176,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		GenericApplicationContext context = new GenericApplicationContext();
 		registerMockBean(context, "introspectionClientOne", OpaqueTokenIntrospector.class);
 		registerMockBean(context, "introspectionClientTwo", OpaqueTokenIntrospector.class);
-		OAuth2ResourceServerConfigurer.OpaqueTokenConfigurer opaqueToken = new OAuth2ResourceServerConfigurer(context)
-			.opaqueToken();
-		opaqueToken.introspectionUri(INTROSPECTION_URI);
-		opaqueToken.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
-		assertThat(opaqueToken.getIntrospector()).isNotNull();
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).opaqueToken((opaqueToken) -> {
+			opaqueToken.introspectionUri(INTROSPECTION_URI);
+			opaqueToken.introspectionClientCredentials(CLIENT_ID, CLIENT_SECRET);
+			assertThat(opaqueToken.getIntrospector()).isNotNull();
+		});
 	}
 
 	@Test
@@ -1263,17 +1267,16 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void getAuthenticationManagerWhenConfiguredAuthenticationManagerThenTakesPrecedence() {
 		ApplicationContext context = mock(ApplicationContext.class);
-		HttpSecurityBuilder http = mock(HttpSecurityBuilder.class);
-		OAuth2ResourceServerConfigurer oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context);
+		OAuth2ResourceServerConfigurer<HttpSecurity> oauth2ResourceServer = new OAuth2ResourceServerConfigurer<>(
+				context);
 		AuthenticationManager authenticationManager = mock(AuthenticationManager.class);
-		oauth2ResourceServer.jwt().authenticationManager(authenticationManager).decoder(mock(JwtDecoder.class));
-		assertThat(oauth2ResourceServer.getAuthenticationManager(http)).isSameAs(authenticationManager);
-		oauth2ResourceServer = new OAuth2ResourceServerConfigurer(context);
-		oauth2ResourceServer.opaqueToken()
-			.authenticationManager(authenticationManager)
-			.introspector(mock(OpaqueTokenIntrospector.class));
-		assertThat(oauth2ResourceServer.getAuthenticationManager(http)).isSameAs(authenticationManager);
-		verify(http, never()).authenticationProvider(any(AuthenticationProvider.class));
+		oauth2ResourceServer
+			.jwt((jwt) -> jwt.authenticationManager(authenticationManager).decoder(mock(JwtDecoder.class)));
+		assertThat(oauth2ResourceServer.getAuthenticationManager(null)).isSameAs(authenticationManager);
+		oauth2ResourceServer = new OAuth2ResourceServerConfigurer<>(context);
+		oauth2ResourceServer.opaqueToken((opaqueToken) -> opaqueToken.authenticationManager(authenticationManager)
+			.introspector(mock(OpaqueTokenIntrospector.class)));
+		assertThat(oauth2ResourceServer.getAuthenticationManager(null)).isSameAs(authenticationManager);
 	}
 
 	@Test
@@ -1343,8 +1346,9 @@ public class OAuth2ResourceServerConfigurerTests {
 	@Test
 	public void getJwtAuthenticationConverterWhenNoConverterSpecifiedThenTheDefaultIsUsed() {
 		ApplicationContext context = this.spring.context(new GenericWebApplicationContext()).getContext();
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isInstanceOf(JwtAuthenticationConverter.class);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context)
+			.jwt((jwt) -> assertThat(jwt.getJwtAuthenticationConverter())
+				.isInstanceOf(JwtAuthenticationConverter.class));
 	}
 
 	@Test
@@ -1353,8 +1357,8 @@ public class OAuth2ResourceServerConfigurerTests {
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.registerBean(JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converterBean);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context)
+			.jwt((jwt) -> assertThat(jwt.getJwtAuthenticationConverter()).isEqualTo(converterBean));
 	}
 
 	@Test
@@ -1364,9 +1368,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		GenericWebApplicationContext context = new GenericWebApplicationContext();
 		context.registerBean(JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		jwtConfigurer.jwtAuthenticationConverter(converter);
-		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).jwt((jwt) -> {
+			jwt.jwtAuthenticationConverter(converter);
+			assertThat(jwt.getJwtAuthenticationConverter()).isEqualTo(converter);
+		});
 	}
 
