Description
The PathPatternRequestMatcher has been introduced since spring security 6.5.
However the equals() method only takes into account the pattern, while extra criteria exists like method, servlet path.
Shouldn't the equals() and hashCode() be extended to use these extra fields as well ?
This equals() logic might give issues, a dummy example could be to use a websecurity customizer, and
ignore 2 entries e.g. path pattern(/foobar/, HEAD) and path pattern (/foobar/, PUT). Such config can lead to errors
like UnreachableFilterChainException due to duplicates (both have same pattern and http method is ignored).
With an adapted equals() method, these would be seen as different request matchers.
And hence no errors like UnreachableFilterchainException will be raised. Also see some
other implementations like the mvc request matcher that does take into account the method.