From 01d1e20dc3a6df95dde132227f82346f75fc5ea1 Mon Sep 17 00:00:00 2001
From: Marcus Da Coregio <marcusdacoregio@gmail.com>
Date: Thu, 13 Apr 2023 15:05:10 -0300
Subject: [PATCH] Deprecate shouldFilterAllDispatcherTypes

Closes gh-12138
---
 .../AuthorizeHttpRequestsConfigurer.java      | 18 +++++++++++++++++
 .../access/intercept/AuthorizationFilter.java | 20 ++++++++++++++++++-
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
index a416c1b1b34..b1f03c4ac02 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
@@ -194,7 +194,25 @@ public AuthorizationManagerRequestMatcherRegistry withObjectPostProcessor(
 		 * @return the {@link AuthorizationManagerRequestMatcherRegistry} for further
 		 * customizations
 		 * @since 5.7
+		 * @deprecated Permit access to the {@link jakarta.servlet.DispatcherType}
+		 * instead. <pre>
+		 * &#064;Configuration
+		 * &#064;EnableWebSecurity
+		 * public class SecurityConfig {
+		 *
+		 * 	&#064;Bean
+		 * 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		 * 		http
+		 * 		 	.authorizeHttpRequests((authorize) -&gt; authorize
+		 * 				.dispatcherTypeMatchers(DispatcherType.ERROR).permitAll()
+		 * 			 	// ...
+		 * 		 	);
+		 * 		return http.build();
+		 * 	}
+		 * }
+		 * </pre>
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public AuthorizationManagerRequestMatcherRegistry shouldFilterAllDispatcherTypes(boolean shouldFilter) {
 			this.shouldFilterAllDispatcherTypes = shouldFilter;
 			return this;
diff --git a/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java b/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
index ae88d842395..bdb9d6ac085 100644
--- a/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
+++ b/web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -170,7 +170,25 @@ public AuthorizationManager<HttpServletRequest> getAuthorizationManager() {
 	 * @param shouldFilterAllDispatcherTypes should filter all dispatcher types. Default
 	 * is {@code true}
 	 * @since 5.7
+	 * @deprecated Permit access to the {@link jakarta.servlet.DispatcherType} instead.
+	 * <pre>
+	 * &#064;Configuration
+	 * &#064;EnableWebSecurity
+	 * public class SecurityConfig {
+	 *
+	 * 	&#064;Bean
+	 * 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+	 * 		http
+	 * 		 	.authorizeHttpRequests((authorize) -&gt; authorize
+	 * 				.dispatcherTypeMatchers(DispatcherType.ERROR).permitAll()
+	 * 			 	// ...
+	 * 		 	);
+	 * 		return http.build();
+	 * 	}
+	 * }
+	 * </pre>
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public void setShouldFilterAllDispatcherTypes(boolean shouldFilterAllDispatcherTypes) {
 		this.observeOncePerRequest = !shouldFilterAllDispatcherTypes;
 		this.filterErrorDispatch = shouldFilterAllDispatcherTypes;