 	@Test
@@ -1377,9 +1382,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean("converterOne", JwtAuthenticationConverter.class, () -> converterBean);
 		context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		jwtConfigurer.jwtAuthenticationConverter(converter);
-		assertThat(jwtConfigurer.getJwtAuthenticationConverter()).isEqualTo(converter);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).jwt((jwt) -> {
+			jwt.jwtAuthenticationConverter(converter);
+			assertThat(jwt.getJwtAuthenticationConverter()).isEqualTo(converter);
+		});
 	}
 
 	@Test
@@ -1389,9 +1395,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		context.registerBean("converterOne", JwtAuthenticationConverter.class, () -> converterBean);
 		context.registerBean("converterTwo", JwtAuthenticationConverter.class, () -> converterBean);
 		this.spring.context(context).autowire();
-		OAuth2ResourceServerConfigurer.JwtConfigurer jwtConfigurer = new OAuth2ResourceServerConfigurer(context).jwt();
-		assertThatExceptionOfType(NoUniqueBeanDefinitionException.class)
-			.isThrownBy(jwtConfigurer::getJwtAuthenticationConverter);
+		new OAuth2ResourceServerConfigurer<HttpSecurity>(context).jwt((jwt) -> {
+			assertThatExceptionOfType(NoUniqueBeanDefinitionException.class)
+				.isThrownBy(jwt::getJwtAuthenticationConverter);
+		});
 	}
 
