diff --git a/src/main/java/org/joinfaces/example/SecurityConfig.java b/src/main/java/org/joinfaces/example/SecurityConfig.java
index 8da26014..4e5a5e41 100644
--- a/src/main/java/org/joinfaces/example/SecurityConfig.java
+++ b/src/main/java/org/joinfaces/example/SecurityConfig.java
@@ -22,6 +22,7 @@
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Scope;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.core.userdetails.User;
@@ -29,6 +30,9 @@
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.servlet.util.matcher.MvcRequestMatcher;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.servlet.handler.HandlerMappingIntrospector;
 
 /**
  * Spring Security Configuration.
@@ -45,24 +49,23 @@ public class SecurityConfig {
 	 **/
 	@SuppressFBWarnings("SPRING_CSRF_PROTECTION_DISABLED")
 	@Bean
-	public SecurityFilterChain configure(HttpSecurity http) {
+	public SecurityFilterChain configure(HttpSecurity http, MvcRequestMatcher.Builder mvc) {
 		try {
-			http.csrf().disable();
+			http.csrf((csrf) -> csrf.disable());
 			http
 				.authorizeHttpRequests((authorize) -> authorize
-				.requestMatchers("/").permitAll()
-				.requestMatchers("/**.jsf").permitAll()
-				.requestMatchers("/jakarta.faces.resource/**").permitAll()
+				.requestMatchers(mvc.pattern("/")).permitAll()
+				.requestMatchers(new AntPathRequestMatcher("/**.faces")).permitAll()
+				.requestMatchers(new AntPathRequestMatcher("/jakarta.faces.resource/**")).permitAll()
 				.anyRequest().authenticated())
-				.formLogin()
-				.loginPage("/login.jsf")
-				.permitAll()
-				.failureUrl("/login.jsf?error=true")
-				.defaultSuccessUrl("/starter.jsf")
-				.and()
-				.logout()
-				.logoutSuccessUrl("/login.jsf")
-				.deleteCookies("JSESSIONID");
+				.formLogin((formLogin) ->
+					formLogin.loginPage("/login.faces")
+					.permitAll()
+					.failureUrl("/login.faces?error=true")
+					.defaultSuccessUrl("/starter.faces"))
+				.logout((logout) ->
+					.logoutSuccessUrl("/login.faces")
+					.deleteCookies("JSESSIONID"));
 			return http.build();
 		}
 		catch (Exception ex) {
@@ -70,6 +73,12 @@ public SecurityFilterChain configure(HttpSecurity http) {
 		}
 	}
 
+	@Scope("prototype")
+	@Bean
+	MvcRequestMatcher.Builder mvc(HandlerMappingIntrospector introspector) {
+		return new MvcRequestMatcher.Builder(introspector);
+	}
+
 	/**
 	 * UserDetailsService that configures an in-memory users store.
 	 * @param applicationUsers - autowired users from the application.yml file