Use authorizeHttpRequests in Docs

Issue gh-8900

docs/modules/ROOT/pages/servlet/authorization/authorize-requests.adoc

@@ -32,7 +32,7 @@ The explicit configuration looks like:
 protected void configure(HttpSecurity http) throws Exception {
 	http
 		// ...
-		.authorizeRequests(authorize -> authorize
+		.authorizeHttpRequests(authorize -> authorize
 			.anyRequest().authenticated()
 		);
 }
@@ -71,7 +71,7 @@ We can configure Spring Security to have different rules by adding more rules in
 protected void configure(HttpSecurity http) throws Exception {
 	http
 		// ...
-		.authorizeRequests(authorize -> authorize                                  // <1>
+		.authorizeHttpRequests(authorize -> authorize                                  // <1>
 			.mvcMatchers("/resources/**", "/signup", "/about").permitAll()         // <2>
 			.mvcMatchers("/admin/**").hasRole("ADMIN")                             // <3>
 			.mvcMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")   // <4>

docs/modules/ROOT/pages/servlet/authorization/expression-based.adoc

@@ -144,7 +144,7 @@ You could refer to the method using:
 [source,java,role="primary"]
 ----
 http
-    .authorizeRequests(authorize -> authorize
+    .authorizeHttpRequests(authorize -> authorize
         .antMatchers("/user/**").access("@webSecurity.check(authentication,request)")
         ...
     )
@@ -210,7 +210,7 @@ You could refer to the method using:
 [source,java,role="primary",attrs="-attributes"]
 ----
 http
-	.authorizeRequests(authorize -> authorize
+	.authorizeHttpRequests(authorize -> authorize
 		.antMatchers("/user/{userId}/**").access("@webSecurity.checkUserId(authentication,#userId)")
 		...
 	);

docs/modules/ROOT/pages/servlet/configuration/java.adoc

@@ -193,7 +193,7 @@ public class MultiHttpSecurityConfig {
 		protected void configure(HttpSecurity http) throws Exception {
 			http
 				.antMatcher("/api/**")                               <3>
-				.authorizeRequests(authorize -> authorize
+				.authorizeHttpRequests(authorize -> authorize
 					.anyRequest().hasRole("ADMIN")
 			    )
 				.httpBasic(withDefaults());
@@ -206,7 +206,7 @@ public class MultiHttpSecurityConfig {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests(authorize -> authorize
+				.authorizeHttpRequests(authorize -> authorize
 					.anyRequest().authenticated()
 				)
 				.formLogin(withDefaults());

docs/modules/ROOT/pages/servlet/integrations/mvc.adoc

@@ -138,7 +138,7 @@ If we wanted to restrict access to this controller method to admin users, a deve
 ----
 protected configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorize -> authorize
+		.authorizeHttpRequests(authorize -> authorize
 			.antMatchers("/admin").hasRole("ADMIN")
 		);
 }
@@ -183,7 +183,7 @@ The following configuration will protect the same URLs that Spring MVC will matc
 ----
 protected configure(HttpSecurity http) throws Exception {
 	http
-		.authorizeRequests(authorize -> authorize
+		.authorizeHttpRequests(authorize -> authorize
 			.mvcMatchers("/admin").hasRole("ADMIN")
 		);
 }

docs/modules/ROOT/pages/servlet/integrations/websocket.adoc

@@ -456,7 +456,7 @@ public class WebSecurityConfig
                     .sameOrigin()
                 )
             )
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 ...
             )
             ...

