Polish OAuth2AuthorizationManagers

- Add OAuth2ReactiveAuthorizationManagers
- Code to interfaces
- Align error message with the same in
AuthorityAuthorizationManager
- Adjust expectations in tests to confirm an
appropriately constructed authorizaion manager
- Add JavaDoc and reference documentation

Issue gh-13654

docs/modules/ROOT/pages/reactive/oauth2/resource-server/jwt.adoc

@@ -165,11 +165,13 @@ Java::
 +
 [source,java,role="primary"]
 ----
+import static org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers.hasScope;
+
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		.authorizeExchange(exchanges -> exchanges
-			.pathMatchers("/message/**").hasAuthority("SCOPE_message:read")
+			.pathMatchers("/message/**").access(hasScope("message:read"))
 			.anyExchange().authenticated()
 		)
 		.oauth2ResourceServer(oauth2 -> oauth2
@@ -183,11 +185,13 @@ Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
+import org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers.hasScope
+
 @Bean
 fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
     return http {
         authorizeExchange {
-            authorize("/message/**", hasAuthority("SCOPE_message:read"))
+            authorize("/message/**", hasScope("message:read"))
             authorize(anyExchange, authenticated)
         }
         oauth2ResourceServer {
@@ -682,12 +686,14 @@ Java::
 +
 [source,java,role="primary"]
 ----
+import static org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers.hasScope;
+
 @Bean
 SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
 	http
 		.authorizeExchange(exchanges -> exchanges
-			.mvcMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
-			.mvcMatchers("/messages/**").hasAuthority("SCOPE_messages")
+			.mvcMatchers("/contacts/**").access(hasScope("contacts"))
+			.mvcMatchers("/messages/**").access(hasScope("messages"))
 			.anyExchange().authenticated()
 		)
 		.oauth2ResourceServer(OAuth2ResourceServerSpec::jwt);
@@ -699,12 +705,14 @@ Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
+import org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers.hasScope
+
 @Bean
 fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
     return http {
         authorizeExchange {
-            authorize("/contacts/**", hasAuthority("SCOPE_contacts"))
-            authorize("/messages/**", hasAuthority("SCOPE_messages"))
+            authorize("/contacts/**", hasScope("contacts"))
+            authorize("/messages/**", hasScope("messages"))
             authorize(anyExchange, authenticated)
         }
         oauth2ResourceServer {

docs/modules/ROOT/pages/reactive/oauth2/resource-server/opaque-token.adoc

@@ -214,14 +214,16 @@ Java::
 +
 [source,java,role="primary"]
 ----
+import static org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers.hasScope;
+
 @Configuration
 @EnableWebFluxSecurity
 public class MyCustomSecurityConfiguration {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
             .authorizeExchange(exchanges -> exchanges
-                .pathMatchers("/messages/**").hasAuthority("SCOPE_message:read")
+                .pathMatchers("/messages/**").access(hasScope("message:read"))
                 .anyExchange().authenticated()
             )
             .oauth2ResourceServer(oauth2 -> oauth2
@@ -238,11 +240,13 @@ Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
+import org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers.hasScope
+
 @Bean
 fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
     return http {
         authorizeExchange {
-            authorize("/messages/**", hasAuthority("SCOPE_message:read"))
+            authorize("/messages/**", hasScope("message:read"))
             authorize(anyExchange, authenticated)
         }
         oauth2ResourceServer {
@@ -442,15 +446,17 @@ Java::
 +
 [source,java,role="primary"]
 ----
+import static org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers.hasScope;
+
 @Configuration
 @EnableWebFluxSecurity
 public class MappedAuthorities {
     @Bean
     SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
         http
             .authorizeExchange(exchange -> exchange
-                .pathMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
-                .pathMatchers("/messages/**").hasAuthority("SCOPE_messages")
+                .pathMatchers("/contacts/**").access(hasScope("contacts"))
+                .pathMatchers("/messages/**").access(hasScope("messages"))
                 .anyExchange().authenticated()
             )
             .oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::opaqueToken);
@@ -463,12 +469,14 @@ Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
+import org.springframework.security.oauth2.core.authorization.OAuth2ReactiveAuthorizationManagers.hasScope
+
 @Bean
 fun springSecurityFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
     return http {
         authorizeExchange {
-            authorize("/contacts/**", hasAuthority("SCOPE_contacts"))
-            authorize("/messages/**", hasAuthority("SCOPE_messages"))
+            authorize("/contacts/**", hasScope("contacts"))
+            authorize("/messages/**", hasScope("messages"))
             authorize(anyExchange, authenticated)
         }
         oauth2ResourceServer {

