From ee97c83042dfc031a44c0e5a445873e58abf3fc0 Mon Sep 17 00:00:00 2001
From: Menashe Eliezer <menashe.eliezer@gmail.com>
Date: Fri, 13 Feb 2026 16:57:07 +0100
Subject: [PATCH] Update request-matcher schema and XML tests to use path

Closes gh-18641

Signed-off-by: Menashe Eliezer <menashe.eliezer@gmail.com>
---
 .../security/config/spring-security-7.0.rnc   |  4 +--
 .../security/config/spring-security-7.0.xsd   | 36 +++++++++----------
 ...ptUrlConfigTests-AntMatcherServletPath.xml |  2 +-
 ...MatcherServletPathAuthorizationManager.xml |  2 +-
 .../InterceptUrlConfigTests-MvcMatchers.xml   |  2 +-
 ...gTests-MvcMatchersAuthorizationManager.xml |  2 +-
 ...tUrlConfigTests-MvcMatchersServletPath.xml |  2 +-
 ...atchersServletPathAuthorizationManager.xml |  2 +-
 8 files changed, 24 insertions(+), 28 deletions(-)

diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-7.0.rnc b/config/src/main/resources/org/springframework/security/config/spring-security-7.0.rnc
index 3e15354261..3ab50e1837 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-7.0.rnc
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-7.0.rnc
@@ -12,8 +12,8 @@ base64 =
 	## Whether a string should be base64 encoded
 	attribute base64 {xsd:boolean}
 request-matcher =
-	## Defines the strategy use for matching incoming requests. Currently the options are 'mvc' (for Spring MVC matcher), 'ant' (for ant path patterns), 'regex' for regular expressions and 'ciRegex' for case-insensitive regular expressions.
-	attribute request-matcher {"mvc" | "ant" | "regex" | "ciRegex"}
+	## Defines the strategy use for matching incoming requests. Currently the options are 'path' (for PathPatternRequestMatcher), 'regex' for regular expressions and 'ciRegex' for case-insensitive regular expressions.
+	attribute request-matcher {"path" | "regex" | "ciRegex"}
 port =
 	## Specifies an IP port number. Used to configure an embedded LDAP server, for example.
 	attribute port { xsd:nonNegativeInteger }
diff --git a/config/src/main/resources/org/springframework/security/config/spring-security-7.0.xsd b/config/src/main/resources/org/springframework/security/config/spring-security-7.0.xsd
index 59317aa2b4..fe0bfee559 100644
--- a/config/src/main/resources/org/springframework/security/config/spring-security-7.0.xsd
+++ b/config/src/main/resources/org/springframework/security/config/spring-security-7.0.xsd
@@ -27,15 +27,14 @@
   <xs:attributeGroup name="request-matcher">
       <xs:attribute name="request-matcher" use="required">
          <xs:annotation>
-            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'mvc'
-                (for Spring MVC matcher), 'ant' (for ant path patterns), 'regex' for regular expressions
-                and 'ciRegex' for case-insensitive regular expressions.
+            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'path'
+                (for PathPatternRequestMatcher), 'regex' for regular expressions and 'ciRegex' for
+                case-insensitive regular expressions.
                 </xs:documentation>
          </xs:annotation>
          <xs:simpleType>
             <xs:restriction base="xs:token">
-               <xs:enumeration value="mvc"/>
-               <xs:enumeration value="ant"/>
+               <xs:enumeration value="path"/>
                <xs:enumeration value="regex"/>
                <xs:enumeration value="ciRegex"/>
             </xs:restriction>
@@ -1306,15 +1305,14 @@
       </xs:attribute>
       <xs:attribute name="request-matcher">
          <xs:annotation>
-            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'mvc'
-                (for Spring MVC matcher), 'ant' (for ant path patterns), 'regex' for regular expressions
-                and 'ciRegex' for case-insensitive regular expressions.
+            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'path'
+                (for PathPatternRequestMatcher), 'regex' for regular expressions and 'ciRegex' for
+                case-insensitive regular expressions.
                 </xs:documentation>
          </xs:annotation>
          <xs:simpleType>
             <xs:restriction base="xs:token">
-               <xs:enumeration value="mvc"/>
-               <xs:enumeration value="ant"/>
+               <xs:enumeration value="path"/>
                <xs:enumeration value="regex"/>
                <xs:enumeration value="ciRegex"/>
             </xs:restriction>
@@ -2474,15 +2472,14 @@
   <xs:attributeGroup name="filter-chain-map.attlist">
       <xs:attribute name="request-matcher">
          <xs:annotation>
-            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'mvc'
-                (for Spring MVC matcher), 'ant' (for ant path patterns), 'regex' for regular expressions
-                and 'ciRegex' for case-insensitive regular expressions.
+            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'path'
+                (for PathPatternRequestMatcher), 'regex' for regular expressions and 'ciRegex' for
+                case-insensitive regular expressions.
                 </xs:documentation>
          </xs:annotation>
          <xs:simpleType>
             <xs:restriction base="xs:token">
-               <xs:enumeration value="mvc"/>
-               <xs:enumeration value="ant"/>
+               <xs:enumeration value="path"/>
                <xs:enumeration value="regex"/>
                <xs:enumeration value="ciRegex"/>
             </xs:restriction>
@@ -2580,15 +2577,14 @@
       </xs:attribute>
       <xs:attribute name="request-matcher">
          <xs:annotation>
-            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'mvc'
-                (for Spring MVC matcher), 'ant' (for ant path patterns), 'regex' for regular expressions
-                and 'ciRegex' for case-insensitive regular expressions.
+            <xs:documentation>Defines the strategy use for matching incoming requests. Currently the options are 'path'
+                (for PathPatternRequestMatcher), 'regex' for regular expressions and 'ciRegex' for
+                case-insensitive regular expressions.
                 </xs:documentation>
          </xs:annotation>
          <xs:simpleType>
             <xs:restriction base="xs:token">
-               <xs:enumeration value="mvc"/>
-               <xs:enumeration value="ant"/>
+               <xs:enumeration value="path"/>
                <xs:enumeration value="regex"/>
                <xs:enumeration value="ciRegex"/>
             </xs:restriction>
diff --git a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-AntMatcherServletPath.xml b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-AntMatcherServletPath.xml
index 9aa52fb868..131827b6e9 100644
--- a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-AntMatcherServletPath.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-AntMatcherServletPath.xml
@@ -24,7 +24,7 @@
 			http://www.springframework.org/schema/beans
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<http request-matcher="ant" use-authorization-manager="false">
+	<http request-matcher="path" use-authorization-manager="false">
 		<intercept-url pattern="/path" access="denyAll" servlet-path="/spring"/>
 		<http-basic/>
 	</http>
diff --git a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-AntMatcherServletPathAuthorizationManager.xml b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-AntMatcherServletPathAuthorizationManager.xml
index 47d37798e7..7ee556d384 100644
--- a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-AntMatcherServletPathAuthorizationManager.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-AntMatcherServletPathAuthorizationManager.xml
@@ -24,7 +24,7 @@
 			http://www.springframework.org/schema/beans
 			https://www.springframework.org/schema/beans/spring-beans.xsd">
 
