Spring Security Migration guide should mention important exceptions for requestmatcher

Summary

The migration guide to latest spring security mentions replacing antmatcher with requestmatcher. However, this does not work if you also use spring webservices. Solvable by using antmatcher as suggested for similar issue for H2 console.

Actual Behavior

Permitted roles are not applied for requestmatcher /services/. Csrf ignore pattern is not applied for /services/

Expected Behavior

Mention using antmatcher for paths that are not solved by spring mvc. Where the webservices could be provided as an example.

Version

Spring boot 3.0

Comment From: marcusdacoregio

Hi @boukewoudstra,

do you have any sample application that shows this scenario? I would like to play with it a bit to see the use cases and come up with better documentation.

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.