Spring Security authorizeHttpRequests requestMatchers should support both .authenticated and .access in the same config

Expected Behavior

        http.authorizeHttpRequests(matchers -> matchers
                .requestMatchers(
                        "/api/",
                        "/api/**"
                )
                .authenticated()
                .access(myAuthorizationManager)

Current Behavior The code can not compile. I can only choose on of the .authenticated() or .access(myAuthorizationManager)

Context What I want is when match /api url, spring security need do authn AND authz(call myAuthorizationManager). But if I use .authenticated(), the myAuthorizationManager not called (below is my test code), and vice versa.

        http.authorizeHttpRequests(matchers -> matchers
                .requestMatchers(
                        "/api/",
                        "/api/**"
                )
                .authenticated()
                .anyRequest()
                .access(myAuthorizationManager)
````

Currently I can only do an extra check in `myAuthorizationManager` to verify the `Authentication` is not `AnonymousAuthenticationToken` which looks weird to me.
<!--- 
How has this issue affected you?
What are you trying to accomplish?
What other alternatives have you considered?
Are you aware of any workarounds?
-->


**Comment From: marcusdacoregio**

Hi @abccbaandy.

You can use 
```java

.requestMatchers("/api/", "/api/**").access(AuthorizationManagers.allOf(AuthenticatedAuthorizationManager.authenticated(), myOtherAuthorizationManager))

Does that work for you?

See https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html#authorize-requests

Comment From: abccbaandy

Thanks, it works. I think this should be in the reference.

Comment From: marcusdacoregio

Thanks @abccbaandy. Would you like to send a PR that includes that information in the docs?