spring-projects
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
Lines changed: 5 additions & 6 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java
Lines changed: 5 additions & 6 deletions
diff --git a/‎config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
Lines changed: 3 additions & 65 deletions b/‎config/src/main/java/org/springframework/security/config/annotation/web/builders/WebSecurity.java
Lines changed: 3 additions & 65 deletions
@@ -54,7 +54,7 @@ public abstract class AbstractRequestMatcherRegistry<C> {
 
 	private ApplicationContext context;
 
-	protected boolean anyRequestConfigured = false;
+	private boolean anyRequestConfigured = false;
 
 	protected final void setApplicationContext(ApplicationContext context) {
 		this.context = context;
@@ -166,8 +166,7 @@ protected final List<MvcRequestMatcher> createMvcMatchers(HttpMethod method, Str
 		if (!this.context.containsBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME)) {
 			throw new NoSuchBeanDefinitionException("A Bean named " + HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME
 					+ " of type " + HandlerMappingIntrospector.class.getName()
-					+ " is required to use MvcRequestMatcher."
-					+ " Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
+					+ " is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.");
 		}
 		HandlerMappingIntrospector introspector = this.context.getBean(HANDLER_MAPPING_INTROSPECTOR_BEAN_NAME,
 				HandlerMappingIntrospector.class);
@@ -267,7 +266,7 @@ public C requestMatchers(RequestMatcher... requestMatchers) {
 	 * @author Rob Winch
 	 * @since 3.2
 	 */
-	public static final class RequestMatchers {
+	private static final class RequestMatchers {
 
 		private RequestMatchers() {
 		}
@@ -280,7 +279,7 @@ private RequestMatchers() {
 		 * from
 		 * @return a {@link List} of {@link AntPathRequestMatcher} instances
 		 */
-		public static List<RequestMatcher> antMatchers(HttpMethod httpMethod, String... antPatterns) {
+		static List<RequestMatcher> antMatchers(HttpMethod httpMethod, String... antPatterns) {
 			String method = (httpMethod != null) ? httpMethod.toString() : null;
 			List<RequestMatcher> matchers = new ArrayList<>();
 			for (String pattern : antPatterns) {
@@ -296,7 +295,7 @@ public static List<RequestMatcher> antMatchers(HttpMethod httpMethod, String...
 		 * from
 		 * @return a {@link List} of {@link AntPathRequestMatcher} instances
 		 */
-		public static List<RequestMatcher> antMatchers(String... antPatterns) {
+		static List<RequestMatcher> antMatchers(String... antPatterns) {
 			return antMatchers(null, antPatterns);
 		}
 
 
@@ -17,7 +17,6 @@
 package org.springframework.security.config.annotation.web.builders;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
 
 import javax.servlet.Filter;
@@ -31,7 +30,6 @@
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
-import org.springframework.core.log.LogMessage;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.access.PermissionEvaluator;
 import org.springframework.security.access.expression.SecurityExpressionHandler;
@@ -62,7 +60,6 @@
 import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.security.web.firewall.RequestRejectedHandler;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
-import org.springframework.security.web.server.restriction.IgnoreRequestMatcher;
 import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcherEntry;
@@ -111,7 +108,7 @@ public final class WebSecurity extends AbstractConfiguredSecurityBuilder<Filter,
 
 	private WebInvocationPrivilegeEvaluator privilegeEvaluator;
 
-	private final DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
+	private DefaultWebSecurityExpressionHandler defaultWebSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
 
 	private SecurityExpressionHandler<FilterInvocation> expressionHandler = this.defaultWebSecurityExpressionHandler;
 
