Spring Security Unable to Use hasIpAddress() Method After Migrating to authorizeHttpRequests() in Spring Security 6

Describe the bug After migrating to Spring Security 6 and replacing the deprecated authorizeRequests(...) method with authorizeHttpRequests(...), the hasIpAddress() method is no longer accessible, resulting in a compilation error.

To Reproduce Steps to reproduce the behavior: 1. Upgrade the Spring Security version to 6.x. 2. Replace the usage of authorizeRequests(...) with authorizeHttpRequests(...) in the code. 3. Add a configuration that includes the hasIpAddress() method with authorizeHttpRequests(...). 4. Attempt to compile the code and observe the error.

Expected behavior I expected to be able to use the hasIpAddress() method within the authorizeHttpRequests(...) configuration, without encountering any compilation errors.

Sample

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    return http
            .csrf(csrf -> csrf.disable())
            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .authorizeHttpRequests(authorize -> authorize
                    .requestMatchers("/api/user/account/token/", "/api/user/account/register/").permitAll()
                    .requestMatchers("/pk/game/start/", "/pk/receive/bot/move/").hasIpAddress("127.0.0.1")
                    .requestMatchers(HttpMethod.OPTIONS).permitAll()
                    .anyRequest().authenticated()
            )
            .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
            .build();
}

Comment From: jzheaux

There are no plans to port over hasIpAddress to the latest support.

Instead, please use:

IpAddressMatcher hasIpAddress = new IpAddressMatcher("127.0.0.1");

// ...

.access((authentication, context) -> new AuthorizationDecision(hasIpAddress.matches(context.getRequest())))

I'll update the migration guide to mention this.