Use explicit matchers following Spring Security 6.0.5 upgrade

See gh-36293

Author: philwebb

spring-boot-tests/spring-boot-smoke-tests/spring-boot-smoke-test-actuator-custom-security/src/main/java/smoketest/actuator/customsecurity/SecurityConfiguration.java

@@ -31,6 +31,9 @@
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
 @Configuration(proxyBeanMethods = false)
 public class SecurityConfiguration {
@@ -54,16 +57,18 @@ private UserDetails createUserDetails(String username, String password, String..
 	}
 
 	@Bean
-	SecurityFilterChain configure(HttpSecurity http) throws Exception {
+	SecurityFilterChain configure(HttpSecurity http, HandlerMappingIntrospector handlerMappingIntrospector)
+			throws Exception {
 		http.authorizeHttpRequests((requests) -> {
-			requests.requestMatchers("/actuator/beans").hasRole("BEANS");
+			requests.requestMatchers(new MvcRequestMatcher(handlerMappingIntrospector, "/actuator/beans"))
+				.hasRole("BEANS");
 			requests.requestMatchers(EndpointRequest.to("health")).permitAll();
 			requests.requestMatchers(EndpointRequest.toAnyEndpoint().excluding(MappingsEndpoint.class))
 				.hasRole("ACTUATOR");
 			requests.requestMatchers(PathRequest.toStaticResources().atCommonLocations()).permitAll();
 			requests.requestMatchers("/foo").permitAll();
-			requests.requestMatchers("/error").permitAll();
-			requests.requestMatchers("/**").hasRole("USER");
+			requests.requestMatchers(new AntPathRequestMatcher("/error")).permitAll();
+			requests.requestMatchers(new AntPathRequestMatcher("/**")).hasRole("USER");
 		});
 		http.cors(Customizer.withDefaults());
 		http.httpBasic();