 	@Test
@@ -1550,12 +1557,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/requires-read-scope").access("hasAuthority('SCOPE_message:read')")
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1600,14 +1606,12 @@ public class OAuth2ResourceServerConfigurerTests {
 			DefaultBearerTokenResolver defaultBearerTokenResolver = new DefaultBearerTokenResolver();
 			defaultBearerTokenResolver.setAllowUriQueryParameter(true);
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/requires-read-scope").access("hasAuthority('SCOPE_message:read')")
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
 					.bearerTokenResolver(defaultBearerTokenResolver)
-					.jwt()
-						.jwkSetUri(this.jwkSetUri);
+					.jwt((jwt) -> jwt.jwkSetUri(this.jwkSetUri)));
 			return http.build();
 			// @formatter:on
 		}
@@ -1656,14 +1660,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/requires-read-scope").access("hasAuthority('SCOPE_message:read')")
-					.anyRequest().authenticated()
-					.and()
-				.csrf().disable()
-				.oauth2ResourceServer()
-					.jwt()
-						.jwkSetUri(this.jwkSetUri);
+					.anyRequest().authenticated())
+				.csrf((csrf) -> csrf.disable())
+				.oauth2ResourceServer((server) -> server
+					.jwt((jwt) -> jwt.jwkSetUri(this.jwkSetUri)));
 			return http.build();
 			// @formatter:on
 		}
@@ -1678,12 +1680,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.anonymous().disable()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.anonymous((anonymous) -> anonymous.disable())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1699,11 +1700,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1718,10 +1718,9 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer(withDefaults());
 			return http.build();
 			// @formatter:on
 		}
@@ -1736,12 +1735,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
 					.authenticationEntryPoint(authenticationEntryPoint())
-					.jwt();
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1762,12 +1760,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().denyAll()
-					.and()
-				.oauth2ResourceServer()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll())
+				.oauth2ResourceServer((server) -> server
 					.accessDeniedHandler(accessDeniedHandler())
-					.jwt();
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1788,16 +1785,13 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().denyAll()
-					.and()
-				.exceptionHandling()
-					.defaultAccessDeniedHandlerFor(new AccessDeniedHandlerImpl(), (request) -> false)
-					.and()
-				.httpBasic()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().denyAll())
+				.exceptionHandling((handling) -> handling
+					.defaultAccessDeniedHandlerFor(new AccessDeniedHandlerImpl(), (request) -> false))
+				.httpBasic(withDefaults())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1826,12 +1820,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt()
-						.jwtAuthenticationConverter(getJwtAuthenticationConverter());
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt((jwt) -> jwt
+						.jwtAuthenticationConverter(getJwtAuthenticationConverter())));
 			return http.build();
 			// @formatter:on
 		}
@@ -1851,12 +1844,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.requestMatchers("/requires-read-scope").access("hasAuthority('message:read')")
-					.and()
-				.oauth2ResourceServer()
-					.jwt()
-						.jwtAuthenticationConverter(getJwtAuthenticationConverter());
+				.authorizeRequests((requests) -> requests
+					.requestMatchers("/requires-read-scope").access("hasAuthority('message:read')"))
+				.oauth2ResourceServer((server) -> server
+					.jwt((jwt) -> jwt
+						.jwtAuthenticationConverter(getJwtAuthenticationConverter())));
 			return http.build();
 			// @formatter:on
 		}
@@ -1878,13 +1870,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.httpBasic()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.httpBasic(withDefaults())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1911,13 +1901,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.formLogin()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.formLogin(withDefaults())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1957,11 +1945,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build(); // missing key configuration, e.g. jwkSetUri
 			// @formatter:on
 		}
@@ -1976,11 +1963,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.sessionManagement()
-					.sessionCreationPolicy(SessionCreationPolicy.ALWAYS)
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.sessionManagement((management) -> management
+					.sessionCreationPolicy(SessionCreationPolicy.ALWAYS))
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -1995,12 +1981,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
 					.bearerTokenResolver(allowRequestBody())
-					.jwt();
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2021,11 +2006,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2047,11 +2031,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2115,12 +2098,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt()
-						.decoder(decoder());
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt((jwt) -> jwt.decoder(decoder())));
 			return http.build();
 			// @formatter:on
 		}
@@ -2170,11 +2151,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2194,12 +2174,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt()
-						.authenticationManager(authenticationProvider()::authenticate);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt((jwt) -> jwt
+						.authenticationManager(authenticationProvider()::authenticate)));
 			return http.build();
 			// @formatter:on
 		}
@@ -2260,8 +2239,8 @@ public class OAuth2ResourceServerConfigurerTests {
 			this.jwtDecoder.setJwtValidator(this.jwtValidator);
 			// @formatter:off
 			http
-				.oauth2ResourceServer()
-					.jwt();
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2288,8 +2267,8 @@ public class OAuth2ResourceServerConfigurerTests {
 			this.jwtDecoder.setJwtValidator(jwtValidator);
 			// @formatter:off
 			http
-				.oauth2ResourceServer()
-					.jwt();
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2312,8 +2291,8 @@ public class OAuth2ResourceServerConfigurerTests {
 			this.jwtDecoder.setJwtValidator(jwtValidator);
 			// @formatter:off
 			http
-				.oauth2ResourceServer()
-					.jwt();
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 		}
 	}
@@ -2333,11 +2312,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2359,11 +2337,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2389,12 +2366,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/requires-read-scope").hasAuthority("SCOPE_message:read")
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.opaqueToken();
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.opaqueToken(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2433,12 +2409,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.opaqueToken()
-						.authenticationManager(authenticationProvider()::authenticate);
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.opaqueToken((opaqueToken) -> opaqueToken
+						.authenticationManager(authenticationProvider()::authenticate)));
 			return http.build();
 			// @formatter:on
 		}
@@ -2523,10 +2498,9 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.oauth2ResourceServer()
-					.jwt()
-						.and()
-					.opaqueToken();
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults())
+					.opaqueToken(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2541,12 +2515,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
-					.opaqueToken()
-						.introspectionUri("https://idp.example.com");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.opaqueToken((opaqueToken) -> opaqueToken
+						.introspectionUri("https://idp.example.com")));
 			return http.build(); // missing credentials
 			// @formatter:on
 		}
@@ -2561,11 +2534,10 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-					.oauth2ResourceServer()
-					.jwt();
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.jwt(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2605,9 +2577,8 @@ public class OAuth2ResourceServerConfigurerTests {
 					issuerOne, issuerTwo);
 			// @formatter:off
 			http
-				.oauth2ResourceServer()
-					.authenticationManagerResolver(authenticationManagerResolver)
-					.and()
+				.oauth2ResourceServer((server) -> server
+					.authenticationManagerResolver(authenticationManagerResolver))
 				.anonymous(AbstractHttpConfigurer::disable);
 			return http.build();
 			// @formatter:on
@@ -2623,12 +2594,11 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().authenticated()
-					.and()
-				.oauth2ResourceServer()
+				.authorizeRequests((requests) -> requests
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
 					.authenticationManagerResolver(mock(AuthenticationManagerResolver.class))
-					.opaqueToken();
+					.opaqueToken(Customizer.withDefaults()));
 			return http.build();
 			// @formatter:on
 		}
@@ -2644,13 +2614,12 @@ public class OAuth2ResourceServerConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-					.authorizeRequests()
+				.authorizeRequests((requests) -> requests
 					.requestMatchers("/requires-read-scope").hasAuthority("SCOPE_message:read")
-					.anyRequest().authenticated()
-					.and()
-					.oauth2ResourceServer()
-					.opaqueToken()
-					.authenticationConverter(authenticationConverter());
+					.anyRequest().authenticated())
+				.oauth2ResourceServer((server) -> server
+					.opaqueToken((opaqueToken) -> opaqueToken
+						.authenticationConverter(authenticationConverter())));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LoginConfigurerTests.java

