diff --git a/config/src/main/java/org/springframework/security/config/http/AuthorizationFilterParser.java b/config/src/main/java/org/springframework/security/config/http/AuthorizationFilterParser.java
index 3baac94204..5f8b97f0da 100644
--- a/config/src/main/java/org/springframework/security/config/http/AuthorizationFilterParser.java
+++ b/config/src/main/java/org/springframework/security/config/http/AuthorizationFilterParser.java
@@ -34,7 +34,6 @@ import org.springframework.beans.factory.xml.AbstractBeanDefinitionParser;
 import org.springframework.beans.factory.xml.BeanDefinitionParser;
 import org.springframework.beans.factory.xml.ParserContext;
 import org.springframework.beans.factory.xml.XmlReaderContext;
-import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.authorization.ObservationAuthorizationManager;
 import org.springframework.security.config.Elements;
@@ -43,7 +42,6 @@ import org.springframework.security.web.access.expression.WebExpressionAuthoriza
 import org.springframework.security.web.access.intercept.AuthorizationFilter;
 import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
 import org.springframework.security.web.access.intercept.RequestMatcherDelegatingAuthorizationManager;
-import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.StringUtils;
 import org.springframework.util.xml.DomUtils;
@@ -197,8 +195,7 @@ class AuthorizationFilterParser implements BeanDefinitionParser {
 					.entrySet()) {
 				builder.add(entry.getKey(), entry.getValue());
 			}
-			AuthorizationManager<HttpServletRequest> manager = builder
-					.add(AnyRequestMatcher.INSTANCE, AuthenticatedAuthorizationManager.authenticated()).build();
+			AuthorizationManager<HttpServletRequest> manager = builder.build();
 			if (!this.observationRegistry.isNoop()) {
 				return new ObservationAuthorizationManager<>(this.observationRegistry, manager);
 			}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
index 2256393dd2..40d59f146f 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
@@ -358,7 +358,7 @@ public class AuthorizeHttpRequestsConfigurerTests {
 	}
 
 	@Test
-	public void getWhenServletPathRoleAdminConfiguredAndRoleIsUserAndWithoutServletPathThenRespondsWithOk()
+	public void getWhenServletPathRoleAdminConfiguredAndRoleIsUserAndWithoutServletPathThenRespondsWithForbidden()
 			throws Exception {
 		this.spring.register(ServletPathConfig.class, BasicController.class).autowire();
 		// @formatter:off
@@ -366,7 +366,7 @@ public class AuthorizeHttpRequestsConfigurerTests {
 				.with(user("user")
 				.roles("USER"));
 		// @formatter:on
-		this.mvc.perform(requestWithUser).andExpect(status().isOk());
+		this.mvc.perform(requestWithUser).andExpect(status().isForbidden());
 	}
 
 	@Test
diff --git a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
index ebdb8ee9dd..212b675108 100644
--- a/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
+++ b/config/src/test/java/org/springframework/security/config/authentication/AuthenticationManagerBeanDefinitionParserTests.java
@@ -139,7 +139,10 @@ public class AuthenticationManagerBeanDefinitionParserTests {
 				+ "<user-service>"
 				+ "  <user name='user' password='password' authorities='ROLE_A,ROLE_B' />"
 				+ "</user-service>"
-				+ "<http/>")
+				+ "<http>"
+				+ "  <intercept-url pattern=\"/**\" access=\"authenticated\"/>"
+				+ "  <http-basic />"
+				+ "</http>")
 				.mockMvcAfterSpringSecurityOk()
 				.autowire();
 		this.mockMvc.perform(get("/").with(httpBasic("user", "password")))
diff --git a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
index f925de4d0e..c4e821126a 100644
--- a/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
+++ b/config/src/test/java/org/springframework/security/config/http/InterceptUrlConfigTests.java
@@ -120,7 +120,7 @@ public class InterceptUrlConfigTests {
 		this.spring.configLocations(this.xml("PatchMethodAuthorizationManager")).autowire();
 		// @formatter:off
 		this.mvc.perform(get("/path").with(userCredentials()))
-				.andExpect(status().isOk());
+				.andExpect(status().isForbidden());
 		this.mvc.perform(patch("/path").with(userCredentials()))
 				.andExpect(status().isForbidden());
 		this.mvc.perform(patch("/path").with(adminCredentials()))
diff --git a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
index 3bcc4172ea..03c50c9db9 100644
--- a/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
+++ b/config/src/test/java/org/springframework/security/config/http/SessionManagementConfigServlet31Tests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -85,6 +85,7 @@ public class SessionManagementConfigServlet31Tests {
 		String id = request.getSession().getId();
 		// @formatter:off
 		loadContext("<http>\n"
+				+ "        <intercept-url pattern=\"/**\" access=\"authenticated\"/>\n"
 				+ "        <form-login/>\n"
 				+ "        <session-management/>\n"
 				+ "        <csrf disabled='true'/>\n"
@@ -107,6 +108,7 @@ public class SessionManagementConfigServlet31Tests {
 		String id = request.getSession().getId();
 		// @formatter:off
 		loadContext("<http>\n"
+				+ "        <intercept-url pattern=\"/**\" access=\"authenticated\"/>\n"
 				+ "        <form-login/>\n"
 				+ "        <session-management session-fixation-protection='changeSessionId'/>\n"
 				+ "        <csrf disabled='true'/>\n"
diff --git a/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt b/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt
index e23e1360a1..3dac9f6ed9 100644
--- a/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/AuthorizeHttpRequestsDslTests.kt
@@ -512,7 +512,7 @@ class AuthorizeHttpRequestsDslTests {
                 request.servletPath = "/other"
                 request
             })
-            .andExpect(status().isOk)
+            .andExpect(status().isForbidden)
     }
 
