org.springframework.security.config.SecurityConfigurationException: Filter requestFilter must implement the Ordered interface

Spring JIRA | Cameron Braid | 9 years ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    I use a org.springframework.web.filter.DelegatingFilterProxy to configure my application filters in my application context. as soon as I add some http://www.springframework.org/schema/security namespace driven security, the following exception occurs : org.springframework.security.config.SecurityConfigurationException: Filter requestFilter must implement the Ordered interface at org.springframework.security.config.HttpSecurityConfigPostProcessor.orderFilters(HttpSecurityConfigPostProcessor.java:186) at org.springframework.security.config.HttpSecurityConfigPostProcessor.configureFilterChain(HttpSecurityConfigPostProcessor.java:146) at org.springframework.security.config.HttpSecurityConfigPostProcessor.postProcessBeanFactory(HttpSecurityConfigPostProcessor.java:47) at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:541) at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:524) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:348) at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:251) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:190) I tracked this down to HttpSecurityConfigPostProcessor.orderFilters using beanFactory.getBeansOfType(Filter.class) Is there a way that HttpSecurityConfigPostProcessor can be configured to deal with only the filters in the spring-security package ?

    Spring JIRA | 9 years ago | Cameron Braid
    org.springframework.security.config.SecurityConfigurationException: Filter requestFilter must implement the Ordered interface
  2. 0

    I use a org.springframework.web.filter.DelegatingFilterProxy to configure my application filters in my application context. as soon as I add some http://www.springframework.org/schema/security namespace driven security, the following exception occurs : org.springframework.security.config.SecurityConfigurationException: Filter requestFilter must implement the Ordered interface at org.springframework.security.config.HttpSecurityConfigPostProcessor.orderFilters(HttpSecurityConfigPostProcessor.java:186) at org.springframework.security.config.HttpSecurityConfigPostProcessor.configureFilterChain(HttpSecurityConfigPostProcessor.java:146) at org.springframework.security.config.HttpSecurityConfigPostProcessor.postProcessBeanFactory(HttpSecurityConfigPostProcessor.java:47) at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:541) at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:524) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:348) at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:251) at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:190) I tracked this down to HttpSecurityConfigPostProcessor.orderFilters using beanFactory.getBeansOfType(Filter.class) Is there a way that HttpSecurityConfigPostProcessor can be configured to deal with only the filters in the spring-security package ?

    Spring JIRA | 9 years ago | Cameron Braid
    org.springframework.security.config.SecurityConfigurationException: Filter requestFilter must implement the Ordered interface

    Root Cause Analysis

    1. org.springframework.security.config.SecurityConfigurationException

      Filter requestFilter must implement the Ordered interface

      at org.springframework.security.config.HttpSecurityConfigPostProcessor.orderFilters()
    2. spring-security-config
      HttpSecurityConfigPostProcessor.postProcessBeanFactory
      1. org.springframework.security.config.HttpSecurityConfigPostProcessor.orderFilters(HttpSecurityConfigPostProcessor.java:186)
      2. org.springframework.security.config.HttpSecurityConfigPostProcessor.configureFilterChain(HttpSecurityConfigPostProcessor.java:146)
      3. org.springframework.security.config.HttpSecurityConfigPostProcessor.postProcessBeanFactory(HttpSecurityConfigPostProcessor.java:47)
      3 frames
    3. Spring Context
      AbstractApplicationContext.refresh
      1. org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:541)
      2. org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:524)
      3. org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:348)
      3 frames
    4. Spring
      ContextLoader.initWebApplicationContext
      1. org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:251)
      2. org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:190)
      2 frames