Set filterChain position to match default position used by Spring Security. Fixes #1033

codeconsole · codeconsole · commit c7e7725cf7d7 · 2024-10-31T00:04:05.000-07:00
diff --git a/plugin/src/main/groovy/grails/plugin/springsecurity/SpringSecurityCoreGrailsPlugin.groovy b/plugin/src/main/groovy/grails/plugin/springsecurity/SpringSecurityCoreGrailsPlugin.groovy
@@ -57,6 +57,7 @@ import grails.plugins.Plugin
 import grails.util.Metadata
 import groovy.util.logging.Slf4j
 import org.grails.web.mime.HttpServletResponseExtension
+import org.springframework.boot.autoconfigure.security.SecurityProperties
 import org.springframework.boot.web.servlet.FilterRegistrationBean
 import org.springframework.boot.web.servlet.ServletListenerRegistrationBean
 import org.springframework.cache.jcache.JCacheCacheManager
@@ -221,17 +222,7 @@ class SpringSecurityCoreGrailsPlugin extends Plugin {
 			filter = ref('springSecurityFilterChain')
 			urlPatterns = ['/*']
 			dispatcherTypes = EnumSet.of(DispatcherType.ERROR, DispatcherType.REQUEST)
-
-			// The filter chain has to be after grailsWebRequestFilter, but its order changed
-			// in 3.1 (from Ordered.HIGHEST_PRECEDENCE + 30 (-2147483618) to
-			// FilterRegistrationBean.REQUEST_WRAPPER_FILTER_MAX_ORDER + 30 (30))
-			String grailsVersion = Metadata.current.getGrailsVersion()
-			if (grailsVersion.startsWith('3.0')) {
-				order = Ordered.HIGHEST_PRECEDENCE + 100
-			}
-			else {
-				order = 100 // FilterRegistrationBean.REQUEST_WRAPPER_FILTER_MAX_ORDER + 100
-			}
+			order = SecurityProperties.DEFAULT_FILTER_ORDER
 		}
 
 		if (conf.useHttpSessionEventPublisher) {