     @Configuration
@@ -602,7 +602,7 @@ class AuthorizeHttpRequestsDslTests {
                     servletPath = "/other"
                 }
             })
-            .andExpect(status().isOk)
+            .andExpect(status().isForbidden)
     }
 
     @Configuration
diff --git a/config/src/test/resources/org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml b/config/src/test/resources/org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml
index 04f6e1596e..f203b9e268 100644
--- a/config/src/test/resources/org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml
+++ b/config/src/test/resources/org/springframework/security/config/authentication/PasswordEncoderParserTests-bean.xml
@@ -1,5 +1,5 @@
 <!--
-  ~ Copyright 2002-2017 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -22,7 +22,10 @@
 
 	<b:bean id="passwordEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder" factory-method="getInstance"/>
 
-	<http />
+	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
+		<http-basic />
+	</http>
 
 	<authentication-manager>
 		<authentication-provider>
diff --git a/config/src/test/resources/org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml b/config/src/test/resources/org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml
index f22b91f81f..18e8843626 100644
--- a/config/src/test/resources/org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml
+++ b/config/src/test/resources/org/springframework/security/config/authentication/PasswordEncoderParserTests-default.xml
@@ -3,7 +3,10 @@
 		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		 xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
 						http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">
-	<http />
+	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
+		<http-basic />
+	</http>
 
 	<authentication-manager>
 		<authentication-provider>
diff --git a/config/src/test/resources/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml b/config/src/test/resources/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml
index d16b1c32a2..71870b9277 100644
--- a/config/src/test/resources/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml
+++ b/config/src/test/resources/org/springframework/security/config/debug/SecurityDebugBeanFactoryPostProcessorTests-context.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,7 +25,9 @@
 
 	<debug/>
 
-	<http/>
+	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
+	</http>
 
 	<authentication-manager>
 		<authentication-provider ref="authProvider"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/CsrfConfigTests-WithAccessDeniedHandler.xml b/config/src/test/resources/org/springframework/security/config/http/CsrfConfigTests-WithAccessDeniedHandler.xml
index 3e15e112f0..cc35e84e3e 100644
--- a/config/src/test/resources/org/springframework/security/config/http/CsrfConfigTests-WithAccessDeniedHandler.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/CsrfConfigTests-WithAccessDeniedHandler.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@
 	<http auto-config="true">
 		<access-denied-handler ref="accessDeniedHandler"/>
 		<csrf/>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<b:import resource="CsrfConfigTests-shared-userservice.xml"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/CsrfConfigTests-WithRequestAttrName.xml b/config/src/test/resources/org/springframework/security/config/http/CsrfConfigTests-WithRequestAttrName.xml
index e8ec4b8f01..59bb493b30 100644
--- a/config/src/test/resources/org/springframework/security/config/http/CsrfConfigTests-WithRequestAttrName.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/CsrfConfigTests-WithRequestAttrName.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@
 
