Add Warning Message for Missing Leading Slashes

Closes gh-16020

Author: jzheaux

config/src/main/java/org/springframework/security/config/annotation/web/AbstractRequestMatcherRegistry.java

@@ -199,6 +199,12 @@ public C requestMatchers(RequestMatcher... requestMatchers) {
 	 * @since 5.8
 	 */
 	public C requestMatchers(HttpMethod method, String... patterns) {
+		if (anyPathsDontStartWithLeadingSlash(patterns)) {
+			this.logger.warn("One of the patterns in " + Arrays.toString(patterns)
+					+ " is missing a leading slash. This is discouraged; please include the "
+					+ "leading slash in all your request matcher patterns. In future versions of "
+					+ "Spring Security, leaving out the leading slash will result in an exception.");
+		}
 		if (!mvcPresent) {
 			return requestMatchers(RequestMatchers.antMatchersAsArray(method, patterns));
 		}
@@ -219,6 +225,15 @@ public C requestMatchers(HttpMethod method, String... patterns) {
 		return requestMatchers(matchers.toArray(new RequestMatcher[0]));
 	}
 
+	private boolean anyPathsDontStartWithLeadingSlash(String... patterns) {
+		for (String pattern : patterns) {
+			if (!pattern.startsWith("/")) {
+				return true;
+			}
+		}
+		return false;
+	}
+
 	private RequestMatcher resolve(AntPathRequestMatcher ant, MvcRequestMatcher mvc, ServletContext servletContext) {
 		Map<String, ? extends ServletRegistration> registrations = mappableServletRegistrations(servletContext);
 		if (registrations.isEmpty()) {