From be20201bf7be7923ebfdabea15c9dfbbf29c30f0 Mon Sep 17 00:00:00 2001
From: Rob Winch <362503+rwinch@users.noreply.github.com>
Date: Thu, 25 Sep 2025 11:15:05 -0500
Subject: [PATCH] FACTOR uses defaultEntryPoint when possible

Previously they used addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE) to
work around gh-17955. They now can use defaultEntryPoint which is more concise.

Issue gh-gh-17955
---
 .../config/annotation/web/configurers/WebAuthnConfigurer.java | 4 +---
 .../config/annotation/web/configurers/X509Configurer.java     | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java
index 6613693ef1..c5491f4006 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurer.java
@@ -35,7 +35,6 @@ import org.springframework.security.web.authentication.ui.DefaultLoginPageGenera
 import org.springframework.security.web.authentication.ui.DefaultResourcesFilter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.csrf.CsrfToken;
-import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity;
 import org.springframework.security.web.webauthn.authentication.PublicKeyCredentialRequestOptionsFilter;
 import org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter;
@@ -159,8 +158,7 @@ public class WebAuthnConfigurer<H extends HttpSecurityBuilder<H>>
 		ExceptionHandlingConfigurer<H> exceptions = http.getConfigurer(ExceptionHandlingConfigurer.class);
 		if (exceptions != null) {
 			AuthenticationEntryPoint entryPoint = new LoginUrlAuthenticationEntryPoint("/login");
-			exceptions.defaultDeniedHandlerForMissingAuthority(
-					(ep) -> ep.addEntryPointFor(entryPoint, AnyRequestMatcher.INSTANCE),
+			exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(entryPoint),
 					GrantedAuthorities.FACTOR_WEBAUTHN_AUTHORITY);
 		}
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
index 512ae11761..539286c03a 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/X509Configurer.java
@@ -39,7 +39,6 @@ import org.springframework.security.web.authentication.preauth.x509.SubjectDnX50
 import org.springframework.security.web.authentication.preauth.x509.X509AuthenticationFilter;
 import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
 import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
-import org.springframework.security.web.util.matcher.AnyRequestMatcher;
 
 /**
  * Adds X509 based pre authentication to an application. Since validating the certificate
@@ -187,8 +186,7 @@ public final class X509Configurer<H extends HttpSecurityBuilder<H>>
 		ExceptionHandlingConfigurer<H> exceptions = http.getConfigurer(ExceptionHandlingConfigurer.class);
 		if (exceptions != null) {
 			AuthenticationEntryPoint forbidden = new Http403ForbiddenEntryPoint();
-			exceptions.defaultDeniedHandlerForMissingAuthority(
-					(ep) -> ep.addEntryPointFor(forbidden, AnyRequestMatcher.INSTANCE),
+			exceptions.defaultDeniedHandlerForMissingAuthority((ep) -> ep.defaultEntryPoint(forbidden),
 					GrantedAuthorities.FACTOR_X509_AUTHORITY);
 		}
 	}