 	<http auto-config="true">
 		<csrf request-handler-ref="requestHandler"/>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<b:bean id="requestHandler" class="org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler"
diff --git a/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-AutoConfig.xml b/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-AutoConfig.xml
index 241640bd68..8963801d0f 100644
--- a/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-AutoConfig.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-AutoConfig.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<b:import resource="userservice.xml"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-Simple.xml b/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-Simple.xml
index 0087bc20b0..88162fbe59 100644
--- a/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-Simple.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-Simple.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -26,6 +26,7 @@
 
 	<http auto-config="true">
 		<csrf disabled="true"/>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<b:import resource="userservice.xml"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithAuthenticationFailureForwardUrl.xml b/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithAuthenticationFailureForwardUrl.xml
index 59dbbb8303..cc26c4d387 100644
--- a/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithAuthenticationFailureForwardUrl.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithAuthenticationFailureForwardUrl.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -29,6 +29,7 @@
 				authentication-failure-forward-url="/failure_forward_url"/>
 
 		<csrf disabled="true"/>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<b:import resource="userservice.xml"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithAuthenticationSuccessForwardUrl.xml b/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithAuthenticationSuccessForwardUrl.xml
index 2647ebd143..584c0d9f63 100644
--- a/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithAuthenticationSuccessForwardUrl.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithAuthenticationSuccessForwardUrl.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -29,6 +29,7 @@
 				authentication-success-forward-url="/success_forward_url"/>
 
 		<csrf disabled="true"/>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<b:import resource="userservice.xml"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithCustomAttributes.xml b/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithCustomAttributes.xml
index a9f1c0dd3f..585746734b 100644
--- a/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithCustomAttributes.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/FormLoginBeanDefinitionParserTests-WithCustomAttributes.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -31,6 +31,7 @@
 				password-parameter="custom_pass"/>
 
 		<csrf disabled="true"/>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<b:import resource="userservice.xml"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerEraseCredentials.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerEraseCredentials.xml
index 011298a73a..dd62789484 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerEraseCredentials.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerEraseCredentials.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
 		<http-basic/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerRefKeepCredentials.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerRefKeepCredentials.xml
index b74e36d913..48561ed247 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerRefKeepCredentials.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerRefKeepCredentials.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http authentication-manager-ref="authMgr">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<http-basic/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerRefNotProviderManager.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerRefNotProviderManager.xml
index c77e928be2..e3280dab4b 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerRefNotProviderManager.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AuthenticationManagerRefNotProviderManager.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http authentication-manager-ref="authMgr">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<http-basic/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AutoConfig.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AutoConfig.xml
index 2f61de777d..c4d67298ce 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AutoConfig.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-AutoConfig.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -24,7 +24,9 @@
 			http://www.springframework.org/schema/beans
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<http auto-config="true"/>
+	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
+	</http>
 
 	<b:import resource="userservice.xml"/>
 </b:beans>
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomAuthenticationDetailsSourceRef.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomAuthenticationDetailsSourceRef.xml
index 41c049ce60..2dfdfde842 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomAuthenticationDetailsSourceRef.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomAuthenticationDetailsSourceRef.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
 		<http-basic authentication-details-source-ref="authenticationDetailsSource"/>
 		<form-login authentication-details-source-ref="authenticationDetailsSource"/>
 		<x509 subject-principal-regex="OU=(.*?)(?:,|$)" authentication-details-source-ref="authenticationDetailsSource"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomFilters.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomFilters.xml
index e2e1ffbdc6..ec486f8422 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomFilters.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-CustomFilters.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<custom-filter ref="${customFilterRef}" position="FIRST"/>
 		<custom-filter ref="userFilter" before="SECURITY_CONTEXT_FILTER"/>
 		<custom-filter ref="userFilter" after="LOGOUT_FILTER"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-DeleteCookies.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-DeleteCookies.xml
index 55abafe350..fe9368a50f 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-DeleteCookies.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-DeleteCookies.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<logout delete-cookies="JSESSIONID, mycookie"/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-HttpBasic.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-HttpBasic.xml
index 315f1a38da..24fa0f9387 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-HttpBasic.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-HttpBasic.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
 		<http-basic/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-HttpFirewall.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-HttpFirewall.xml
index b6fc7eeefc..6bd7635c71 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-HttpFirewall.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-HttpFirewall.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -27,6 +27,7 @@
 	<http-firewall ref="firewall"/>
 
