SpringBoot ServerHttpSecurity.authorizeExchange().pathMatchers(...) doesn't accept reactive EndpointRequest

Originally Reported via spring-projects/spring-security#5002

HttpSecurity.authorizeRequests().requestMatchers(EndpointRequest.to(...)) works fine with org.springframework.security.config.annotation.web.builders.HttpSecurity and org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest.

However, ServerHttpSecurity.authorizeExchange().pathMatchers(EndpointRequest.to(...)) doesn't work with org.springframework.security.config.web.server.ServerHttpSecurity and org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest.

Comment From: wilkinsona

AFAIK, this isn't a bug. org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest will give you a EndpointServerWebExchangeMatcher that is intended for use with ServerHttpSecurity.authorizeExchange().matchers().

Comment From: wilkinsona

There are a couple of examples of the intended usage in the WebFlux security sample.

Comment From: mrdapotts

The problem is caused because there is a org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; and a org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest which have different arguments.

This type of daft issue might be avoid if people included the import list in their example programs