From faa0bd7143914b4cbe54234d92e8dc4a5d3b764c Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Thu, 26 Oct 2017 22:47:42 -0500
Subject: [PATCH] Update WebFilter ordering

Issue: gh-4719
---
 .../config/web/server/SecurityWebFiltersOrder.java   | 12 +++++++++---
 .../config/web/server/ServerHttpSecurity.java        |  4 ++--
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java b/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
index 19c202be7c..c13a4f68bb 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/SecurityWebFiltersOrder.java
@@ -23,8 +23,6 @@ package org.springframework.security.config.web.server;
 public enum SecurityWebFiltersOrder {
 	FIRST(Integer.MIN_VALUE),
 	HTTP_HEADERS_WRITER,
-	SECURITY_CONTEXT_REPOSITORY,
-	LOGIN_PAGE_GENERATING,
 	/**
 	 * Instance of AuthenticationWebFilter
 	 */
@@ -34,8 +32,16 @@ public enum SecurityWebFiltersOrder {
 	 */
 	FORM_LOGIN,
 	AUTHENTICATION,
+	/**
+	 * {@link org.springframework.security.web.server.context.ReactorContextWebFilter}
+	 */
+	REACTOR_CONTEXT,
+	LOGIN_PAGE_GENERATING,
+	/**
+	 * {@link org.springframework.security.web.server.context.SecurityContextServerWebExchangeWebFilter}
+	 */
+	SECURITY_CONTEXT_SERVER_WEB_EXCHANGE,
 	LOGOUT,
-	AUTHENTICATION_CONTEXT,
 	EXCEPTION_TRANSLATION,
 	AUTHORIZATION,
 	LAST(Integer.MAX_VALUE);
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index b412cec85c..1d387d1c0e 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -211,7 +211,7 @@ public class ServerHttpSecurity {
 		if(this.logout != null) {
 			this.logout.configure(this);
 		}
-		this.addFilterAt(new SecurityContextServerWebExchangeWebFilter(), SecurityWebFiltersOrder.AUTHENTICATION_CONTEXT);
+		this.addFilterAt(new SecurityContextServerWebExchangeWebFilter(), SecurityWebFiltersOrder.SECURITY_CONTEXT_SERVER_WEB_EXCHANGE);
 		if(this.authorizeExchangeBuilder != null) {
 			ServerAuthenticationEntryPoint serverAuthenticationEntryPoint = getServerAuthenticationEntryPoint();
 			ExceptionTranslationWebFilter exceptionTranslationWebFilter = new ExceptionTranslationWebFilter();
@@ -262,8 +262,8 @@ public class ServerHttpSecurity {
 		if(repository == null) {
 			return null;
 		}
-		return new OrderedWebFilter(result, SecurityWebFiltersOrder.SECURITY_CONTEXT_REPOSITORY.getOrder());
 		WebFilter result = new ReactorContextWebFilter(repository);
+		return new OrderedWebFilter(result, SecurityWebFiltersOrder.REACTOR_CONTEXT.getOrder());
 	}
 
 	private ServerHttpSecurity() {}