-	<http request-matcher="ant">
+	<http request-matcher="path">
 		<intercept-url pattern="/path" access="denyAll" servlet-path="/spring"/>
 		<http-basic/>
 	</http>
diff --git a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchers.xml b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchers.xml
index 144f8d5af1..978f783106 100644
--- a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchers.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchers.xml
@@ -27,7 +27,7 @@
 			http://www.springframework.org/schema/mvc
 			https://www.springframework.org/schema/mvc/spring-mvc.xsd">
 
-	<http auto-config="true" request-matcher="mvc" use-authorization-manager="false">
+	<http auto-config="true" request-matcher="path" use-authorization-manager="false">
 		<intercept-url pattern="/path" access="denyAll"/>
 		<http-basic/>
 	</http>
diff --git a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersAuthorizationManager.xml b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersAuthorizationManager.xml
index 51800a0094..4d1f5db994 100644
--- a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersAuthorizationManager.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersAuthorizationManager.xml
@@ -27,7 +27,7 @@
 			http://www.springframework.org/schema/mvc
 			https://www.springframework.org/schema/mvc/spring-mvc.xsd">
 
-	<http auto-config="true" request-matcher="mvc">
+	<http auto-config="true" request-matcher="path">
 		<intercept-url pattern="/path" access="denyAll"/>
 		<http-basic/>
 	</http>
diff --git a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersServletPath.xml b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersServletPath.xml
index d90add5ce3..ac8e0f6822 100644
--- a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersServletPath.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersServletPath.xml
@@ -27,7 +27,7 @@
 			http://www.springframework.org/schema/mvc
 			https://www.springframework.org/schema/mvc/spring-mvc.xsd">
 
-	<http auto-config="true" request-matcher="mvc" use-authorization-manager="false">
+	<http auto-config="true" request-matcher="path" use-authorization-manager="false">
 		<intercept-url pattern="/path" access="denyAll" servlet-path="/spring"/>
 		<http-basic/>
 	</http>
diff --git a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersServletPathAuthorizationManager.xml b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersServletPathAuthorizationManager.xml
index 43c28967b0..871e63dcf8 100644
--- a/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersServletPathAuthorizationManager.xml
+++ b/config/src/test/resources/org/springframework/security/config/http/InterceptUrlConfigTests-MvcMatchersServletPathAuthorizationManager.xml
@@ -27,7 +27,7 @@
 			http://www.springframework.org/schema/mvc
 			https://www.springframework.org/schema/mvc/spring-mvc.xsd">
 
-	<http auto-config="true" request-matcher="mvc">
+	<http auto-config="true" request-matcher="path">
 		<intercept-url pattern="/path" access="denyAll" servlet-path="/spring"/>
 		<http-basic/>
 	</http>