Currently, the Kotlin DSL for authorizeHttpRequests internally invokes the following static factory methods that should be replaced with calls to AuthorizationManagerFactory:
AuthorityAuthorizationManager.hasAuthority()AuthorityAuthorizationManager.hasAnyRole()IpAddressAuthorizationManager.hasIpAddress()(though this method is not part of AuthorizationManagerFactory so no changes needed here)AuthenticatedAuthorizationManager.authenticated()AuthenticatedAuthorizationManager.fullyAuthenticated()
Additionally, the permitAll and denyAll fields create inline AuthorizationManagers. The DSL doesn't currently appear to directly support anonymous() or rememberMe().
See this comment for context.
Related gh-17585