From bf6b1635273b1589cd9207eb871d8e09086a166a Mon Sep 17 00:00:00 2001
From: Scott Murphy Heiberg <scott@alwaysvip.com>
Date: Wed, 23 Oct 2024 13:29:18 -0600
Subject: [PATCH] Make RequestMatcherDelegatingAuthorizationManager
 Post-Processable

Closes gh-15978
---
 .../web/configurers/AuthorizeHttpRequestsConfigurer.java       | 3 ++-
 .../web/configurers/AuthorizeHttpRequestsConfigurerTests.java  | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
index 1de4750a494..0d8ee818d7d 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
@@ -171,7 +171,8 @@ private AuthorizationManager<HttpServletRequest> createAuthorizationManager() {
 			Assert.state(this.mappingCount > 0,
 					"At least one mapping is required (for example, authorizeHttpRequests().anyRequest().authenticated())");
 			ObservationRegistry registry = getObservationRegistry();
-			RequestMatcherDelegatingAuthorizationManager manager = postProcess(this.managerBuilder.build());
+			AuthorizationManager<HttpServletRequest> manager = postProcess(
+					(AuthorizationManager<HttpServletRequest>) this.managerBuilder.build());
 			if (registry.isNoop()) {
 				return manager;
 			}
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
index c2d99042b02..d380703bcdd 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurerTests.java
@@ -153,6 +153,7 @@ public void configureWhenObjectPostProcessorRegisteredThenInvokedOnAuthorization
 		this.spring.register(ObjectPostProcessorConfig.class).autowire();
 		ObjectPostProcessor objectPostProcessor = this.spring.getContext().getBean(ObjectPostProcessor.class);
 		verify(objectPostProcessor).postProcess(any(RequestMatcherDelegatingAuthorizationManager.class));
+		verify(objectPostProcessor).postProcess(any(AuthorizationManager.class));
 		verify(objectPostProcessor).postProcess(any(AuthorizationFilter.class));
 	}