diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java index 1de4750a494..0d8ee818d7d 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java @@ -171,7 +171,8 @@ private AuthorizationManager createAuthorizationManager() { Assert.state(this.mappingCount > 0, "At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())"); ObservationRegistry registry = getObservationRegistry(); - RequestMatcherDelegatingAuthorizationManager manager = postProcess(this.managerBuilder.build()); + AuthorizationManager manager = postProcess( + (AuthorizationManager) this.managerBuilder.build()); if (registry.isNoop()) { return manager; } diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java index c2d99042b02..d380703bcdd 100644 --- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java +++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java @@ -153,6 +153,7 @@ public void configureWhenObjectPostProcessorRegisteredThenInvokedOnAuthorization this.spring.register(ObjectPostProcessorConfig.class).autowire(); ObjectPostProcessor objectPostProcessor = this.spring.getContext().getBean(ObjectPostProcessor.class); verify(objectPostProcessor).postProcess(any(RequestMatcherDelegatingAuthorizationManager.class)); + verify(objectPostProcessor).postProcess(any(AuthorizationManager.class)); verify(objectPostProcessor).postProcess(any(AuthorizationFilter.class)); }