docs/modules/ROOT/pages/servlet/oauth2/client/authorization-grants.adoc

@@ -121,7 +121,7 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorize -> authorize
+			.authorizeHttpRequests(authorize -> authorize
 				.anyRequest().authenticated()
 			)
 			.oauth2Login(oauth2 -> oauth2

docs/modules/ROOT/pages/servlet/oauth2/login/advanced.adoc

@@ -872,7 +872,7 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorize -> authorize
+			.authorizeHttpRequests(authorize -> authorize
 				.anyRequest().authenticated()
 			)
 			.oauth2Login(withDefaults())

docs/modules/ROOT/pages/servlet/oauth2/login/core.adoc

@@ -321,7 +321,7 @@ public class OAuth2LoginSecurityConfig extends WebSecurityConfigurerAdapter {
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
 		http
-			.authorizeRequests(authorize -> authorize
+			.authorizeHttpRequests(authorize -> authorize
 				.anyRequest().authenticated()
 			)
 			.oauth2Login(withDefaults());
@@ -367,7 +367,7 @@ public class OAuth2LoginConfig {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests(authorize -> authorize
+				.authorizeHttpRequests(authorize -> authorize
 					.anyRequest().authenticated()
 				)
 				.oauth2Login(withDefaults());
@@ -462,7 +462,7 @@ public class OAuth2LoginConfig {
 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 			http
-				.authorizeRequests(authorize -> authorize
+				.authorizeHttpRequests(authorize -> authorize
 					.anyRequest().authenticated()
 				)
 				.oauth2Login(withDefaults());

docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc

@@ -146,7 +146,7 @@ The first is a `WebSecurityConfigurerAdapter` that configures the app as a resou
 ----
 protected void configure(HttpSecurity http) {
     http
-        .authorizeRequests(authorize -> authorize
+        .authorizeHttpRequests(authorize -> authorize
             .anyRequest().authenticated()
         )
         .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
@@ -182,7 +182,7 @@ Replacing this is as simple as exposing the bean within the application:
 public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
                 .anyRequest().authenticated()
             )
@@ -299,7 +299,7 @@ An authorization server's JWK Set Uri can be configured <<oauth2resourceserver-j
 public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .anyRequest().authenticated()
             )
             .oauth2ResourceServer(oauth2 -> oauth2
@@ -359,7 +359,7 @@ More powerful than `jwkSetUri()` is `decoder()`, which will completely replace a
 public class DirectlyConfiguredJwtDecoder extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .anyRequest().authenticated()
             )
             .oauth2ResourceServer(oauth2 -> oauth2
@@ -719,7 +719,7 @@ This means that to protect an endpoint or method with a scope derived from a JWT
 public class DirectlyConfiguredJwkSetUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
                 .mvcMatchers("/messages/**").hasAuthority("SCOPE_messages")
                 .anyRequest().authenticated()
@@ -926,7 +926,7 @@ static class CustomAuthenticationConverter implements Converter<Jwt, AbstractAut
 public class CustomAuthenticationConverterConfig extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .anyRequest().authenticated()
             )
             .oauth2ResourceServer(oauth2 -> oauth2

docs/modules/ROOT/pages/servlet/oauth2/resource-server/multitenancy.adoc

@@ -53,7 +53,7 @@ And then specify this `AuthenticationManagerResolver` in the DSL:
 [source,java,role="primary"]
 ----
 http
-    .authorizeRequests(authorize -> authorize
+    .authorizeHttpRequests(authorize -> authorize
         .anyRequest().authenticated()
     )
     .oauth2ResourceServer(oauth2 -> oauth2
@@ -109,7 +109,7 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver = new JwtIs
     ("https://idp.example.org/issuerOne", "https://idp.example.org/issuerTwo");
 
 http
-    .authorizeRequests(authorize -> authorize
+    .authorizeHttpRequests(authorize -> authorize
         .anyRequest().authenticated()
     )
     .oauth2ResourceServer(oauth2 -> oauth2
@@ -176,7 +176,7 @@ JwtIssuerAuthenticationManagerResolver authenticationManagerResolver =
         new JwtIssuerAuthenticationManagerResolver(authenticationManagers::get);
 
 http
-    .authorizeRequests(authorize -> authorize
+    .authorizeHttpRequests(authorize -> authorize
         .anyRequest().authenticated()
     )
     .oauth2ResourceServer(oauth2 -> oauth2