@@ -294,6 +291,8 @@ protected Filter performBuild() throws Exception {
 		List<SecurityFilterChain> securityFilterChains = new ArrayList<>(chainSize);
 		List<RequestMatcherEntry<List<WebInvocationPrivilegeEvaluator>>> requestMatcherPrivilegeEvaluatorsEntries = new ArrayList<>();
 		for (RequestMatcher ignoredRequest : this.ignoredRequests) {
+			WebSecurity.this.logger.warn("You are asking Spring Security to ignore " + ignoredRequest
+					+ ". This is not recommended -- please use permitAll via HttpSecurity#authorizeHttpRequests instead.");
 			SecurityFilterChain securityFilterChain = new DefaultSecurityFilterChain(ignoredRequest);
 			securityFilterChains.add(securityFilterChain);
 			requestMatcherPrivilegeEvaluatorsEntries
@@ -423,8 +422,6 @@ public class IgnoredRequestConfigurer extends AbstractRequestMatcherRegistry<Ign
 		@Override
 		public MvcMatchersIgnoredRequestConfigurer mvcMatchers(HttpMethod method, String... mvcPatterns) {
 			List<MvcRequestMatcher> mvcMatchers = createMvcMatchers(method, mvcPatterns);
-			Arrays.asList(mvcPatterns).stream().forEach((t) -> printWarnSecurityMessage(method, t));
-			mvcMatchers.stream().forEach((t) -> t.ignore());
 			WebSecurity.this.ignoredRequests.addAll(mvcMatchers);
 			return new MvcMatchersIgnoredRequestConfigurer(getApplicationContext(), mvcMatchers);
 		}
@@ -434,38 +431,6 @@ public MvcMatchersIgnoredRequestConfigurer mvcMatchers(String... mvcPatterns) {
 			return mvcMatchers(null, mvcPatterns);
 		}
 
-		/**
-		 * @since 5.5
-		 */
-		@Override
-		public IgnoredRequestConfigurer antMatchers(HttpMethod method) {
-			return antMatchers(method, "/**");
-		}
-
-		/**
-		 * @since 5.5
-		 */
-		@Override
-		public IgnoredRequestConfigurer antMatchers(HttpMethod method, String... antPatterns) {
-			Assert.state(!this.anyRequestConfigured, "Can't configure antMatchers after anyRequest");
-			List<RequestMatcher> antMatchers = RequestMatchers.antMatchers(method, antPatterns);
-			Arrays.asList(antPatterns).stream().forEach((t) -> printWarnSecurityMessage(method, t));
-			antMatchers.stream().forEach((t) -> ((IgnoreRequestMatcher) t).ignore());
-			return chainRequestMatchers(antMatchers);
-		}
-
-		/**
-		 * @since 5.5
-		 */
-		@Override
-		public IgnoredRequestConfigurer antMatchers(String... antPatterns) {
-			Assert.state(!this.anyRequestConfigured, "Can't configure antMatchers after anyRequest");
-			List<RequestMatcher> antMatchers = RequestMatchers.antMatchers(antPatterns);
-			Arrays.asList(antPatterns).stream().forEach((t) -> printWarnSecurityMessage(null, t));
-			antMatchers.stream().forEach((t) -> ((IgnoreRequestMatcher) t).ignore());
-			return chainRequestMatchers(RequestMatchers.antMatchers(antPatterns));
-		}
-
 		@Override
 		protected IgnoredRequestConfigurer chainRequestMatchers(List<RequestMatcher> requestMatchers) {
 			WebSecurity.this.ignoredRequests.addAll(requestMatchers);
@@ -479,33 +444,6 @@ public WebSecurity and() {
 			return WebSecurity.this;
 		}
 
-		/**
-		 * @param method the HttpMethod, it could be null too.
-		 * @param pathPattern the path pattern to be ignored
-		 * @since 5.5
-		 */
-		private void printWarnSecurityMessage(HttpMethod method, String pathPattern) {
-			if (pathPattern.equals("/**")) {
-				WebSecurity.this.logger
-						.warn("**********************************************************************************");
-				if (method != null) {
-					WebSecurity.this.logger.warn(LogMessage.format(
-							"Applying explicit instruction to ignore the '/**' path for the HttpMethod: %s", method));
-					WebSecurity.this.logger.warn("You're disabling practically all the paths for that HttpMethod");
-					WebSecurity.this.logger
-							.warn("Therefore any path for that HttpMethod is completely ignored by Spring Security");
-				}
-				else {
-					WebSecurity.this.logger.warn("Applying explicit instruction to ignore the '/**' path");
-					WebSecurity.this.logger.warn("You're disabling practically all the paths");
-					WebSecurity.this.logger.warn("Therefore any path is completely ignored by Spring Security");
-				}
-				WebSecurity.this.logger.warn("It is not recomended for production");
-				WebSecurity.this.logger
-						.warn("**********************************************************************************");
-			}
-		}
-
 	}
 
 }