Spring Security HttpSecurity doesn't allow to addFilterBefore/addFilterAfter with a registered customer filter?

Describe the bug Recently we have upgraded our Spring boot from 2.3 to 2.5 so within this upgrade, Security were upgraded from 5.3.5 to .5.5.0. But after the upgrade, following code stop working and returning NPE from HttpSecurity.addFilterAtOffsetOf

private HttpSecurity addFilterAtOffsetOf(Filter filter, int offset, Class<? extends Filter> registeredFilter) {
        int order = this.filterOrders.getOrder(registeredFilter) + offset;
        this.filters.add(new HttpSecurity.OrderedFilter(filter, order));
        return this;
    }

Our registered filter cannot be found from this.filterOrders and this.filterOrders.getOrder returns null.

My code:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

...

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        JwtAuthenticationFilter jwtAuthenticationFilter = new JwtAuthenticationFilter();
        InternalUserFilter internalUserFilter = new InternalUserFilter(internalApiKey);
...
        http.authorizeRequests()
                ...
                .anyRequest().authenticated().and()
                    .addFilterBefore(internalUserFilter, UsernamePasswordAuthenticationFilter.class)
                    .addFilterAfter(jwtAuthenticationFilter, InternalUserFilter.class)
                ;
    }

}

The NPE comes from the line .addFilterAfter(jwtAuthenticationFilter, InternalUserFilter.class), normally we have already this filter registered by the previous line, but with Spring Security 5.5.0, it doesn't work.

To Reproduce addFilterAfter with a customer registered filter

Expected behavior addFilterAfter/addFilterBefore can works with a customer registered filter

Sample

A link to a GitHub repository with a minimal, reproducible sample.

Reports that include a sample will take priority over reports that do not. At times, we may require a sample, so it is good to try and include a sample up front.

Comment From: klabast

same issue? due for 5.5.1...

https://github.com/spring-projects/spring-security/issues/9906

Comment From: marcusdacoregio

Hi @yktd26, this is a duplicate of #9787. The issue was solved and backported to the previous versions up to 5.2.x. The 5.5.1 version will be released on June 21st, but until there you can use the version 5.5.1-SNAPSHOT of Spring Security to prevent this error from happening.

I'm closing this as duplicate but feel free to discuss anything else here.