Spring Security Duplicated filterChain when overriding beans

Summary

Using a war overlay I set the same name attribute for both http beans and it is overridden as expected, but the filter chain is duplicated.

Actual Behavior

I can see in the log the override message:

[INFO] 2019-03-28T11:24:09,501 [localhost-startStop-22] [support.DefaultListableBeanFactory] | Overriding bean definition for bean 'httpSecurity' with a different definition: replacing [Root bean: class [org.springframework.security.web.DefaultSecurityFilterChain]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null] with [Root bean: class [org.springframework.security.web.DefaultSecurityFilterChain]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null]

But the same filterChain object is sent twice in the constructor:

Screen Shot 2019-03-28 at 11 24 55 AM

This causes the following exception:

Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration

Expected Behavior

The bean should be overridden and it should receive only one reference of the filterChain object.

Configuration

I'm overriding the bean by adding the same name to both XML elements:

<security:http name="httpSecurity">
....

Version

Spring Security Core 4.2.7.RELEASE All other Spring modules are 4.3.18.RELEASE

Comment From: jzheaux

@jdrossl, sorry that you didn't get a timely response to this issue. Did you get things sorted out? If not, it would help to have a sample to have a clear idea of what you are trying to accomplish. Any fix would likely go into 5.7.x at the earliest.

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.