From 7342218e72677b1300e1ad2f54e93856544fe1e3 Mon Sep 17 00:00:00 2001
From: Scott Murphy Heiberg <scott@alwaysvip.com>
Date: Wed, 23 Oct 2024 00:34:42 -0600
Subject: [PATCH] Fix extensibility issue since
 RequestMatcherDelegatingAuthorizationManager is final and does not expose any
 public methods other than what is available through AuthorizationManager.
 Fixes #15948

---
 .../web/configurers/AuthorizeHttpRequestsConfigurer.java        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
index 42d034b89d2..0087327150b 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
@@ -170,7 +170,7 @@ private AuthorizationManager<HttpServletRequest> createAuthorizationManager() {
 							+ ". Try completing it with something like requestUrls().<something>.hasRole('USER')");
 			Assert.state(this.mappingCount > 0,
 					"At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())");
-			RequestMatcherDelegatingAuthorizationManager manager = postProcess(this.managerBuilder.build());
+			AuthorizationManager<HttpServletRequest> manager = postProcess((AuthorizationManager<HttpServletRequest>) this.managerBuilder.build());
 			return AuthorizeHttpRequestsConfigurer.this.postProcessor.postProcess(manager);
 		}