Spring Security @Bean SecurityFilterChain is not working in tomcat with xml security configuration files.

Environment :

Spring 5.3.12 Spring Security 5.6.0 Tomcat 9.0

Expected Behavior

@Bean
SecurityFilterChain filterChain(HttpSecurity http) {} should load the config as same as when using WebSecurityConfigurerAdapter with  xml security configuration files.

Current Behavior

@Bean
SecurityFilterChain filterChain(HttpSecurity http) {} is working fine with WebTestClient.

However if I run the application under tomcat after creating war, it seems only applies xml configurations not in the java configuration.

Using WebSecurityConfigurerAdapter with xml security configuration files, it works fine. However it is not working with @Bean SecurityFilterChain + xml security configuration files.

https://github.com/spring-projects/spring-security/issues/10003 https://github.com/spring-projects/spring-security/issues/9451 https://github.com/spring-projects/spring-security/issues/8821

Comment From: marcusdacoregio

Hi @fr2lancer. I'm not so sure if I follow.

Do you mean that when defining a SecurityFilterChain bean, the default configuration is not created? Or do you have a specific configuration inside your bean definition that is not loading?

Comment From: fr2lancer

Hi

To simplify this,

Xml security configuration files with

@EnableWebSecurity
public class Module2SecurityFilterChain

@Bean
SecurityFilterChain filterChain(HttpSecurity http) {
 //content
} 

-> //content is not applied.

Previous behaviors was

Xml security configuration files with

@EnableWebSecurity
public class Module2SecurityFilterChain extends WebSecurityConfigurerAdapter {
 @Override
void configure(HttpSecurity http)
 //content
}

-> //content is applied.

Comment From: marcusdacoregio

Can you provide a minimal, reproducible sample, so we can troubleshoot what is happening more precisely?

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.