Spring Security Spring-Security.. 5.1.5 RELEASE to Spring -Security.. 5.4.6 breaks security configuration

Summary Updated Spring boot project from 2.1.5 RELEASE to 2.4.5 Version. It automictically updated all Spring Security dependencies from version Spring-Security.. 5.1.5 RELEASE to Spring -Security.. 5.4.6 breaks security configuration

Actual Behavior Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: Can't configure anyRequest after itself at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.3.6.jar:5.3.6] at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653) ~[spring-beans-5.3.6.jar:5.3.6] ... 28 more Caused by: java.lang.IllegalStateException: Can't configure anyRequest after itself at org.springframework.util.Assert.state(Assert.java:76) ~[spring-core-5.3.6.jar:5.3.6] at org.springframework.security.config.annotation.web.AbstractRequestMatcherRegistry.anyRequest(AbstractRequestMatcherRegistry.java:72) ~[spring-security-config-5.4.6.jar:5.4.6] at com.verizon.wfm.nt.config.SecurityConfig.configure(SecurityConfig.java:14) ~[default/:?] at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.getHttp(WebSecurityConfigurerAdapter.java:217) ~[spring-security-config-5.4.6.jar:5.4.6]

Expected Behavior

Working code

@EnableWebSecurity @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter{ @Override protected void configure(HttpSecurity httpSecurity) throws Exception { super.configure(httpSecurity); httpSecurity.authorizeRequests().anyRequest().permitAll(); httpSecurity.csrf().disable(); httpSecurity.headers().frameOptions().disable(); } }

Build to pass

14:39:58.995 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8080"] 14:39:59.008 [main] INFO o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8080 (http) with context path '' 14:39:59.010 [main] INFO c.draughtmaster.core.CoreApplication - Started CoreApplication in 39.016 seconds (JVM running for 39.403) <===========--> 87% EXECUTING [1m 11s]

Comment From: jzheaux

Thanks for getting in touch! It feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.