Documentation (Example 2) states that it's possible to write
http.authorizeHttpRequests(authorize ->
authorize.mvcMatchers("/db/**").access("hasRole('ADMIN') and hasRole('DBA')")
but there's no access(String) method.
Here's my SO question with background information: https://stackoverflow.com/questions/72366267/matching-ip-address-with-authorizehttprequests
I'm using Spring Security 5.7.1.
Comment From: sjohnr
Hi @vbezhenar, thanks for reporting this issue! Typically, you don't need to cross-post, but I see that a community member recommended that you open an issue. We can use this issue to fix the docs, as indeed it appears to be an issue with the docs. I've submitted an answer to your question as an example of how to build your own expressions.