Spring Security Multiple OncePerRequestFilter alongside Spring security AbstractAuthenticationProcessingFilter works locally - issue in PCF

Summary

Multiple OncePerRequestFilter alongside Spring security AbstractAuthenticationProcessingFilter works locally - issue in PCF

Actual Behavior

I have a requirement to use spring security and also other simple OncePerRequest filter in spring-boot which are not called from spring security. I did remove @Component from non-spring security filters and loading them explicitly in AppConfig as follows:

@Bean
    public FilterRegistrationBean someFilter() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new SomeonNonSecurityFilter(argument-autowired));
        addURLPatterns(filterRegistrationBean);
        filterRegistrationBean.setOrder(Ordered.LOWEST_PRECEDENCE);
        return filterRegistrationBean;
    } 

... 3 more filters with similar code

2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT Caused by: org.springframework.boot.web.server.WebServerException: Unable to start embedded Tomcat 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.initialize(TomcatWebServer.java:125) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.(TomcatWebServer.java:86) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getTomcatWebServer(TomcatServletWebServerFactory.java:417) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory.getWebServer(TomcatServletWebServerFactory.java:176) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.createWebServer(ServletWebServerApplicationContext.java:179) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.onRefresh(ServletWebServerApplicationContext.java:152) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT ... 16 common frames omitted 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT Caused by: java.lang.IllegalArgumentException: Filter must not be null 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.util.Assert.notNull(Assert.java:193) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.servlet.AbstractFilterRegistrationBean.getDescription(AbstractFilterRegistrationBean.java:215) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.servlet.RegistrationBean.onStartup(RegistrationBean.java:48) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.selfInitialize(ServletWebServerApplicationContext.java:238) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.springframework.boot.web.embedded.tomcat.TomcatStarter.onStartup(TomcatStarter.java:54) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5204) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1419) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at java.util.concurrent.FutureTask.run(FutureTask.java:266) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) 2019-02-10T10:44:39.03-0500 [APP/PROC/WEB/0] OUT at java.lang.Thread.run(Thread.java:748) 2019-02-10T10:44:39.41-0500 [APP/PROC/WEB/0] OUT Exit status 1

Expected Behavior

spring-boot bootrun to start and not exit

Configuration

SecurityConfig extends WebConfigurer and has Order(1) in inner adapter class

spring security related code is a separate library and included in main spring boot library and bot of them have 2.0.0.RELEASE spring-boot-starter-web

Version

spring-boot-2.0.0.RELEASE

Sample

Comment From: rwinch

Can you clarify why you think this is an issue with Spring Security vs some other component?

I think you are going to need to provide more details. What version of the buildpack are you using? Can you provide a complete and minimal sample that reproduces the problem?

Comment From: amitsehgal

It was configuration issue