spring-projects
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java‎
Lines changed: 3 additions & 1 deletion b/‎config/src/main/java/org/springframework/security/config/annotation/web/configuration/HttpSecurityConfiguration.java‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎config/src/main/java/org/springframework/security/config/http/PathPatternRequestMatcherFactoryBean.java‎
Lines changed: 1 addition & 1 deletion b/‎config/src/main/java/org/springframework/security/config/http/PathPatternRequestMatcherFactoryBean.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java‎
Lines changed: 38 additions & 0 deletions b/‎config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java‎
Lines changed: 38 additions & 0 deletions
diff --git a/‎config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecuritySecurityMatchersTests.java‎
Lines changed: 105 additions & 0 deletions b/‎config/src/test/java/org/springframework/security/config/annotation/web/configurers/HttpSecuritySecurityMatchersTests.java‎
Lines changed: 105 additions & 0 deletions
@@ -238,7 +238,9 @@ private Map<Class<?>, Object> createSharedObjects() {
 		Map<Class<?>, Object> sharedObjects = new HashMap<>();
 		sharedObjects.put(ApplicationContext.class, this.context);
 		sharedObjects.put(ContentNegotiationStrategy.class, this.contentNegotiationStrategy);
-		sharedObjects.put(PathPatternRequestMatcher.Builder.class, constructRequestMatcherBuilder(this.context));
+		sharedObjects.put(PathPatternRequestMatcher.Builder.class,
+				this.context.getBeanProvider(PathPatternRequestMatcher.Builder.class)
+					.getIfUnique(() -> constructRequestMatcherBuilder(this.context)));
 		return sharedObjects;
 	}
 
 
@@ -70,7 +70,7 @@ public void setApplicationContext(ApplicationContext context) throws BeansExcept
 	@Override
 	public void afterPropertiesSet() throws Exception {
 		if (this.basePath != null) {
-			this.builder.basePath(this.basePath);
+			this.builder = this.builder.basePath(this.basePath);
 		}
 	}
 
 
@@ -452,6 +452,18 @@ public void getWhenServletPathRoleAdminConfiguredAndRoleIsAdminThenRespondsWithO
 		this.mvc.perform(requestWithAdmin).andExpect(status().isOk());
 	}
 
+	@Test
+	public void requestMatchersWhenBuilderBeanWithBasePathAndRawStringThenHonorsBasePath() throws Exception {
+		this.spring.register(RequestMatchersRawStringServletPathConfig.class, BasicController.class).autowire();
+		// @formatter:off
+		MockHttpServletRequestBuilder matchedByBasePath = get("/spring/path")
+				.servletPath("/spring")
+				.with(user("user").roles("USER"));
+		// @formatter:on
+		this.mvc.perform(matchedByBasePath).andExpect(status().isForbidden());
+		this.mvc.perform(get("/path").with(user("user").roles("USER"))).andExpect(status().isOk());
+	}
+
 	@Test
 	public void getWhenAnyRequestAuthenticatedConfiguredAndNoUserThenRespondsWithUnauthorized() throws Exception {
 		this.spring.register(AuthenticatedConfig.class, BasicController.class).autowire();
@@ -1359,6 +1371,32 @@ SecurityFilterChain filterChain(HttpSecurity http, PathPatternRequestMatcher.Bui
 
 	}
 
+	@Configuration
+	@EnableWebMvc
+	@EnableWebSecurity
+	static class RequestMatchersRawStringServletPathConfig {
+
+		@Bean
+		PathPatternRequestMatcherBuilderFactoryBean requestMatcherBuilder() {
+			PathPatternRequestMatcherBuilderFactoryBean bean = new PathPatternRequestMatcherBuilderFactoryBean();
+			bean.setBasePath("/spring");
+			return bean;
+		}
+
+		@Bean
+		SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+			// @formatter:off
+			return http
+					.authorizeHttpRequests((authorize) -> authorize
+						.requestMatchers("/path").hasRole("ADMIN")
+						.anyRequest().permitAll()
+					)
+					.build();
+			// @formatter:on
+		}
+
+	}
+
 	@Configuration
 	@EnableWebSecurity
 	static class AuthenticatedConfig {
 