docs/modules/ROOT/pages/servlet/oauth2/resource-server/opaque-token.adoc

@@ -188,7 +188,7 @@ When use Opaque Token, this `WebSecurityConfigurerAdapter` looks like:
 ----
 protected void configure(HttpSecurity http) {
     http
-        .authorizeRequests(authorize -> authorize
+        .authorizeHttpRequests(authorize -> authorize
             .anyRequest().authenticated()
         )
         .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
@@ -224,7 +224,7 @@ Replacing this is as simple as exposing the bean within the application:
 public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .mvcMatchers("/messages/**").hasAuthority("SCOPE_message:read")
                 .anyRequest().authenticated()
             )
@@ -338,7 +338,7 @@ An authorization server's Introspection Uri can be configured <<oauth2resourcese
 public class DirectlyConfiguredIntrospectionUri extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .anyRequest().authenticated()
             )
             .oauth2ResourceServer(oauth2 -> oauth2
@@ -400,7 +400,7 @@ More powerful than `introspectionUri()` is `introspector()`, which will complete
 public class DirectlyConfiguredIntrospector extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .anyRequest().authenticated()
             )
             .oauth2ResourceServer(oauth2 -> oauth2
@@ -479,7 +479,7 @@ This means that to protect an endpoint or method with a scope derived from an Op
 public class MappedAuthorities extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorizeRequests -> authorizeRequests
+            .authorizeHttpRequests(authorizeRequests -> authorizeRequests
                 .mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
                 .mvcMatchers("/messages/**").hasAuthority("SCOPE_messages")
                 .anyRequest().authenticated()

docs/modules/ROOT/pages/servlet/saml2/login/authentication.adoc

@@ -38,7 +38,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         );
 
         http
-            .authorizeRequests(authz -> authz
+            .authorizeHttpRequests(authz -> authz
                 .anyRequest().authenticated()
             )
             .saml2Login(saml2 -> saml2
@@ -106,7 +106,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         });
 
         http
-            .authorizeRequests(authz -> authz
+            .authorizeHttpRequests(authz -> authz
                 .anyRequest().authenticated()
             )
             .saml2Login(saml2 -> saml2
@@ -310,7 +310,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
         AuthenticationManager authenticationManager = new MySaml2AuthenticationManager(...);
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .anyRequest().authenticated()
             )
             .saml2Login(saml2 -> saml2

docs/modules/ROOT/pages/servlet/saml2/login/overview.adoc

@@ -289,7 +289,7 @@ When including `spring-security-saml2-service-provider`, the `WebSecurityConfigu
 ----
 protected void configure(HttpSecurity http) {
     http
-        .authorizeRequests(authorize -> authorize
+        .authorizeHttpRequests(authorize -> authorize
             .anyRequest().authenticated()
         )
         .saml2Login(withDefaults());
@@ -323,7 +323,7 @@ You can replace this by exposing the bean within the application:
 public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .mvcMatchers("/messages/**").hasAuthority("ROLE_USER")
                 .anyRequest().authenticated()
             )
@@ -471,7 +471,7 @@ Alternatively, you can directly wire up the repository using the DSL, which will
 public class MyCustomSecurityConfiguration extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) {
         http
-            .authorizeRequests(authorize -> authorize
+            .authorizeHttpRequests(authorize -> authorize
                 .mvcMatchers("/messages/**").hasAuthority("ROLE_USER")
                 .anyRequest().authenticated()
             )

docs/modules/ROOT/pages/servlet/saml2/logout.adoc

@@ -43,7 +43,7 @@ RelyingPartyRegistrationRepository registrations() {
 @Bean
 SecurityFilterChain web(HttpSecurity http, RelyingPartyRegistrationRepository registrations) throws Exception {
     http
-        .authorizeRequests((authorize) -> authorize
+        .authorizeHttpRequests((authorize) -> authorize
             .anyRequest().authenticated()
         )
         .saml2Login(withDefaults())