Spring Security DefaultSecurityFilterChain: Wrong log message "Will not secure"

Describe the bug Log displays Will not secure ... instead of Will secure ... with ....

To Reproduce Configure a SecurityFilterChain bean and use log level info.

Expected behavior Log shows Will secure ... with ....

The condition here needs to be inverted.

Comment From: linghengqian

In my test of spring security 5.6.2, some SecurityFilterChain​ Beans are also will not secure, while others are will secure. Is DefaultSecurityFilterChain​ class intentional in judging the processing of the filter? I didn't see enough information in the official website documentation.

Comment From: jzheaux

Hi, @linghengqian. If no filters are assigned to that particular request, then Spring Security can do no securing. Typically, this is induced by using web.ignoring() which skips all Spring Security filters for that request.