@@ -125,6 +125,34 @@ public void securityMatchersWhensMvcMatcherServletPathInLambdaThenPathIsSecured(
 		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
 	}
 
+	@Test
+	public void securityMatcherWhenBuilderBeanWithBasePathThenHonorsBasePath() throws Exception {
+		loadConfig(SecurityMatcherBuilderBeanConfig.class);
+		this.request.setServletPath("/spring");
+		this.request.setRequestURI("/spring/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		setup();
+		this.request.setServletPath("");
+		this.request.setRequestURI("/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+	}
+
+	@Test
+	public void securityMatchersWhenBuilderBeanWithBasePathAndRawStringsThenHonorsBasePath() throws Exception {
+		loadConfig(SecurityMatchersBuilderBeanConfig.class);
+		this.request.setServletPath("/spring");
+		this.request.setRequestURI("/spring/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_UNAUTHORIZED);
+		setup();
+		this.request.setServletPath("");
+		this.request.setRequestURI("/path");
+		this.springSecurityFilterChain.doFilter(this.request, this.response, this.chain);
+		assertThat(this.response.getStatus()).isEqualTo(HttpServletResponse.SC_OK);
+	}
+
 	@Test
 	public void securityMatchersWhenMultiMvcMatcherInLambdaThenAllPathsAreDenied() throws Exception {
 		loadConfig(MultiMvcMatcherInLambdaConfig.class);
@@ -430,6 +458,83 @@ String path() {
 
 	}
 
+	@EnableWebSecurity
+	@Configuration
+	@EnableWebMvc
+	@Import(UsersConfig.class)
+	static class SecurityMatcherBuilderBeanConfig {
+
+		@Bean
+		PathPatternRequestMatcherBuilderFactoryBean requestMatcherBuilder() {
+			PathPatternRequestMatcherBuilderFactoryBean bean = new PathPatternRequestMatcherBuilderFactoryBean();
+			bean.setBasePath("/spring");
+			return bean;
+		}
+
+		@Bean
+		SecurityFilterChain appSecurity(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.securityMatcher("/path")
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((authorize) -> authorize
+					.anyRequest().denyAll());
+			// @formatter:on
+			return http.build();
+		}
+
+		@RestController
+		static class PathController {
+
+			@RequestMapping("/path")
+			String path() {
+				return "path";
+			}
+
+		}
+
+	}
+
+	@EnableWebSecurity
+	@Configuration
+	@EnableWebMvc
+	@Import(UsersConfig.class)
+	static class SecurityMatchersBuilderBeanConfig {
+
+		@Bean
+		PathPatternRequestMatcherBuilderFactoryBean requestMatcherBuilder() {
+			PathPatternRequestMatcherBuilderFactoryBean bean = new PathPatternRequestMatcherBuilderFactoryBean();
+			bean.setBasePath("/spring");
+			return bean;
+		}
+
+		@Bean
+		SecurityFilterChain appSecurity(HttpSecurity http) throws Exception {
+			// @formatter:off
+			http
+				.securityMatchers((matchers) -> matchers
+					.requestMatchers("/path")
+				)
+				.httpBasic(withDefaults())
+				.authorizeHttpRequests((authorize) -> authorize
+					.anyRequest().denyAll()
+				);
+			// @formatter:on
+			return http.build();
+		}
+
+		@RestController
+		static class PathController {
+
+			@RequestMapping("/path")
+			String path() {
+				return "path";
+			}
+
+		}
+
+	}
+
 	@Configuration
 	static class UsersConfig {
Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@ public void setApplicationContext(ApplicationContext context) throws BeansExcept`
`70`	`70`	`@Override`
`71`	`71`	`public void afterPropertiesSet() throws Exception {`
`72`	`72`	`if (this.basePath != null) {`
`73`		`- this.builder.basePath(this.basePath);`
	`73`	`+ this.builder = this.builder.basePath(this.basePath);`
`74`	`74`	`}`
`75`	`75`	`}`
`76`	`76`