diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java index b340e179a4..5edba70d07 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java @@ -1163,6 +1163,11 @@ public final class HttpSecurity extends * addFilterAt(new CustomFilter(), UsernamePasswordAuthenticationFilter.class) * * + * Registration of multiple Filters in the same location means their ordering is not + * deterministic. More concretely, registering multiple Filters in the same location + * does not override existing Filters. Instead, do not register Filters you do not + * want to uses. + * * @param filter the Filter to register * @param atFilter the location of another {@link Filter} that is already registered * (i.e. known) with Spring Security.