Spring Security Logging introduced in version 5.6.2 DefaultSecurityFilterChain conditioning is not correct

Describe the bug This logging was brought in in version 5.6.2 DefaultSecurityFilterChain.java: if (!filters.isEmpty()) { logger.info(LogMessage.format("Will not secure %s", requestMatcher)); } else { logger.info(LogMessage.format("Will secure %s with %s", requestMatcher, filters)); }

To Reproduce Just start a spring boot server with spring security and you will noticed SS will log that an ant pattern is NOT secured when it is.

Expected behavior It should have been: if (filters.isEmpty()) { logger.info(LogMessage.format("Will not secure %s", requestMatcher)); } else { logger.info(LogMessage.format("Will secure %s with %s", requestMatcher, filters)); }

Comment From: jzheaux

Thanks, @steviemo, for reaching out. This is a duplicate of https://github.com/spring-projects/spring-security/issues/10909