 	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
 		<http-basic/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-Jaas.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-Jaas.xml
index f82e11616c..39f3597efc 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-Jaas.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-Jaas.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true" jaas-api-provision="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<b:bean class="org.springframework.security.config.http.MiscHttpConfigTests.JaasController"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-JeeFilter.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-JeeFilter.xml
index 1952c60501..e733122561 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-JeeFilter.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-JeeFilter.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
 		<jee mappable-roles="admin,user"/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-LogoutSuccessHandlerRef.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-LogoutSuccessHandlerRef.xml
index 1ac54a2ff1..6039528a68 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-LogoutSuccessHandlerRef.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-LogoutSuccessHandlerRef.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<logout success-handler-ref="logoutSuccessEndpoint"/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-MinimalConfiguration.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-MinimalConfiguration.xml
index 3d3d4fafda..72c72be512 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-MinimalConfiguration.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-MinimalConfiguration.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
 		<http-basic/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-MissingUserDetailsService.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-MissingUserDetailsService.xml
index db44764b48..8e9b8d6282 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-MissingUserDetailsService.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-MissingUserDetailsService.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -24,5 +24,7 @@
 			http://www.springframework.org/schema/beans
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<http auto-config="true"/>
+	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
+	</http>
 </b:beans>
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-NoInternalAuthenticationProviders.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-NoInternalAuthenticationProviders.xml
index 37a2bbf5a6..b6d217096c 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-NoInternalAuthenticationProviders.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-NoInternalAuthenticationProviders.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
 		<form-login/>
 		<csrf disabled="true"/>
 		<anonymous enabled="false"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-Sec750.xml b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-Sec750.xml
index 0467681ecd..fd91fffdab 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-Sec750.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MiscHttpConfigTests-Sec750.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -24,7 +24,9 @@
 			http://www.springframework.org/schema/beans
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<http auto-config="true"/>
+	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
+	</http>
 
 	<authentication-manager>
 		<authentication-provider user-service-ref="userService"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-DistinctHttpElements.xml b/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-DistinctHttpElements.xml
index 30ec90df3a..e1bc1587af 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-DistinctHttpElements.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-DistinctHttpElements.xml
@@ -23,10 +23,12 @@
 				http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http pattern="/first/**" create-session="stateless">
+		<intercept-url pattern="/first/**" access="authenticated"/>
 		<http-basic/>
 	</http>
 
 	<http pattern="/second/**">
+		<intercept-url pattern="/second/**" access="authenticated"/>
 		<form-login login-processing-url="/second/login"/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-IdenticalHttpElements.xml b/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-IdenticalHttpElements.xml
index adc299ec53..38e7653fd3 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-IdenticalHttpElements.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-IdenticalHttpElements.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -23,10 +23,12 @@
 				http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http create-session="stateless">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<http-basic/>
 	</http>
 
 	<http>
+		<intercept-url pattern="/**" access="authenticated"/>
 		<form-login/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-IdenticallyPatternedHttpElements.xml b/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-IdenticallyPatternedHttpElements.xml
index 9672a8e28c..b41948934f 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-IdenticallyPatternedHttpElements.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-IdenticallyPatternedHttpElements.xml
@@ -23,10 +23,12 @@
 				http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http pattern="/first/**" create-session="stateless">
+		<intercept-url pattern="/first/**" access="authenticated"/>
 		<http-basic/>
 	</http>
 
 	<http pattern="/first/**">
+		<intercept-url pattern="/first/**" access="authenticated"/>
 		<form-login/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-Sec1937.xml b/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-Sec1937.xml
index 2ac6a191e8..ec034128a5 100644
--- a/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-Sec1937.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/MultiHttpBlockConfigTests-Sec1937.xml
@@ -23,10 +23,12 @@
 				http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http authentication-manager-ref="firstAuthenticationManager" pattern="/first/**" create-session="stateless">
+		<intercept-url pattern="/first/**" access="authenticated"/>
 		<http-basic/>
 	</http>
 
 	<http authentication-manager-ref="secondAuthenticationManager" pattern="/second/**">
+		<intercept-url pattern="/second/**" access="authenticated"/>
 		<form-login login-processing-url="/second/login"/>
 	</http>
 
