Exception with (Custom) RestAuthenticationProcessingFilter Ordering

addFilter:

Adds a Filter that must be an instance of or extend one of the Filters provided within the Security framework. The method ensures that the ordering of the Filters is automatically taken care of. The ordering of the Filters is:...

Your filter is not an instance or extend of the Filter within the Security framework.

What you can do however is use addFilterBefore or addFilterAfter.

For example:

addFilterBefore(new RestAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)

You can find the order of the security filter chain in the docs.


Spring defines a sorting rule for security filters, check the constructor org.springframework.security.config.annotation.web.builders.FilterComparator. when you call org.springframework.security.config.annotation.web.builders.HttpSecurity# When addFilter, its method will use org.springframework.security.config.annotation.web.builders.FilterComparator built-in security filter sorting rules to check whether the Filter is registered. When it is not registered, it will throw "does not have a registered order", and it will be resolved. The method is to manually provide the registration order, call org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilterBefore or org.springframework.security.config.annotation.web.builders.HttpSecurity#addFilterAfter to register in a built-in filter Before or after. please chcek the spring security internal filters sort "https://docs.spring.io/spring-security/site/docs/5.4.2/reference/html5/#servlet-security-filters". -- Please forgive me if I can't write well in English.