docs/modules/ROOT/pages/servlet/oauth2/resource-server/jwt.adoc

@@ -211,14 +211,16 @@ Java::
 +
 [source,java,role="primary"]
 ----
+import static org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers.hasScope;
+
 @Configuration
 @EnableWebSecurity
 public class MyCustomSecurityConfiguration {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             .authorizeHttpRequests(authorize -> authorize
-                .requestMatchers("/messages/**").hasAuthority("SCOPE_message:read")
+                .requestMatchers("/messages/**").access(hasScope("message:read"))
                 .anyRequest().authenticated()
             )
             .oauth2ResourceServer(oauth2 -> oauth2
@@ -235,14 +237,16 @@ Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
+import org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers.hasScope
+
 @Configuration
 @EnableWebSecurity
 class MyCustomSecurityConfiguration {
     @Bean
     open fun filterChain(http: HttpSecurity): SecurityFilterChain {
         http {
             authorizeRequests {
-                authorize("/messages/**", hasAuthority("SCOPE_message:read"))
+                authorize("/messages/**", hasScope("message:read"))
                 authorize(anyRequest, authenticated)
             }
             oauth2ResourceServer {
@@ -862,15 +866,17 @@ Java::
 +
 [source,java,role="primary"]
 ----
+import static org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers.hasScope;
+
 @Configuration
 @EnableWebSecurity
 public class DirectlyConfiguredJwkSetUri {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             .authorizeHttpRequests(authorize -> authorize
-                .requestMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
-                .requestMatchers("/messages/**").hasAuthority("SCOPE_messages")
+                .requestMatchers("/contacts/**").access(hasScope("contacts"))
+                .requestMatchers("/messages/**").access(hasScope("messages"))
                 .anyRequest().authenticated()
             )
             .oauth2ResourceServer(OAuth2ResourceServerConfigurer::jwt);
@@ -883,15 +889,17 @@ Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
+import org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers.hasScope;
+
 @Configuration
 @EnableWebSecurity
 class DirectlyConfiguredJwkSetUri {
     @Bean
     open fun filterChain(http: HttpSecurity): SecurityFilterChain {
         http {
             authorizeRequests {
-                authorize("/contacts/**", hasAuthority("SCOPE_contacts"))
-                authorize("/messages/**", hasAuthority("SCOPE_messages"))
+                authorize("/contacts/**", hasScope("contacts"))
+                authorize("/messages/**", hasScope("messages"))
                 authorize(anyRequest, authenticated)
             }
             oauth2ResourceServer {

docs/modules/ROOT/pages/servlet/oauth2/resource-server/opaque-token.adoc

@@ -239,14 +239,16 @@ Java::
 +
 [source,java,role="primary"]
 ----
+import static org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers.hasScope;
+
 @Configuration
 @EnableWebSecurity
 public class MyCustomSecurityConfiguration {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             .authorizeHttpRequests(authorize -> authorize
-                .requestMatchers("/messages/**").hasAuthority("SCOPE_message:read")
+                .requestMatchers("/messages/**").access(hasScope("message:read"))
                 .anyRequest().authenticated()
             )
             .oauth2ResourceServer(oauth2 -> oauth2
@@ -263,14 +265,16 @@ Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
+import org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers.hasScope;
+
 @Configuration
 @EnableWebSecurity
 class MyCustomSecurityConfiguration {
     @Bean
     open fun filterChain(http: HttpSecurity): SecurityFilterChain {
         http {
             authorizeRequests {
-                authorize("/messages/**", hasAuthority("SCOPE_message:read"))
+                authorize("/messages/**", hasScope("SCOPE_message:read"))
                 authorize(anyRequest, authenticated)
             }
             oauth2ResourceServer {
@@ -547,15 +551,17 @@ Java::
 +
 [source,java,role="primary"]
 ----
+import static org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers.hasScope;
+
 @Configuration
 @EnableWebSecurity
 public class MappedAuthorities {
     @Bean
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         http
             .authorizeHttpRequests(authorizeRequests -> authorizeRequests
-                .requestMatchers("/contacts/**").hasAuthority("SCOPE_contacts")
-                .requestMatchers("/messages/**").hasAuthority("SCOPE_messages")
+                .requestMatchers("/contacts/**").access(hasScope("contacts"))
+                .requestMatchers("/messages/**").access(hasScope("messages"))
                 .anyRequest().authenticated()
             )
             .oauth2ResourceServer(OAuth2ResourceServerConfigurer::opaqueToken);
@@ -568,15 +574,17 @@ Kotlin::
 +
 [source,kotlin,role="secondary"]
 ----
+import org.springframework.security.oauth2.core.authorization.OAuth2AuthorizationManagers.hasScope
+
 @Configuration
 @EnableWebSecurity
 class MappedAuthorities {
     @Bean
     open fun filterChain(http: HttpSecurity): SecurityFilterChain {
        http {
             authorizeRequests {
-                authorize("/contacts/**", hasAuthority("SCOPE_contacts"))
-                authorize("/messages/**", hasAuthority("SCOPE_messages"))
+                authorize("/contacts/**", hasScope("contacts"))
+                authorize("/messages/**", hasScope("messages"))
                 authorize(anyRequest, authenticated)
             }
            oauth2ResourceServer {