@@ -486,7 +486,7 @@ public class Saml2LoginConfigurerTests {
 
 		@Bean
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
-			http.saml2Login().authenticationManager(getAuthenticationManagerMock("ROLE_AUTH_MANAGER"));
+			http.saml2Login((login) -> login.authenticationManager(getAuthenticationManagerMock("ROLE_AUTH_MANAGER")));
 			return http.build();
 		}
 

config/src/test/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurerTests.java

@@ -591,7 +591,7 @@ public class Saml2LogoutConfigurerTests {
 				.logout((logout) -> logout.logoutSuccessHandler(this.mockLogoutSuccessHandler))
 				.saml2Login(withDefaults())
 				.saml2Logout(withDefaults())
-				.csrf().disable();
+				.csrf((csrf) -> csrf.disable());
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/core/GrantedAuthorityDefaultsJcTests.java

@@ -165,8 +165,8 @@ public class GrantedAuthorityDefaultsJcTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.authorizeRequests()
-					.anyRequest().access("hasRole('USER')");
+				.authorizeRequests((requests) -> requests
+					.anyRequest().access("hasRole('USER')"));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomConfigurer.java

@@ -43,16 +43,16 @@ public class CustomConfigurer extends SecurityConfigurerAdapter<DefaultSecurityF
 		context.getAutowireCapableBeanFactory().autowireBean(this);
 		// @formatter:off
 		http
-			.authorizeRequests()
+			.authorizeRequests((requests) -> requests
 				.requestMatchers(new AntPathRequestMatcher(this.permitAllPattern)).permitAll()
-				.anyRequest().authenticated();
+				.anyRequest().authenticated());
 		// @formatter:on
 		if (http.getConfigurer(FormLoginConfigurer.class) == null) {
 			// only apply if formLogin() was not invoked by the user
 			// @formatter:off
 			http
-				.formLogin()
-					.loginPage(this.loginPage);
+				.formLogin((login) -> login
+					.loginPage(this.loginPage));
 			// @formatter:on
 		}
 	}

config/src/test/java/org/springframework/security/config/http/customconfigurer/CustomHttpSecurityConfigurerTests.java

@@ -32,6 +32,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.mock.web.MockFilterChain;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.FilterChainProxy;
@@ -144,11 +145,10 @@ public class CustomHttpSecurityConfigurerTests {
 		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 			// @formatter:off
 			http
-				.apply(CustomConfigurer.customConfigurer())
-					.and()
-				.csrf().disable()
-				.formLogin()
-					.loginPage("/other");
+				.with(CustomConfigurer.customConfigurer(), Customizer.withDefaults())
+				.csrf((csrf) -> csrf.disable())
+				.formLogin((login) -> login
+					.loginPage("/other"));
 			return http.build();
 			// @formatter:on
 		}

config/src/test/kotlin/org/springframework/security/config/annotation/web/CorsDslTests.kt

@@ -24,6 +24,7 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 import org.springframework.http.HttpHeaders
+import org.springframework.security.config.Customizer.withDefaults
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
 import org.springframework.security.config.test.SpringTestContext
@@ -128,7 +129,7 @@ class CorsDslTests {
     open class CorsDisabledConfig {
         @Bean
         open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
-            http.cors()
+            http.cors(withDefaults())
             http {
                 cors {
                     disable()

config/src/test/kotlin/org/springframework/security/config/annotation/web/FormLoginDslTests.kt

@@ -25,6 +25,7 @@ import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.Customizer.withDefaults
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
@@ -127,7 +128,7 @@ class FormLoginDslTests {
     open class DisabledConfig {
         @Bean
         open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
-            http.formLogin()
+            http.formLogin(withDefaults())
             http {
                 formLogin {
                     disable()