Add Both Config names to duplicate WebSecurityConfigurer order

Previously the error message when multiple WebSecurityConfigurer with the same Order did not include both WebSecurityConfigurer classes that were involved in the duplicate Order. This made resolving errors difficult. This commit ensures both WebSecurityConfigurers are include in the error message. Fixes gh-3380
spring-projects · Mar 11, 2016 · 35eff94 · 35eff94
1 parent e33e21f
commit 35eff94
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/...pringframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java b/...pringframework/security/config/annotation/web/configuration/WebSecurityConfiguration.java
@@ -142,15 +142,17 @@ public void setFilterChainProxySecurityConfigurer(
 		Collections.sort(webSecurityConfigurers, AnnotationAwareOrderComparator.INSTANCE);
 
 		Integer previousOrder = null;
+		Object previousConfig = null;
 		for (SecurityConfigurer<Filter, WebSecurity> config : webSecurityConfigurers) {
 			Integer order = AnnotationAwareOrderComparator.lookupOrder(config);
 			if (previousOrder != null && previousOrder.equals(order)) {
 				throw new IllegalStateException(
 						"@Order on WebSecurityConfigurers must be unique. Order of "
-								+ order + " was already used, so it cannot be used on "
+								+ order + " was already used on " + previousConfig + ", so it cannot be used on "
 								+ config + " too.");
 			}
 			previousOrder = order;
+			previousConfig = config;
 		}
 		for (SecurityConfigurer<Filter, WebSecurity> webSecurityConfigurer : webSecurityConfigurers) {
 			webSecurity.apply(webSecurityConfigurer);

diff --git a/...amework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy b/...amework/security/config/annotation/web/configuration/WebSecurityConfigurationTests.groovy
@@ -33,6 +33,7 @@ import org.springframework.security.config.annotation.BaseSpringSpec
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
 import org.springframework.security.config.annotation.web.builders.HttpSecurity
 import org.springframework.security.config.annotation.web.builders.WebSecurity
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurationTests.DuplicateOrderConfig;
 import org.springframework.security.web.FilterChainProxy
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator
@@ -136,6 +137,8 @@ class WebSecurityConfigurationTests extends BaseSpringSpec {
 		then:
 			BeanCreationException e = thrown()
 			e.message.contains "@Order on WebSecurityConfigurers must be unique"
+			e.message.contains DuplicateOrderConfig.WebConfigurer1.class.name
+			e.message.contains DuplicateOrderConfig.WebConfigurer2.class.name
 	}