Fix MVC Documentation for Kotlin

jzheaux · jzheaux · commit 7b8ff72c4e04 · 2025-01-15T17:45:05.000-07:00
Closes gh-16426
diff --git a/docs/modules/ROOT/pages/servlet/integrations/mvc.adoc b/docs/modules/ROOT/pages/servlet/integrations/mvc.adoc
@@ -199,12 +199,10 @@ We could add additional rules for all the permutations of Spring MVC, but this w
 Fortunately, when using the `requestMatchers` DSL method, Spring Security automatically creates a `MvcRequestMatcher` if it detects that Spring MVC is available in the classpath.
 Therefore, it will protect the same URLs that Spring MVC will match on by using Spring MVC to match on the URL.
 
-One common requirement when using Spring MVC is to specify the servlet path property, for that you can use the `MvcRequestMatcher.Builder` to create multiple `MvcRequestMatcher` instances that share the same servlet path:
+One common requirement when using Spring MVC is to specify the servlet path property.
+
+For Java-based Configuration, you can use the `MvcRequestMatcher.Builder` to create multiple `MvcRequestMatcher` instances that share the same servlet path:
 
-[tabs]
-======
-Java::
-+
 [source,java,role="primary"]
 ----
 @Bean
@@ -219,32 +217,36 @@ public SecurityFilterChain filterChain(HttpSecurity http, HandlerMappingIntrospe
 }
 ----
 
+For Kotlin and XML, this happens when you specify the servlet path for each path like so:
+
+[tabs]
+======
 Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
 @Bean
-open fun filterChain(http: HttpSecurity, introspector: HandlerMappingIntrospector): SecurityFilterChain {
-    val mvcMatcherBuilder = MvcRequestMatcher.Builder(introspector)
+open fun filterChain(http: HttpSecurity): SecurityFilterChain {
     http {
         authorizeHttpRequests {
-            authorize(mvcMatcherBuilder.pattern("/admin"), hasRole("ADMIN"))
-            authorize(mvcMatcherBuilder.pattern("/user"), hasRole("USER"))
+            authorize("/admin/**", "/mvc", hasRole("ADMIN"))
+            authorize("/user/**", "/mvc", hasRole("USER"))
         }
     }
     return http.build()
 }
 ----
-======
 
-The following XML has the same effect:
-
-[source,xml]
+Xml::
++
+[source,xml, role="secondary"]
 ----
 <http request-matcher="mvc">
-	<intercept-url pattern="/admin" access="hasRole('ADMIN')"/>
+	<intercept-url pattern="/admin/**" servlet-path="/mvc" access="hasRole('ADMIN')"/>
+    <intercept-url pattern="/user/**" servlet-path="/mvc" access="hasRole('USER')"/>
 </http>
 ----
+======
 
 [[mvc-authentication-principal]]
 == @AuthenticationPrincipal