@@ -47,6 +49,6 @@
 			</user-service>
 		</authentication-provider>
 	</authentication-manager>
-	
+
 	<b:import resource="handlermappingintrospector.xml"/>
 </b:beans>
diff --git a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-AuthorizedClientArgumentResolver.xml b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-AuthorizedClientArgumentResolver.xml
index bf59662367..228bdf3b54 100644
--- a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-AuthorizedClientArgumentResolver.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-AuthorizedClientArgumentResolver.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2020 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -29,6 +29,7 @@
 
 	<http auto-config="true">
 		<oauth2-client authorized-client-repository-ref="authorizedClientRepository" />
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<mvc:annotation-driven />
diff --git a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomAuthorizationRedirectStrategy.xml b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomAuthorizationRedirectStrategy.xml
index d7ff413909..4eadcb94fe 100644
--- a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomAuthorizationRedirectStrategy.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomAuthorizationRedirectStrategy.xml
@@ -29,6 +29,7 @@
 			<authorization-code-grant
 					authorization-redirect-strategy-ref="authorizationRedirectStrategy"/>
 		</oauth2-client>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<b:bean id="authorizationRedirectStrategy" class="org.mockito.Mockito" factory-method="mock">
diff --git a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomAuthorizedClientService.xml b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomAuthorizedClientService.xml
index ceb72ca05c..ea327c616f 100644
--- a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomAuthorizedClientService.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomAuthorizedClientService.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2020 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -32,6 +32,7 @@
 					authorization-request-resolver-ref="authorizationRequestResolver"
 					access-token-response-client-ref="accessTokenResponseClient"/>
 		</oauth2-client>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<client-registrations>
diff --git a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomClientRegistrationRepository.xml b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomClientRegistrationRepository.xml
index 55bb7e3b75..a3c5d3b091 100644
--- a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomClientRegistrationRepository.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomClientRegistrationRepository.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2020 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -26,6 +26,7 @@
 
 	<http auto-config="true">
 		<oauth2-client client-registration-repository-ref="clientRegistrationRepository"/>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<b:bean id="clientRegistrationRepository" class="org.mockito.Mockito" factory-method="mock">
diff --git a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomConfiguration.xml b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomConfiguration.xml
index 447dbf914d..dc15de679a 100644
--- a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomConfiguration.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-CustomConfiguration.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2020 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -32,6 +32,7 @@
 					authorization-request-resolver-ref="authorizationRequestResolver"
 					access-token-response-client-ref="accessTokenResponseClient"/>
 		</oauth2-client>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<client-registrations>
diff --git a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-Minimal.xml b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-Minimal.xml
index 8938d4b50c..a86bbe45c8 100644
--- a/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-Minimal.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/OAuth2ClientBeanDefinitionParserTests-Minimal.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2020 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -26,6 +26,7 @@
 
 	<http auto-config="true">
 		<oauth2-client/>
+		<intercept-url pattern="/**" access="authenticated"/>
 	</http>
 
 	<client-registrations>
diff --git a/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlMaxSessions.xml b/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlMaxSessions.xml
index 0533262b9b..d113aa1890 100644
--- a/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlMaxSessions.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlMaxSessions.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<session-management session-authentication-error-url="/max-exceeded">
 			<concurrency-control max-sessions="2" error-if-maximum-exceeded="true"/>
 		</session-management>
diff --git a/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlMaxSessionsPlaceHolder.xml b/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlMaxSessionsPlaceHolder.xml
index 4a71fee19c..05132f4376 100644
--- a/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlMaxSessionsPlaceHolder.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlMaxSessionsPlaceHolder.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2021 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<session-management
 			session-authentication-error-url="/max-exceeded">
 			<concurrency-control
diff --git a/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlSessionRegistryRef.xml b/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlSessionRegistryRef.xml
index e18e911d78..a1f5532cbc 100644
--- a/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlSessionRegistryRef.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTests-ConcurrencyControlSessionRegistryRef.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<session-management
 			authentication-strategy-explicit-invocation="false">
 			<concurrency-control session-registry-ref="sessionRegistry"/>
diff --git a/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests-CreateSessionAlwaysWithTransientAuthentication.xml b/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests-CreateSessionAlwaysWithTransientAuthentication.xml
index 214f4150f3..34d0732c3d 100644
--- a/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests-CreateSessionAlwaysWithTransientAuthentication.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests-CreateSessionAlwaysWithTransientAuthentication.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true" create-session="always">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<csrf disabled="true"/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests-WithTransientAuthentication.xml b/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests-WithTransientAuthentication.xml
index 4597ae1196..d81b5a4e1b 100644
--- a/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests-WithTransientAuthentication.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/SessionManagementConfigTransientAuthenticationTests-WithTransientAuthentication.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2018 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<csrf disabled="true"/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests-CustomChangePasswordPage.xml b/config/src/test/resources/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests-CustomChangePasswordPage.xml
index b9f86a6d0f..24a8049c9a 100644
--- a/config/src/test/resources/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests-CustomChangePasswordPage.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests-CustomChangePasswordPage.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2021 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<password-management change-password-page="/custom-change-password-page"/>
 	</http>
 
