SpringBoot Combination of UsernamePasswordAuthenticationFilter and form login not working in SB 3.x that worked in SB2

Context

I do use a UsernamePasswordAuthenticationFilter with 3 login parts (tenant, username, password) in combination with a form-based login. This worked perfectly fine in SB2.

When I tried to migrate to SB 3.x the login stopped working at all. I'm unable to login/logout.

Reproducer app

I've extracted the main application parts into a separate project: sb3-filter-problem

The submodule sb2 contains the working SB2 application (2.7.14), while sb3 uses SB 3.2.0-M1. I followed the docs to configure the login. As the way the authenticationManager is wired in changed, I use an my AbstractHttpConfigurer to add the filter. Apart from that a SimpleUrlLogoutSuccessHandler is used to perform actions upon logout.

Further information and quicklinks into the example app can be found in its README

Steps already taken

I already tried to submit a StackOverflow question, but unfortunately no working answers were provided. If I remove the configuration of the form-based login, the app does not show any login screen anymore.

As I'm unable to find any reference to a working example that combines a separate 3-part-login and form-based user authentication I file this issue. Maybe there has been a regression or just a lack of documentation, which my reproducer app may provide.

Thanks for any feedback and I'm willing to contribute my reproducer app in case it helps other users to avoid the problems I'm facing at the moment.

Comment From: wilkinsona

Thanks for the report, but I don't think this is the right place to address this issue. As soon as you define your own security configuration, Spring Boot's auto-configured defaults back off and the behavior is then determined by your configuration and Spring Security which is managed as a separate project.

If you believe you've found a bug or that the documentation could be improved, please open a Spring Security issue. Also, if you do open an issue, please update your Stack Overflow question to make that clear, otherwise someone may waste their time helping your in one place when the problem has already been solved in another.

Comment From: ottlinger

@wilkinsona I've filed https://github.com/spring-projects/spring-security/issues/13620 to see if someone takes the time to play with the reproducer app. Will update the stackoverflow accordingly and with results/solutions to my problem. Thanks.