Spring Security only first SecurityFilterChain is processed

Describe the bug If a config contains multiple SecurityFilterChain definitions, only the first definition is processes, all others are ignored.

concerns Spring Security 6 RC1 / Spring Boot 3 RC1

To Reproduce - define 2 endpoints - define 1 SecurityFilterChain per endpoint, permitting access without authentication/authorization - try to access both endpoints

Expected behavior both endpoints are accessible

Sample minimal, reproducible sample.

Comment From: marcusdacoregio

Hello @rrittwag.

As stated in the docs, "Only the first SecurityFilterChain that matches will be invoked". That said, because you didn't specified an http.securityMatcher(...), that SecurityFilterChain will match to every request, see the docs.

I've submitted a PR to your sample to show you how to fix that https://github.com/rrittwag/spring-multi-filterchain/pull/1