diff --git a/config/src/test/resources/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests-DefaultChangePasswordPage.xml b/config/src/test/resources/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests-DefaultChangePasswordPage.xml
index 5ccddc3b36..f4a4237542 100644
--- a/config/src/test/resources/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests-DefaultChangePasswordPage.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/WellKnownChangePasswordBeanDefinitionParserTests-DefaultChangePasswordPage.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright 2002-2021 the original author or authors.
+  ~ Copyright 2002-2022 the original author or authors.
   ~
   ~ Licensed under the Apache License, Version 2.0 (the "License");
   ~ you may not use this file except in compliance with the License.
@@ -25,6 +25,7 @@
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
 	<http auto-config="true">
+		<intercept-url pattern="/**" access="authenticated"/>
 		<password-management/>
 	</http>
 
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java b/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java
index ffea430b3a..6192426ac3 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -44,6 +44,8 @@ import org.springframework.util.Assert;
  */
 public final class RequestMatcherDelegatingAuthorizationManager implements AuthorizationManager<HttpServletRequest> {
 
+	private static final AuthorizationDecision DENY = new AuthorizationDecision(false);
+
 	private final Log logger = LogFactory.getLog(getClass());
 
 	private final List<RequestMatcherEntry<AuthorizationManager<RequestAuthorizationContext>>> mappings;
@@ -81,8 +83,10 @@ public final class RequestMatcherDelegatingAuthorizationManager implements Autho
 						new RequestAuthorizationContext(request, matchResult.getVariables()));
 			}
 		}
-		this.logger.trace("Abstaining since did not find matching RequestMatcher");
-		return null;
+		if (this.logger.isTraceEnabled()) {
+			this.logger.trace(LogMessage.of(() -> "Denying request since did not find matching RequestMatcher"));
+		}
+		return DENY;
 	}
 
 	/**
diff --git a/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java b/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java
index 624a6ecee8..c84d37da6b 100644
--- a/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java
+++ b/web/src/test/java/org/springframework/security/web/access/intercept/RequestMatcherDelegatingAuthorizationManagerTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2022 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -67,8 +67,7 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 	public void checkWhenMultipleMappingsConfiguredThenDelegatesMatchingManager() {
 		RequestMatcherDelegatingAuthorizationManager manager = RequestMatcherDelegatingAuthorizationManager.builder()
 				.add(new MvcRequestMatcher(null, "/grant"), (a, o) -> new AuthorizationDecision(true))
-				.add(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false))
-				.add(new MvcRequestMatcher(null, "/neutral"), (a, o) -> null).build();
+				.add(new MvcRequestMatcher(null, "/deny"), (a, o) -> new AuthorizationDecision(false)).build();
 
 		Supplier<Authentication> authentication = () -> new TestingAuthenticationToken("user", "password", "ROLE_USER");
 
@@ -80,11 +79,10 @@ public class RequestMatcherDelegatingAuthorizationManagerTests {
 		assertThat(deny).isNotNull();
 		assertThat(deny.isGranted()).isFalse();
 
-		AuthorizationDecision neutral = manager.check(authentication, new MockHttpServletRequest(null, "/neutral"));
-		assertThat(neutral).isNull();
-
-		AuthorizationDecision abstain = manager.check(authentication, new MockHttpServletRequest(null, "/abstain"));
-		assertThat(abstain).isNull();
+		AuthorizationDecision defaultDeny = manager.check(authentication,
+				new MockHttpServletRequest(null, "/unmapped"));
+		assertThat(defaultDeny).isNotNull();
+		assertThat(defaultDeny.isGranted()).isFalse();
 	}
 
 	@Test