Description
This is already the case in WebFlux which can serve as an example. However, in WebFlux there is only one path matching mechanism (parsed PathPatterns), and no other built-in path matching options. By contrast, Spring MVC historically supports String path matching via PathMatcher as well, which comes with various path parsing options on UrlPathHelper. That's in addition to (now deprecated) other built-in path matching options suffix pattern matching.
For applications that use only parsed PathPatterns, and don't have any other built-in path matching options enabled, we should be able to do the same as in WebFlux, but we'll need to expose an easy way for Spring Security to determine if that's the case or not.
In addition, we'll need to expose some support for Spring Security to handling CORS preflight requests with awareness of fine-grained CORS config at the handler level. In WebFlux, DispatcherHandler is a PreFlightHandler and exposed as a bean, which allows Spring Security to find it and use it. We'll need something comparable in Spring MVC.